Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her

Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her


Log-Analyse und Auswertung: Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.05.2014, 10:53   #1
Nachtvogel
 
Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her - Standard

Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her


Hi,

ich habe seit einigen Wochen das Problem, dass Antivir mir einen Bitcoin-Virus anzeigt. Dieser kommt bei jedem Neustart wieder.
Pfad : D:\Nachtvogel\AppData\Local\Temp\64\wincpu.exe

FRST-Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Nachtvogel (administrator) on NACHTVOGEL-PC on 27-05-2014 11:22:16
Running from C:\Users\Nachtvogel\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CyberLink Corp.) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Logitech, Inc.) D:\Programme\Logitech\SetPoint\SetPoint.exe
(CyberLink) D:\Programme\CyberLink Blue-ray\Power2Go\CLMLSvc.exe
(CyberLink Corp.) D:\Programme\CyberLink Blue-ray\PowerDVD8\PDVD8Serv.exe
() D:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2-ui.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Mozilla Corporation) D:\Programme\Firefox\firefox.exe
(Mozilla Corporation) D:\Programme\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [MDS_Menu] => D:\Programme\CyberLink Blue-ray\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => D:\Programme\CyberLink Blue-ray\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => D:\Programme\CyberLink Blue-ray\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => D:\Programme\CyberLink Blue-ray\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => D:\Programme\CyberLink Blue-ray\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => D:\Programme\CyberLink Blue-ray\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => D:\Programme\CyberLink Blue-ray\lgfw.exe [27760 2012-07-19] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] => D:\Programme\CyberLink Blue-ray\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [501544 2012-01-02] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => D:\Programme\Power DVD 12\PowerDVD12\PowerDVD12Agent.exe [371256 2012-01-12] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-08-29] ()
HKLM-x32\...\Run: [DivXMediaServer] => D:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2030750677-1802131579-802186434-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2030750677-1802131579-802186434-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Nachtvogel\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-2030750677-1802131579-802186434-1000\...\Run: [wm] => C:\Users\Nachtvogel\AppData\Local\Temp\wm.exe [5890048 2014-05-02] () <===== ATTENTION
HKU\S-1-5-21-2030750677-1802131579-802186434-1000\...\MountPoints2: {977326df-45fa-11e1-95c4-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-2030750677-1802131579-802186434-1000\...\MountPoints2: {b8ad4338-6ec4-11e2-987f-1c6f65902373} - F:\Autorun.exe
AppInit_DLLs-x32:  => "" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
ShortcutTarget: Logitech Desktop Messenger.lnk -> D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=hp&installDate=06/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFBA0331310DACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=152
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -  No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default
FF NewTab: about:blank
FF Homepage: hxxp://www.spox.com/de/index.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nachtvogel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\user.js
FF Extension: Adblock Plus - C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-23]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CLHNServiceForPowerDVD12; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
S3 DAUpdaterSvc; D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-03] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-01-23] ()
R1 ISODrive; D:\Programme\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] ()
R2 ntk_PowerDVD12; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-08-27] (Samsung Electronics)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; D:\Programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; D:\Programme\CyberLink Blue-ray\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 11:22 - 2014-05-27 11:23 - 00018509 _____ () C:\Users\Nachtvogel\Desktop\FRST.txt
2014-05-27 11:21 - 2014-05-27 11:21 - 00380416 _____ () C:\Users\Nachtvogel\Desktop\Gmer-19357.exe
2014-05-27 11:10 - 2014-05-27 11:22 - 00000000 ____D () C:\FRST
2014-05-27 11:08 - 2014-05-27 11:08 - 02066944 _____ (Farbar) C:\Users\Nachtvogel\Desktop\FRST64.exe
2014-05-26 18:50 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA Corporation
2014-05-26 18:50 - 2014-04-30 20:27 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-26 18:50 - 2014-04-30 20:26 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-26 18:49 - 2014-05-26 18:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 18:49 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-26 18:47 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 18:47 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-26 18:47 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-26 18:46 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-26 18:46 - 2014-03-31 18:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-05-26 18:46 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-26 17:56 - 2014-05-26 18:11 - 333878864 _____ (NVIDIA Corporation) C:\Users\Nachtvogel\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-05-25 16:49 - 2014-05-26 18:49 - 00000294 _____ () C:\Windows\Tasks\DLL-Files FixerASKUSER.job
2014-05-25 16:49 - 2014-05-25 16:49 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL
2014-05-25 16:48 - 2014-05-27 10:52 - 00003112 _____ () C:\Windows\System32\Tasks\RDReminder
2014-05-25 16:48 - 2014-05-26 10:58 - 00000302 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2014-05-25 16:48 - 2014-05-26 10:58 - 00000286 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2014-05-25 16:48 - 2014-05-25 16:48 - 00003062 _____ () C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates
2014-05-25 16:48 - 2014-05-25 16:48 - 00003048 _____ () C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY
2014-05-25 16:48 - 2014-05-25 16:48 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\dll-files.com
2014-05-25 16:48 - 2014-05-25 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2014-05-25 16:48 - 2014-05-25 16:48 - 00000000 ____D () C:\Program Files (x86)\Dll-Files.com Fixer
2014-05-25 16:48 - 2014-02-13 17:56 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2014-05-15 02:23 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 02:23 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 02:23 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 02:23 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 02:23 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 02:23 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 16:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 16:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 16:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 16:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 16:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 16:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 16:27 - 2014-05-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-06 08:36 - 2014-05-15 12:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 22:33 - 2014-04-18 17:33 - 03692032 _____ () C:\Users\Nachtvogel\Desktop\Wasteland 2 beta Build 39052 Trainer +6 MrAntiFun.EXE
2014-05-05 22:22 - 2014-05-05 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-04 22:25 - 2014-05-11 03:50 - 00021157 _____ () C:\Users\Nachtvogel\Desktop\Abschied.odt
2014-04-29 02:02 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA
2014-04-28 13:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-28 13:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-28 13:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-28 13:37 - 2014-04-28 13:37 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 00:28 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse Advertising
2014-04-28 00:25 - 2014-04-28 00:25 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse
2014-04-28 00:24 - 2014-05-01 18:18 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\WM
2014-04-28 00:23 - 2014-04-28 00:24 - 00000000 ____D () C:\wm

==================== One Month Modified Files and Folders =======

2014-05-27 11:23 - 2014-05-27 11:22 - 00018509 _____ () C:\Users\Nachtvogel\Desktop\FRST.txt
2014-05-27 11:22 - 2014-05-27 11:10 - 00000000 ____D () C:\FRST
2014-05-27 11:21 - 2014-05-27 11:21 - 00380416 _____ () C:\Users\Nachtvogel\Desktop\Gmer-19357.exe
2014-05-27 11:11 - 2012-03-29 17:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 11:08 - 2014-05-27 11:08 - 02066944 _____ (Farbar) C:\Users\Nachtvogel\Desktop\FRST64.exe
2014-05-27 10:54 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 10:54 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 10:52 - 2014-05-25 16:48 - 00003112 _____ () C:\Windows\System32\Tasks\RDReminder
2014-05-27 10:51 - 2012-01-23 21:46 - 01108947 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 10:50 - 2013-11-14 15:34 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\LogMeIn Hamachi
2014-05-27 10:50 - 2012-01-23 22:08 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-05-27 10:46 - 2012-01-23 22:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-27 10:46 - 2012-01-23 22:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-27 10:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 10:46 - 2009-07-14 06:51 - 00123169 _____ () C:\Windows\setupact.log
2014-05-27 01:53 - 2012-03-01 22:35 - 00000000 ____D () C:\Users\Nachtvogel\Documents\My Games
2014-05-26 18:50 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA Corporation
2014-05-26 18:50 - 2014-04-29 02:02 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-26 18:49 - 2014-05-26 18:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 18:49 - 2014-05-25 16:49 - 00000294 _____ () C:\Windows\Tasks\DLL-Files FixerASKUSER.job
2014-05-26 18:49 - 2012-05-22 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-26 18:11 - 2014-05-26 17:56 - 333878864 _____ (NVIDIA Corporation) C:\Users\Nachtvogel\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-05-26 10:58 - 2014-05-25 16:48 - 00000302 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2014-05-26 10:58 - 2014-05-25 16:48 - 00000286 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2014-05-25 16:49 - 2014-05-25 16:49 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL
2014-05-25 16:48 - 2014-05-25 16:48 - 00003062 _____ () C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates
2014-05-25 16:48 - 2014-05-25 16:48 - 00003048 _____ () C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY
2014-05-25 16:48 - 2014-05-25 16:48 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\dll-files.com
2014-05-25 16:48 - 2014-05-25 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2014-05-25 16:48 - 2014-05-25 16:48 - 00000000 ____D () C:\Program Files (x86)\Dll-Files.com Fixer
2014-05-24 19:27 - 2014-03-15 15:13 - 00022570 _____ () C:\Users\Nachtvogel\Desktop\Honvad Budapest Spielerentwicklung.ods
2014-05-20 04:44 - 2014-05-26 18:47 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-26 18:47 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-20 04:44 - 2014-05-26 18:47 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-20 04:44 - 2013-03-27 15:39 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2013-03-27 15:39 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2012-05-22 18:12 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-05-20 04:44 - 2012-05-22 18:12 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 04:44 - 2012-01-23 22:27 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 04:44 - 2010-07-10 00:38 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2010-07-10 00:38 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2010-07-09 17:17 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-26 18:49 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 23:41 - 2012-12-29 20:53 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Skype
2014-05-15 19:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 12:09 - 2012-01-23 21:53 - 00000000 ___RD () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 12:09 - 2012-01-23 21:53 - 00000000 ___RD () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 12:06 - 2014-05-06 08:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 02:22 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 02:21 - 2012-01-24 00:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 01:49 - 2012-05-22 18:13 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 16:27 - 2014-05-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-13 21:16 - 2012-03-29 17:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:16 - 2012-03-29 17:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:16 - 2012-01-24 22:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-11 03:50 - 2014-05-04 22:25 - 00021157 _____ () C:\Users\Nachtvogel\Desktop\Abschied.odt
2014-05-09 08:14 - 2014-05-14 16:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 16:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 23:56 - 2012-01-23 22:34 - 00000000 ____D () C:\ProgramData\DivX
2014-05-06 06:40 - 2014-05-15 02:23 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 02:23 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 02:23 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 02:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 22:22 - 2014-05-05 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-04 07:33 - 2012-01-23 22:12 - 00000341 _____ () C:\Windows\lgfwup.ini
2014-05-03 12:13 - 2014-02-17 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-01 18:18 - 2014-04-28 00:24 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\WM
2014-04-30 20:27 - 2014-05-26 18:50 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-30 20:26 - 2014-05-26 18:50 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-29 02:08 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-29 02:08 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-29 02:08 - 2009-07-14 07:13 - 00905710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 02:01 - 2012-01-23 22:22 - 00355974 _____ () C:\Windows\PFRO.log
2014-04-28 13:37 - 2014-04-28 13:37 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 00:28 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse Advertising
2014-04-28 00:25 - 2014-04-28 00:25 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse
2014-04-28 00:24 - 2014-04-28 00:23 - 00000000 ____D () C:\wm

Files to move or delete:
====================
C:\Users\Nachtvogel\AppData\Local\Temp\wm.exe


Some content of TEMP:
====================
C:\Users\Angmar\AppData\Local\Temp\AskSLib.dll
C:\Users\Angmar\AppData\Local\Temp\COMAP.EXE
C:\Users\Angmar\AppData\Local\Temp\DivXSetup.exe
C:\Users\Angmar\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Angmar\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Angmar\AppData\Local\Temp\Gw2.exe
C:\Users\Angmar\AppData\Local\Temp\i4jdel0.exe
C:\Users\Angmar\AppData\Local\Temp\Nexus%20Mod%20Manager-0.31.2.exe
C:\Users\Angmar\AppData\Local\Temp\uninstaller-2144.exe
C:\Users\Angmar\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Nachtvogel\AppData\Local\Temp\avgnt.exe
C:\Users\Nachtvogel\AppData\Local\Temp\DivXSetup.exe
C:\Users\Nachtvogel\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Nachtvogel\AppData\Local\Temp\DTLite4481-0347.exe
C:\Users\Nachtvogel\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Nachtvogel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nachtvogel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nachtvogel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Nachtvogel\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\Nachtvogel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Nachtvogel\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Nachtvogel\AppData\Local\Temp\nvStInst.exe
C:\Users\Nachtvogel\AppData\Local\Temp\rootsupd.exe
C:\Users\Nachtvogel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nachtvogel\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Nachtvogel\AppData\Local\Temp\uninst1.exe
C:\Users\Nachtvogel\AppData\Local\Temp\wm.exe
C:\Users\Nachtvogel\AppData\Local\Temp\_is2895.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-20 00:38

==================== End Of Log ============================
------

Addition-File:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Nachtvogel at 2014-05-27 11:23:30
Running from C:\Users\Nachtvogel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ActiveState ActivePython 2.7.5.6 (32-bit) (HKLM-x32\...\{4D22D7B3-AF9C-424C-B6AF-E88D2365A127}) (Version: 2.7.6 - ActiveState Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8900 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
ArtMoney SE v7.40 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.40 - System SoftLab)
AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Baldur's Gate (HKLM-x32\...\Baldur's Gate) (Version:  - )
Baldur's Gate II: Enhanced Edition (HKLM-x32\...\Steam App 257350) (Version:  - Beamdog)
Baldurs Gate(TM) II - Thron des Bhaal (TM) (HKLM-x32\...\{5B09F344-4406-11D5-96E8-0050BA84F5F7}) (Version:  - )
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version:  - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3102 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3102 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3224 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3224 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.1312.54 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.3228 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1520 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1520 - CyberLink Corp.) Hidden
DayZ Commander (HKLM-x32\...\{E913F678-7BAC-4C3D-A8ED-C19E13D3BAD0}) (Version: 0.9.80 - Dotjosh Studios)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live PSG) (Version:  - Sony Online Entertainment)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.48.5 - Electronic Arts)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.8.1 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Divinity II - Ego Draconis (HKLM-x32\...\Divinity II - Ego Draconis_is1) (Version:  - dtp)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 1.2.1241.10 - Infernum Productions AG)
Drakensang (HKLM-x32\...\Drakensang_is1) (Version:  - dtp)
EA Installer (HKLM-x32\...\EA Installer.-183224887) (Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - Amplitude Studios)
erLT (x32 Version: 1.12.0117 - Logitech, Inc.) Hidden
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
Fallout 2 (HKLM-x32\...\Fallout 2) (Version:  - )
Fallout 2 (HKLM-x32\...\Fallout 2_is1) (Version:  - GOG.com)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.2.0.0 - Electronic Arts)
FMRTE 13.3.3.62 (HKLM\...\{13416834-B10B-4DD4-8213-C8D66A157D7E}_is1) (Version: 13.3.3.62 - Raul Bravo)
FO2 Restoration Project 2.3.2 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version:  - killap)
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version:  - Sports Interactive)
Football Manager 2013 Editor (HKLM-x32\...\Steam App 220600) (Version:  - Sports Interactive)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.114 - Foxit Corporation)
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.3 - Electronic Arts)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.3.0 - Electronic Arts)
Game of Thrones Version 1.4.2.0 (HKLM-x32\...\AGOT_is1) (Version: 1.4.2.0 - Cyanide)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - )
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Logitech Desktop Messenger (HKLM-x32\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.56.102 - Logitech, Inc.)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
MegaTrainer eXperience V1.2.1.8 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy ds3 driver version 0.5.0002 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.5.0002 - www.motioninjoy.com)
Mozilla Firefox 29.0.1 (x86 de) (HKCU\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Firefox 9.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 9.0.1 (x86 de)) (Version: 9.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Neverwinter (HKLM-x32\...\Neverwinter) (Version:  - Cryptic Studios)
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.31.2 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Blender (HKLM-x32\...\PDF Blender) (Version:  - )
Play withSIX (HKLM-x32\...\{8E634921-4547-4CA9-AF79-08B735431C12}) (Version: 1.00.0096 - SIX Networks)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: 1.0.0.0 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - Square Enix)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SopCast 3.4.8 (HKLM-x32\...\SopCast) (Version: 3.4.8 - www.sopcast.com)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - )
Wartung Samsung ML-2525W Series (HKLM-x32\...\Samsung ML-2525W Series) (Version:  - Samsung Electronics CO.,LTD)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
X-COM: Apocalypse (HKLM-x32\...\Steam App 7660) (Version:  - MicroProse Software, Inc)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08849517-777D-4C90-9D7A-A0BA24F0C82F} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-02-13] (Dll-FIles.Com)
Task: {30C31C62-D27C-454C-8CCC-09BACE6D9320} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {6058E528-5261-4521-B7DE-87EEE4BD3F03} - System32\Tasks\{89E67290-AA7B-4FAE-BD61-B155609C58A0} => D:\Spiele\Fallout2\fallout2.exe
Task: {7EB0470E-150E-4646-BB5A-C7E9A712A832} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-02-13] (Dll-FIles.Com)
Task: {7F521955-1A20-4C0D-AC79-58B3EA43AD01} - System32\Tasks\DLL-Files FixerASKUSER => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-02-13] (Dll-FIles.Com)
Task: {9627E88C-B5A6-4CEE-BEE3-9C039451F0DB} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {A5507623-7E63-458B-BC65-CA1265D8D6A2} - System32\Tasks\{9BAA2407-91B0-44D4-A7D8-6AB61BC65566} => D:\Spiele\Fallout2\fallout2.exe
Task: {C6DD8C85-FF88-4238-8740-53D32DBD24E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {CCA52F8D-5FB8-4BBF-9FF7-F5F985776134} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-02-13] (Dll-FIles.Com)
Task: {F3970FD4-3B86-4036-88E3-23438C34223F} - System32\Tasks\{0C0411B5-C616-4A73-B77C-340C6F53DD7D} => D:\Spiele\Age of Empires II\age2_x1\age2_x1.exe [2000-08-08] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DLL-Files FixerASKUSER.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 09:48 - 2011-06-22 09:48 - 00034304 _____ () C:\Windows\System32\ssp6ml6.dll
2012-02-01 23:58 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-23 22:21 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2012-01-23 22:18 - 2010-01-19 04:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2012-12-03 19:13 - 2012-12-03 19:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-23 22:08 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2012-01-23 23:40 - 2012-01-09 20:44 - 00193536 _____ () D:\Programme\WinRar\rarext64.dll
2012-01-23 21:57 - 2008-05-02 05:00 - 00077824 _____ () D:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
2013-08-07 15:17 - 2009-08-29 05:37 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-08-07 15:17 - 2009-07-17 00:24 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2013-03-27 15:55 - 2013-01-25 10:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-01-23 22:21 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2012-01-23 21:59 - 2012-01-23 21:59 - 00064664 _____ () D:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.87-8876480SL\Program\clntutil.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00619816 ____N () D:\Programme\CyberLink Blue-ray\Power2Go\CLMediaLibrary.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00013096 ____N () D:\Programme\CyberLink Blue-ray\Power2Go\CLMLSvcPS.dll
2012-07-18 23:55 - 2012-01-02 04:21 - 00374056 _____ () D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-10 04:47 - 2014-05-10 04:47 - 03839088 _____ () D:\Programme\Firefox\mozjs.dll
2014-05-13 21:16 - 2014-05-13 21:16 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2014 01:53:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dosbox.exe, Version: 0.72.0.0, Zeitstempel: 0x46d1bcb8
Name des fehlerhaften Moduls: dosbox.exe, Version: 0.72.0.0, Zeitstempel: 0x46d1bcb8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000df0e2
ID des fehlerhaften Prozesses: 0x15a4
Startzeit der fehlerhaften Anwendung: 0xdosbox.exe0
Pfad der fehlerhaften Anwendung: dosbox.exe1
Pfad des fehlerhaften Moduls: dosbox.exe2
Berichtskennung: dosbox.exe3

Error: (05/26/2014 05:05:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/26/2014 05:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/26/2014 05:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/26/2014 05:02:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/24/2014 11:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 13.3.3.31972, Zeitstempel: 0x514c8b4d
Name des fehlerhaften Moduls: fm.exe, Version: 13.3.3.31972, Zeitstempel: 0x514c8b4d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x014dbcc0
ID des fehlerhaften Prozesses: 0x1170
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3

Error: (05/24/2014 10:15:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 13.3.3.31972, Zeitstempel: 0x514c8b4d
Name des fehlerhaften Moduls: fm.exe, Version: 13.3.3.31972, Zeitstempel: 0x514c8b4d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x014dbcc0
ID des fehlerhaften Prozesses: 0x9f0
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3

Error: (05/24/2014 01:50:38 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/24/2014 01:50:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/24/2014 01:50:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (05/27/2014 10:46:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2014 10:46:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2014 02:15:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/27/2014 02:15:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (05/27/2014 02:14:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2014 02:14:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2014 02:14:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎05.‎2014 um 02:12:35 unerwartet heruntergefahren.

Error: (05/26/2014 11:01:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/26/2014 11:01:04 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/26/2014 10:58:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (05/27/2014 01:53:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dosbox.exe0.72.0.046d1bcb8dosbox.exe0.72.0.046d1bcb8c0000005000df0e215a401cf7936c20c25eeD:\Programme\Steam\steamapps\common\XCom Apocalypse\dosbox.exeD:\Programme\Steam\steamapps\common\XCom Apocalypse\dosbox.exede1f297d-e530-11e3-a9f2-1c6f65902373

Error: (05/26/2014 05:05:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: d:\Spiele\fußball manager 2012\MsiCofire.dlld:\Spiele\fußball manager 2012\MsiCofire.dll2

Error: (05/26/2014 05:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestd:\Spiele\enemy territory - quake wars\lite server\serverlauncher.exe

Error: (05/26/2014 05:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestd:\Spiele\enemy territory - quake wars\serverlauncher.exe

Error: (05/26/2014 05:02:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/24/2014 11:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe13.3.3.31972514c8b4dfm.exe13.3.3.31972514c8b4dc0000005014dbcc0117001cf77911209a183D:\Programme\Steam\steamapps\common\Football Manager 2013\fm.exeD:\Programme\Steam\steamapps\common\Football Manager 2013\fm.exee66e0d66-e38a-11e3-98f2-1c6f65902373

Error: (05/24/2014 10:15:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe13.3.3.31972514c8b4dfm.exe13.3.3.31972514c8b4dc0000005014dbcc09f001cf776394ef1fdbD:\Programme\Steam\steamapps\common\Football Manager 2013\fm.exeD:\Programme\Steam\steamapps\common\Football Manager 2013\fm.exe215d2802-e380-11e3-98f2-1c6f65902373

Error: (05/24/2014 01:50:38 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: d:\Spiele\fußball manager 2012\MsiCofire.dlld:\Spiele\fußball manager 2012\MsiCofire.dll2

Error: (05/24/2014 01:50:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestd:\Spiele\enemy territory - quake wars\lite server\serverlauncher.exe

Error: (05/24/2014 01:50:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestd:\Spiele\enemy territory - quake wars\serverlauncher.exe


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8183.43 MB
Available physical RAM: 5963.16 MB
Total Pagefile: 16365.04 MB
Available Pagefile: 14048.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.07 GB) (Free:20.43 GB) NTFS
Drive d: () (Fixed) (Total:1786.84 GB) (Free:1217.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 82334871)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=76 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-280416485376) - (Type=07 NTFS)

==================== End Of Log ============================
------

Gmer-File:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-27 11:36:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0 SAMSUNG_ rev.A11Q 1863,02GB
Running: Gmer-19357.exe; Driver: C:\Users\NACHTV~1\AppData\Local\Temp\axtyauoc.sys


---- User code sections - GMER 2.1 ----

.text    D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 0000000075b61465 2 bytes [B6, 75]
.text    D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                0000000075b614bb 2 bytes [B6, 75]
.text    ...                                                                                                                                                                                                * 2
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                            00000000719a1a22 2 bytes [9A, 71]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                            00000000719a1ad0 2 bytes [9A, 71]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                            00000000719a1b08 2 bytes [9A, 71]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                            00000000719a1bba 2 bytes [9A, 71]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                            00000000719a1bda 2 bytes [9A, 71]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                     0000000075b61465 2 bytes [B6, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                    0000000075b614bb 2 bytes [B6, 75]
.text    ...                                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                   0000000075b61465 2 bytes [B6, 75]
.text    C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  0000000075b614bb 2 bytes [B6, 75]
.text    ...                                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075b61465 2 bytes [B6, 75]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 0000000075b614bb 2 bytes [B6, 75]
.text    ...                                                                                                                                                                                                * 2
.text    D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3368] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                 0000000075b61465 2 bytes [B6, 75]
.text    D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3368] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                0000000075b614bb 2 bytes [B6, 75]
.text    ...                                                                                                                                                                                                * 2
.text    D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4084] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                         00000000763b8791 5 bytes JMP 000000016e221000
.text    D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000075b61465 2 bytes [B6, 75]
.text    D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             0000000075b614bb 2 bytes [B6, 75]
.text    ...                                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                               0000000075b61465 2 bytes [B6, 75]
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                              0000000075b614bb 2 bytes [B6, 75]
.text    ...                                                                                                                                                                                                * 2
.text    D:\Programme\Hamachi\hamachi-2-ui.exe[1556] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                                                                                0000000075b61465 2 bytes [B6, 75]
.text    D:\Programme\Hamachi\hamachi-2-ui.exe[1556] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                                                                               0000000075b614bb 2 bytes [B6, 75]
.text    ...                                                                                                                                                                                                * 2

---- Threads - GMER 2.1 ----

Thread   C:\Windows\SysWOW64\ntdll.dll [616:516]                                                                                                                                                            00000000010e53d3
Thread   C:\Windows\SysWOW64\ntdll.dll [616:4208]                                                                                                                                                           00000000741bb89c
Thread   C:\Windows\SysWOW64\ntdll.dll [616:4212]                                                                                                                                                           00000000741bbaf3
Thread   C:\Windows\SysWOW64\ntdll.dll [616:4216]                                                                                                                                                           00000000741bb3c2
Thread   C:\Windows\SysWOW64\ntdll.dll [616:4220]                                                                                                                                                           000000006f14786a
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63DFF175-5358-4FD9-88D8-ABFF97F3F453}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1788](2014-05-27 08:49:58)  000007fef1aa0000

---- EOF - GMER 2.1 ----
Danke schon mal im Voraus

MfG

Nachtvogel

Alt 27.05.2014, 11:07   #2
Bootsektor
Ruhe in Frieden
† 2019
 
Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her - Standard

Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her




Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 23
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________

__________________
Alt 27.05.2014, 11:55   #3
Nachtvogel
 
Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her - Standard

Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her


Hi Sandra,

danke für die schnelle Unterstützung!

ComboFix-File:
Code:
ATTFilter
ComboFix 14-05-27.02 - Nachtvogel 27.05.2014  12:36:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8183.5919 [GMT 2:00]
ausgeführt von:: c:\users\Nachtvogel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-27 bis 2014-05-27  ))))))))))))))))))))))))))))))
.
.
2014-05-27 10:47 . 2014-05-27 10:47	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63DFF175-5358-4FD9-88D8-ABFF97F3F453}\offreg.dll
2014-05-27 10:44 . 2014-05-27 10:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-27 10:44 . 2014-05-27 10:44	--------	d-----w-	c:\users\Angmar\AppData\Local\temp
2014-05-27 10:44 . 2014-05-27 10:44	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-05-27 09:10 . 2014-05-27 09:23	--------	d-----w-	C:\FRST
2014-05-26 16:50 . 2014-05-26 16:50	--------	d-----w-	c:\users\Nachtvogel\AppData\Local\NVIDIA Corporation
2014-05-26 16:50 . 2014-04-30 18:27	1081112	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-05-26 16:50 . 2014-04-30 18:26	1225920	----a-w-	c:\windows\system32\nvspcap64.dll
2014-05-26 16:49 . 2014-05-26 16:49	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2014-05-26 16:49 . 2014-05-19 23:10	601432	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-05-26 16:46 . 2014-03-31 16:42	40392	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-05-26 16:46 . 2014-03-31 16:42	37320	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-05-26 16:46 . 2014-03-31 16:42	34760	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-05-25 14:49 . 2014-05-25 14:49	1355776	----a-w-	c:\windows\SysWow64\MSVBVM50.DLL
2014-05-25 14:48 . 2014-05-25 14:48	--------	d-----w-	c:\programdata\Logs
2014-05-25 14:48 . 2014-02-13 15:56	19392	----a-w-	c:\windows\system32\roboot64.exe
2014-05-23 12:00 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63DFF175-5358-4FD9-88D8-ABFF97F3F453}\mpengine.dll
2014-05-15 00:23 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-15 00:23 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-15 00:23 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-15 00:23 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-06 06:36 . 2014-05-15 10:06	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-05 20:22 . 2014-05-05 20:22	--------	d-----w-	c:\programdata\Package Cache
2014-04-29 00:02 . 2014-05-26 16:50	--------	d-----w-	c:\users\Nachtvogel\AppData\Local\NVIDIA
2014-04-27 22:28 . 2014-04-27 22:28	--------	d-----w-	c:\users\Nachtvogel\AppData\Roaming\Curse Advertising
2014-04-27 22:25 . 2014-04-27 22:25	--------	d-----w-	c:\users\Nachtvogel\AppData\Roaming\Curse
2014-04-27 22:24 . 2014-05-01 16:18	--------	d-----w-	c:\users\Nachtvogel\AppData\Local\WM
2014-04-27 22:23 . 2014-04-27 22:24	--------	d-----w-	C:\wm
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-27 10:46 . 2012-01-23 20:23	25640	----a-w-	c:\windows\gdrv.sys
2014-05-20 02:44 . 2013-03-27 13:39	2730208	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-03-27 13:39	16003912	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2012-05-22 16:12	1515296	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 . 2012-05-22 16:12	952952	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2010-07-09 22:38	3109248	----a-w-	c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2010-07-09 22:38	18531568	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-05-20 01:25 . 2010-07-09 15:17	6769096	----a-w-	c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2010-07-09 15:17	3514144	----a-w-	c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2010-07-09 15:17	927520	----a-w-	c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2010-07-09 15:17	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2010-07-09 15:17	387528	----a-w-	c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2010-07-09 15:17	2560968	----a-w-	c:\windows\system32\nvsvcr.dll
2014-05-15 00:21 . 2012-01-23 22:30	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-14 23:49 . 2012-05-22 16:13	3774821	----a-w-	c:\windows\system32\nvcoproc.bin
2014-05-13 19:16 . 2012-03-29 15:22	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-13 19:16 . 2012-01-24 20:43	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-16 03:02 . 2014-04-16 03:02	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-03-31 07:35 . 2012-01-23 20:46	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-20 21:02 . 2014-03-20 21:02	1885472	----a-w-	c:\windows\system32\nvdispco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02	1516488	----a-w-	c:\windows\system32\nvdispgenco6433523.dll
2014-03-06 09:31 . 2014-04-23 01:05	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-23 01:05	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-23 01:05	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-23 01:05	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-23 01:05	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-23 01:05	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-23 01:05	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-23 01:05	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-23 01:05	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-23 01:05	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-23 01:05	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-23 01:05	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-23 01:05	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-23 01:05	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-23 01:05	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-23 01:05	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-23 01:05	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-23 01:05	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-23 01:05	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-23 01:05	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-23 01:05	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-23 01:05	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-23 01:05	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-23 01:05	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-23 01:05	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-23 01:05	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-23 01:05	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-23 01:05	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-23 01:05	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-23 01:05	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-23 01:05	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-23 01:05	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-23 01:05	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 21:11	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 21:11	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 21:11	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 21:11	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 21:11	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 21:11	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 21:11	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 21:11	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 21:11	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 21:11	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 21:11	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="d:\programme\CyberLink Blue-ray\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="d:\programme\CyberLink Blue-ray\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="d:\programme\CyberLink Blue-ray\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="d:\programme\CyberLink Blue-ray\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="d:\programme\CyberLink Blue-ray\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"UpdatePPShortCut"="d:\programme\CyberLink Blue-ray\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"LGODDFU"="d:\programme\CyberLink Blue-ray\lgfw.exe" [2012-07-19 27760]
"UpdatePSTShortCut"="d:\programme\CyberLink Blue-ray\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-23 210216]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PowerDVD12DMREngine"="d:\programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="d:\programme\Power DVD 12\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-29 614400]
"DivXMediaServer"="d:\programme\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"LogMeIn Hamachi Ui"="d:\programme\Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - d:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup [2012-1-23 91440]
Logitech SetPoint.lnk - d:\programme\Logitech\SetPoint\SetPoint.exe [2012-1-23 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;d:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/07/18 23:56];d:\programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl;d:\programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/01/23 21:11];d:\programme\CyberLink Blue-ray\PowerDVD8\000.fcl;d:\programme\CyberLink Blue-ray\PowerDVD8\000.fcl [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe;d:\programme\Hamachi\hamachi-2.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=hp&installDate=06/11/2013
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: samsungsetup.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spox.com/de/index.html
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Nachtvogel\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye - d:\spiele\Arma2-DayZ\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye A2 Free - d:\spiele\Arma2-DayZBattlEye\UnInstallBE.exe
AddRemove-Guild Wars - d:\spiele\GUILD WARS\Gw.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\d:\programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programme\CyberLink Blue-ray\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-27  12:50:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-27 10:50
.
Vor Suchlauf: 13 Verzeichnis(se), 21.931.528.192 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 23.522.889.728 Bytes frei
.
- - End Of File - - E8AB93049FFBFBB6FD778CD14ED3F9C5
-----

FRST-File:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Nachtvogel (administrator) on NACHTVOGEL-PC on 27-05-2014 12:52:02
Running from C:\Users\Nachtvogel\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Mozilla Corporation) D:\Programme\Firefox\firefox.exe
(Mozilla Corporation) D:\Programme\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [MDS_Menu] => D:\Programme\CyberLink Blue-ray\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => D:\Programme\CyberLink Blue-ray\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => D:\Programme\CyberLink Blue-ray\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => D:\Programme\CyberLink Blue-ray\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => D:\Programme\CyberLink Blue-ray\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => D:\Programme\CyberLink Blue-ray\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => D:\Programme\CyberLink Blue-ray\lgfw.exe [27760 2012-07-19] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] => D:\Programme\CyberLink Blue-ray\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [501544 2012-01-02] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => D:\Programme\Power DVD 12\PowerDVD12\PowerDVD12Agent.exe [371256 2012-01-12] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-08-29] ()
HKLM-x32\...\Run: [DivXMediaServer] => D:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2030750677-1802131579-802186434-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
ShortcutTarget: Logitech Desktop Messenger.lnk -> D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=hp&installDate=06/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFBA0331310DACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=152
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -  No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default
FF NewTab: about:blank
FF Homepage: hxxp://www.spox.com/de/index.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nachtvogel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\user.js
FF Extension: Adblock Plus - C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-23]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CLHNServiceForPowerDVD12; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
S3 DAUpdaterSvc; D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-03] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-01-23] ()
R1 ISODrive; D:\Programme\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] ()
R2 ntk_PowerDVD12; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-08-27] (Samsung Electronics)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; D:\Programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; D:\Programme\CyberLink Blue-ray\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 12:51 - 2014-05-27 12:51 - 00025487 _____ () C:\Users\Nachtvogel\Desktop\ComboFix-File.txt
2014-05-27 12:50 - 2014-05-27 12:50 - 00025487 _____ () C:\ComboFix.txt
2014-05-27 12:33 - 2014-05-27 12:50 - 00000000 ____D () C:\Qoobox
2014-05-27 12:32 - 2014-05-27 12:32 - 05203612 ____R (Swearware) C:\Users\Nachtvogel\Desktop\ComboFix.exe
2014-05-27 11:36 - 2014-05-27 11:36 - 00008704 _____ () C:\Users\Nachtvogel\Desktop\Gmer.log
2014-05-27 11:23 - 2014-05-27 11:23 - 00040770 _____ () C:\Users\Nachtvogel\Desktop\Addition.txt
2014-05-27 11:22 - 2014-05-27 12:52 - 00003240 _____ () C:\Users\Nachtvogel\Desktop\FRST.txt
2014-05-27 11:21 - 2014-05-27 11:21 - 00380416 _____ () C:\Users\Nachtvogel\Desktop\Gmer-19357.exe
2014-05-27 11:10 - 2014-05-27 12:52 - 00000000 ____D () C:\FRST
2014-05-27 11:08 - 2014-05-27 11:08 - 02066944 _____ (Farbar) C:\Users\Nachtvogel\Desktop\FRST64.exe
2014-05-26 18:50 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA Corporation
2014-05-26 18:50 - 2014-04-30 20:27 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-26 18:50 - 2014-04-30 20:26 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-26 18:49 - 2014-05-26 18:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 18:49 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-26 18:47 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 18:47 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-26 18:47 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-26 18:46 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-26 18:46 - 2014-03-31 18:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-05-26 18:46 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-26 17:56 - 2014-05-26 18:11 - 333878864 _____ (NVIDIA Corporation) C:\Users\Nachtvogel\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-05-25 16:49 - 2014-05-25 16:49 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL
2014-05-25 16:48 - 2014-02-13 17:56 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2014-05-15 02:23 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 02:23 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 02:23 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 02:23 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 02:23 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 02:23 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 16:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 16:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 16:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 16:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 16:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 16:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 16:27 - 2014-05-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-06 08:36 - 2014-05-15 12:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 22:33 - 2014-04-18 17:33 - 03692032 _____ () C:\Users\Nachtvogel\Desktop\Wasteland 2 beta Build 39052 Trainer +6 MrAntiFun.EXE
2014-05-05 22:22 - 2014-05-05 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-04 22:25 - 2014-05-11 03:50 - 00021157 _____ () C:\Users\Nachtvogel\Desktop\Abschied.odt
2014-04-29 02:02 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA
2014-04-28 13:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-28 13:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-28 13:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-28 13:37 - 2014-05-27 12:49 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 00:28 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse Advertising
2014-04-28 00:25 - 2014-04-28 00:25 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse
2014-04-28 00:24 - 2014-05-01 18:18 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\WM
2014-04-28 00:23 - 2014-04-28 00:24 - 00000000 ____D () C:\wm

==================== One Month Modified Files and Folders =======

2014-05-27 12:52 - 2014-05-27 11:22 - 00003240 _____ () C:\Users\Nachtvogel\Desktop\FRST.txt
2014-05-27 12:52 - 2014-05-27 11:10 - 00000000 ____D () C:\FRST
2014-05-27 12:51 - 2014-05-27 12:51 - 00025487 _____ () C:\Users\Nachtvogel\Desktop\ComboFix-File.txt
2014-05-27 12:50 - 2014-05-27 12:50 - 00025487 _____ () C:\ComboFix.txt
2014-05-27 12:50 - 2014-05-27 12:33 - 00000000 ____D () C:\Qoobox
2014-05-27 12:49 - 2014-04-28 13:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 12:46 - 2013-11-14 15:34 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\LogMeIn Hamachi
2014-05-27 12:46 - 2012-01-23 22:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-27 12:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 12:46 - 2009-07-14 06:51 - 00123505 _____ () C:\Windows\setupact.log
2014-05-27 12:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-27 12:45 - 2012-01-23 22:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-27 12:45 - 2012-01-23 22:22 - 00356766 _____ () C:\Windows\PFRO.log
2014-05-27 12:45 - 2012-01-23 21:46 - 01116748 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 12:45 - 2009-07-14 04:34 - 66584576 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-27 12:45 - 2009-07-14 04:34 - 23330816 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-27 12:45 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-27 12:45 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-27 12:45 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-27 12:32 - 2014-05-27 12:32 - 05203612 ____R (Swearware) C:\Users\Nachtvogel\Desktop\ComboFix.exe
2014-05-27 12:11 - 2012-03-29 17:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 11:48 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 11:48 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 11:40 - 2012-01-23 22:08 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-05-27 11:36 - 2014-05-27 11:36 - 00008704 _____ () C:\Users\Nachtvogel\Desktop\Gmer.log
2014-05-27 11:23 - 2014-05-27 11:23 - 00040770 _____ () C:\Users\Nachtvogel\Desktop\Addition.txt
2014-05-27 11:21 - 2014-05-27 11:21 - 00380416 _____ () C:\Users\Nachtvogel\Desktop\Gmer-19357.exe
2014-05-27 11:08 - 2014-05-27 11:08 - 02066944 _____ (Farbar) C:\Users\Nachtvogel\Desktop\FRST64.exe
2014-05-27 01:53 - 2012-03-01 22:35 - 00000000 ____D () C:\Users\Nachtvogel\Documents\My Games
2014-05-26 18:50 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA Corporation
2014-05-26 18:50 - 2014-04-29 02:02 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-26 18:49 - 2014-05-26 18:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 18:49 - 2012-05-22 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-26 18:11 - 2014-05-26 17:56 - 333878864 _____ (NVIDIA Corporation) C:\Users\Nachtvogel\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-05-25 16:49 - 2014-05-25 16:49 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL
2014-05-24 19:27 - 2014-03-15 15:13 - 00022570 _____ () C:\Users\Nachtvogel\Desktop\Honvad Budapest Spielerentwicklung.ods
2014-05-20 04:44 - 2014-05-26 18:47 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-26 18:47 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-20 04:44 - 2014-05-26 18:47 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-20 04:44 - 2013-03-27 15:39 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2013-03-27 15:39 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2012-05-22 18:12 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-05-20 04:44 - 2012-05-22 18:12 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 04:44 - 2012-01-23 22:27 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 04:44 - 2010-07-10 00:38 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2010-07-10 00:38 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2010-07-09 17:17 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-26 18:49 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 23:41 - 2012-12-29 20:53 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Skype
2014-05-15 19:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 12:09 - 2012-01-23 21:53 - 00000000 ___RD () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 12:09 - 2012-01-23 21:53 - 00000000 ___RD () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 12:06 - 2014-05-06 08:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 02:22 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 02:21 - 2012-01-24 00:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 01:49 - 2012-05-22 18:13 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 16:27 - 2014-05-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-13 21:16 - 2012-03-29 17:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:16 - 2012-03-29 17:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:16 - 2012-01-24 22:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-11 03:50 - 2014-05-04 22:25 - 00021157 _____ () C:\Users\Nachtvogel\Desktop\Abschied.odt
2014-05-09 08:14 - 2014-05-14 16:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 16:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 23:56 - 2012-01-23 22:34 - 00000000 ____D () C:\ProgramData\DivX
2014-05-06 06:40 - 2014-05-15 02:23 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 02:23 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 02:23 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 02:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 22:22 - 2014-05-05 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-04 07:33 - 2012-01-23 22:12 - 00000341 _____ () C:\Windows\lgfwup.ini
2014-05-03 12:13 - 2014-02-17 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-01 18:18 - 2014-04-28 00:24 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\WM
2014-04-30 20:27 - 2014-05-26 18:50 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-30 20:26 - 2014-05-26 18:50 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-29 02:08 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-29 02:08 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-29 02:08 - 2009-07-14 07:13 - 00905710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 00:28 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse Advertising
2014-04-28 00:25 - 2014-04-28 00:25 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse
2014-04-28 00:24 - 2014-04-28 00:23 - 00000000 ____D () C:\wm

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-20 00:38

==================== End Of Log ============================
--- --- ---


MfG

Nachtvogel
__________________
Alt 27.05.2014, 22:54   #4
Bootsektor
Ruhe in Frieden
† 2019
 
Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her - Standard

Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her


Hallo Nachtvogel,

sehr schön.

Schritt 1
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    FOLDER::
C:\Users\Nachtvogel\AppData\Local\WM
C:\wm

DDS::
uStart Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=hp&installDate=06/11/2013
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!



Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 4
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.
Alt 28.05.2014, 02:53   #5
Nachtvogel
 
Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her - Standard

Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her


So alles erfolgreich abgeschlossen:

Schritt 1:
ComboFix:
Code:
ATTFilter
ComboFix 14-05-27.02 - Nachtvogel 28.05.2014   3:13.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8183.6421 [GMT 2:00]
ausgeführt von:: c:\users\Nachtvogel\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Nachtvogel\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nachtvogel\AppData\Local\WM
C:\wm
c:\wm\64\libcurl-4.dll
c:\wm\64\libwinpthread-1.dll
c:\wm\64\wincpu.vbs
c:\wm\64\wincpuidle.vbs
c:\wm\64\zlib1.dll
c:\wm\amd\ckolivasGeForce GTX 460glg2tc1920w256l4.bin
c:\wm\amd\ckolivasGeForce GTX 460glg2tc1984w256l4.bin
c:\wm\amd\kernel\alexkarnew.cl
c:\wm\amd\kernel\alexkarold.cl
c:\wm\amd\kernel\ckolivas.cl
c:\wm\amd\kernel\psw.cl
c:\wm\amd\kernel\zuikkis.cl
c:\wm\amd\libcurl.dll
c:\wm\amd\libeay32.dll
c:\wm\amd\libidn-11.dll
c:\wm\amd\libpdcurses.dll
c:\wm\amd\pthreadGC2.dll
c:\wm\amd\ssleay32.dll
c:\wm\amd\winAMD.exe
c:\wm\amd\winAMD.vbs
c:\wm\amd\zlib1.dll
c:\wm\nv\cudart32_55.dll
c:\wm\nv\pthreadVC2.dll
c:\wm\nv\winNvidia.exe
c:\wm\nv\winNvidia.vbs
c:\wm\update.exe
c:\wm\wm.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-28 bis 2014-05-28  ))))))))))))))))))))))))))))))
.
.
2014-05-28 01:19 . 2014-05-28 01:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-28 01:19 . 2014-05-28 01:19	--------	d-----w-	c:\users\Angmar\AppData\Local\temp
2014-05-28 01:19 . 2014-05-28 01:19	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-05-27 23:46 . 2014-05-28 01:06	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63DFF175-5358-4FD9-88D8-ABFF97F3F453}\offreg.dll
2014-05-27 09:10 . 2014-05-27 10:53	--------	d-----w-	C:\FRST
2014-05-26 16:50 . 2014-05-26 16:50	--------	d-----w-	c:\users\Nachtvogel\AppData\Local\NVIDIA Corporation
2014-05-26 16:50 . 2014-04-30 18:27	1081112	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-05-26 16:50 . 2014-04-30 18:26	1225920	----a-w-	c:\windows\system32\nvspcap64.dll
2014-05-26 16:49 . 2014-05-26 16:49	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2014-05-26 16:49 . 2014-05-19 23:10	601432	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-05-26 16:46 . 2014-03-31 16:42	40392	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-05-26 16:46 . 2014-03-31 16:42	37320	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-05-26 16:46 . 2014-03-31 16:42	34760	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-05-25 14:49 . 2014-05-25 14:49	1355776	----a-w-	c:\windows\SysWow64\MSVBVM50.DLL
2014-05-25 14:48 . 2014-05-25 14:48	--------	d-----w-	c:\programdata\Logs
2014-05-25 14:48 . 2014-02-13 15:56	19392	----a-w-	c:\windows\system32\roboot64.exe
2014-05-23 12:00 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63DFF175-5358-4FD9-88D8-ABFF97F3F453}\mpengine.dll
2014-05-15 00:23 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-15 00:23 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-15 00:23 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-15 00:23 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-06 06:36 . 2014-05-15 10:06	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-05 20:22 . 2014-05-05 20:22	--------	d-----w-	c:\programdata\Package Cache
2014-04-29 00:02 . 2014-05-26 16:50	--------	d-----w-	c:\users\Nachtvogel\AppData\Local\NVIDIA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-28 01:04 . 2012-01-23 20:23	25640	----a-w-	c:\windows\gdrv.sys
2014-05-20 02:44 . 2013-03-27 13:39	2730208	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-03-27 13:39	16003912	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2012-05-22 16:12	1515296	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 . 2012-05-22 16:12	952952	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2010-07-09 22:38	3109248	----a-w-	c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2010-07-09 22:38	18531568	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-05-20 01:25 . 2010-07-09 15:17	6769096	----a-w-	c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2010-07-09 15:17	3514144	----a-w-	c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2010-07-09 15:17	927520	----a-w-	c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2010-07-09 15:17	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2010-07-09 15:17	387528	----a-w-	c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2010-07-09 15:17	2560968	----a-w-	c:\windows\system32\nvsvcr.dll
2014-05-15 00:21 . 2012-01-23 22:30	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-14 23:49 . 2012-05-22 16:13	3774821	----a-w-	c:\windows\system32\nvcoproc.bin
2014-05-13 19:16 . 2012-03-29 15:22	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-13 19:16 . 2012-01-24 20:43	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-16 03:02 . 2014-04-16 03:02	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-03-31 07:35 . 2012-01-23 20:46	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-20 21:02 . 2014-03-20 21:02	1885472	----a-w-	c:\windows\system32\nvdispco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02	1516488	----a-w-	c:\windows\system32\nvdispgenco6433523.dll
2014-03-06 09:31 . 2014-04-23 01:05	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-23 01:05	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-23 01:05	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-23 01:05	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-23 01:05	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-23 01:05	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-23 01:05	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-23 01:05	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-23 01:05	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-23 01:05	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-23 01:05	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-23 01:05	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-23 01:05	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-23 01:05	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-23 01:05	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-23 01:05	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-23 01:05	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-23 01:05	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-23 01:05	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-23 01:05	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-23 01:05	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-23 01:05	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-23 01:05	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-23 01:05	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-23 01:05	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-23 01:05	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-23 01:05	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-23 01:05	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-23 01:05	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-23 01:05	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-23 01:05	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-23 01:05	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-23 01:05	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 21:11	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 21:11	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 21:11	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 21:11	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 21:11	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 21:11	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 21:11	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 21:11	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 21:11	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 21:11	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 21:11	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="d:\programme\CyberLink Blue-ray\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="d:\programme\CyberLink Blue-ray\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="d:\programme\CyberLink Blue-ray\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="d:\programme\CyberLink Blue-ray\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="d:\programme\CyberLink Blue-ray\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"UpdatePPShortCut"="d:\programme\CyberLink Blue-ray\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"LGODDFU"="d:\programme\CyberLink Blue-ray\lgfw.exe" [2012-07-19 27760]
"UpdatePSTShortCut"="d:\programme\CyberLink Blue-ray\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-23 210216]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PowerDVD12DMREngine"="d:\programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="d:\programme\Power DVD 12\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-29 614400]
"DivXMediaServer"="d:\programme\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"LogMeIn Hamachi Ui"="d:\programme\Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - d:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup [2012-1-23 91440]
Logitech SetPoint.lnk - d:\programme\Logitech\SetPoint\SetPoint.exe [2012-1-23 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;d:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/07/18 23:56];d:\programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl;d:\programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/01/23 21:11];d:\programme\CyberLink Blue-ray\PowerDVD8\000.fcl;d:\programme\CyberLink Blue-ray\PowerDVD8\000.fcl [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe;d:\programme\Hamachi\hamachi-2.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;d:\programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=013841a3-b93f-8979-ab53-df9f35dcb66b&searchtype=ds&q={searchTerms}&installDate=06/11/2013
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: samsungsetup.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spox.com/de/index.html
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BattlEye - d:\spiele\Arma2-DayZ\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye A2 Free - d:\spiele\Arma2-DayZBattlEye\UnInstallBE.exe
AddRemove-Guild Wars - d:\spiele\GUILD WARS\Gw.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\d:\programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programme\CyberLink Blue-ray\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-28  03:21:18
ComboFix-quarantined-files.txt  2014-05-28 01:21
ComboFix2.txt  2014-05-27 10:50
.
Vor Suchlauf: 15 Verzeichnis(se), 23.472.398.336 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 23.401.267.200 Bytes frei
.
- - End Of File - - 43EEDB5662F33953A68D257E1A8B31B8
Schritt 2:
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.211 - Bericht erstellt am 28/05/2014 um 03:24:28
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Nachtvogel - NACHTVOGEL-PC
# Gestartet von : C:\Users\Nachtvogel\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\glindorus
Ordner Gelöscht : C:\Users\Nachtvogel\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Nachtvogel\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\invalidprefs.js
Datei Gelöscht : C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilglindorus_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilglindorus_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\96de88e538ba40
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v9.0.1 (de)

[ Datei : C:\Users\Angmar\AppData\Roaming\Mozilla\Firefox\Profiles\la146gsa.default\prefs.js ]


[ Datei : C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5865 octets] - [28/05/2014 03:23:54]
AdwCleaner[S0].txt - [4716 octets] - [28/05/2014 03:24:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4776 octets] ##########
Schritt 3: ***Hier ist ein kleiner Fehler unterlaufen, weiß nicht wie schlimm. Als der Suchlauf beendet war, wurde mir ein Fund angezeigt. Bei dem Versuch diesen in die Quarantäne zu verschieben ist MBAM abgestürzt. ***
MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 28.05.2014 03:34:03, SYSTEM, NACHTVOGEL-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.5.21.1, 
Update, 28.05.2014 03:34:20, SYSTEM, NACHTVOGEL-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.28.1, 

(end)
Zweiter Versuch mit MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.05.2014
Suchlauf-Zeit: 03:55:01
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.28.01
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nachtvogel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 336501
Verstrichene Zeit: 7 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Schritt 4:
FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Nachtvogel (administrator) on NACHTVOGEL-PC on 28-05-2014 03:46:07
Running from C:\Users\Nachtvogel\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CyberLink Corp.) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Logitech, Inc.) D:\Programme\Logitech\SetPoint\SetPoint.exe
(CyberLink) D:\Programme\CyberLink Blue-ray\Power2Go\CLMLSvc.exe
() D:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
(CyberLink Corp.) D:\Programme\CyberLink Blue-ray\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink) D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) D:\Programme\Firefox\firefox.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [MDS_Menu] => D:\Programme\CyberLink Blue-ray\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => D:\Programme\CyberLink Blue-ray\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => D:\Programme\CyberLink Blue-ray\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => D:\Programme\CyberLink Blue-ray\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => D:\Programme\CyberLink Blue-ray\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => D:\Programme\CyberLink Blue-ray\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => D:\Programme\CyberLink Blue-ray\lgfw.exe [27760 2012-07-19] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] => D:\Programme\CyberLink Blue-ray\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [501544 2012-01-02] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => D:\Programme\Power DVD 12\PowerDVD12\PowerDVD12Agent.exe [371256 2012-01-12] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-08-29] ()
HKLM-x32\...\Run: [DivXMediaServer] => D:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2030750677-1802131579-802186434-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2030750677-1802131579-802186434-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
ShortcutTarget: Logitech Desktop Messenger.lnk -> D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFBA0331310DACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=152
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -  No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default
FF NewTab: about:blank
FF Homepage: hxxp://www.spox.com/de/index.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Programme\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nachtvogel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Adblock Plus - C:\Users\Nachtvogel\AppData\Roaming\Mozilla\Firefox\Profiles\2xi08m41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-23]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CLHNServiceForPowerDVD12; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
S3 DAUpdaterSvc; D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-03] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-01-23] ()
R1 ISODrive; D:\Programme\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] ()
R2 ntk_PowerDVD12; D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-08-27] (Samsung Electronics)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; D:\Programme\Power DVD 12\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; D:\Programme\CyberLink Blue-ray\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 03:46 - 2014-05-28 03:46 - 00016181 _____ () C:\Users\Nachtvogel\Desktop\FRST.txt
2014-05-28 03:45 - 2014-05-28 03:45 - 00000271 _____ () C:\Users\Nachtvogel\Desktop\mbam.txt
2014-05-28 03:33 - 2014-05-28 03:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 03:33 - 2014-05-28 03:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 03:33 - 2014-05-28 03:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 03:33 - 2014-05-28 03:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 03:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 03:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 03:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 03:32 - 2014-05-28 03:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nachtvogel\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 03:30 - 2014-05-28 03:30 - 00004868 _____ () C:\Users\Nachtvogel\Desktop\AdwCleaner[S0].txt
2014-05-28 03:23 - 2014-05-28 03:24 - 00000000 ____D () C:\AdwCleaner
2014-05-28 03:23 - 2014-05-28 03:23 - 01327971 _____ () C:\Users\Nachtvogel\Desktop\adwcleaner_3.211.exe
2014-05-28 03:21 - 2014-05-28 03:21 - 00025059 _____ () C:\Users\Nachtvogel\Desktop\ComboFix-File 2.txt
2014-05-28 03:21 - 2014-05-28 03:21 - 00025059 _____ () C:\ComboFix.txt
2014-05-28 03:08 - 2014-05-28 03:09 - 05203612 ____R (Swearware) C:\Users\Nachtvogel\Desktop\ComboFix.exe
2014-05-27 22:30 - 2014-05-27 22:30 - 00029993 _____ () C:\Users\Nachtvogel\Desktop\blubbi.odt
2014-05-27 12:51 - 2014-05-27 12:51 - 00025487 _____ () C:\Users\Nachtvogel\Desktop\ComboFix-File.txt
2014-05-27 12:33 - 2014-05-28 03:21 - 00000000 ____D () C:\Qoobox
2014-05-27 11:36 - 2014-05-27 11:36 - 00008704 _____ () C:\Users\Nachtvogel\Desktop\Gmer.log
2014-05-27 11:21 - 2014-05-27 11:21 - 00380416 _____ () C:\Users\Nachtvogel\Desktop\Gmer-19357.exe
2014-05-27 11:10 - 2014-05-28 03:46 - 00000000 ____D () C:\FRST
2014-05-27 11:08 - 2014-05-27 11:08 - 02066944 _____ (Farbar) C:\Users\Nachtvogel\Desktop\FRST64.exe
2014-05-26 18:50 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA Corporation
2014-05-26 18:50 - 2014-04-30 20:27 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-26 18:50 - 2014-04-30 20:26 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-26 18:49 - 2014-05-26 18:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 18:49 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-26 18:47 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 18:47 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-26 18:47 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-26 18:47 - 2014-05-20 04:44 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-26 18:46 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-26 18:46 - 2014-03-31 18:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-05-26 18:46 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-26 17:56 - 2014-05-26 18:11 - 333878864 _____ (NVIDIA Corporation) C:\Users\Nachtvogel\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-05-25 16:49 - 2014-05-25 16:49 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL
2014-05-15 02:23 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 02:23 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 02:23 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 02:23 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 02:23 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 02:23 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 16:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 16:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 16:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 16:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 16:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 16:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 16:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 16:27 - 2014-05-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-06 08:36 - 2014-05-15 12:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 22:22 - 2014-05-05 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-04 22:25 - 2014-05-11 03:50 - 00021157 _____ () C:\Users\Nachtvogel\Desktop\Abschied.odt
2014-04-29 02:02 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA
2014-04-28 13:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-28 13:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-28 13:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-28 13:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-28 13:37 - 2014-05-27 12:49 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 00:28 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse Advertising
2014-04-28 00:25 - 2014-04-28 00:25 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse

==================== One Month Modified Files and Folders =======

2014-05-28 03:46 - 2014-05-28 03:46 - 00016181 _____ () C:\Users\Nachtvogel\Desktop\FRST.txt
2014-05-28 03:46 - 2014-05-27 11:10 - 00000000 ____D () C:\FRST
2014-05-28 03:45 - 2014-05-28 03:45 - 00000271 _____ () C:\Users\Nachtvogel\Desktop\mbam.txt
2014-05-28 03:44 - 2014-05-28 03:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 03:33 - 2014-05-28 03:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 03:33 - 2014-05-28 03:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 03:33 - 2014-05-28 03:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 03:33 - 2014-05-28 03:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nachtvogel\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 03:32 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 03:32 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 03:30 - 2014-05-28 03:30 - 00004868 _____ () C:\Users\Nachtvogel\Desktop\AdwCleaner[S0].txt
2014-05-28 03:30 - 2013-11-14 15:34 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\LogMeIn Hamachi
2014-05-28 03:30 - 2012-01-23 22:08 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-05-28 03:29 - 2012-01-23 21:46 - 01131253 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 03:25 - 2012-01-23 22:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 03:25 - 2012-01-23 22:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-28 03:25 - 2012-01-23 22:22 - 00357518 _____ () C:\Windows\PFRO.log
2014-05-28 03:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 03:25 - 2009-07-14 06:51 - 00124009 _____ () C:\Windows\setupact.log
2014-05-28 03:24 - 2014-05-28 03:23 - 00000000 ____D () C:\AdwCleaner
2014-05-28 03:23 - 2014-05-28 03:23 - 01327971 _____ () C:\Users\Nachtvogel\Desktop\adwcleaner_3.211.exe
2014-05-28 03:21 - 2014-05-28 03:21 - 00025059 _____ () C:\Users\Nachtvogel\Desktop\ComboFix-File 2.txt
2014-05-28 03:21 - 2014-05-28 03:21 - 00025059 _____ () C:\ComboFix.txt
2014-05-28 03:21 - 2014-05-27 12:33 - 00000000 ____D () C:\Qoobox
2014-05-28 03:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-28 03:11 - 2012-03-29 17:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 03:09 - 2014-05-28 03:08 - 05203612 ____R (Swearware) C:\Users\Nachtvogel\Desktop\ComboFix.exe
2014-05-27 22:30 - 2014-05-27 22:30 - 00029993 _____ () C:\Users\Nachtvogel\Desktop\blubbi.odt
2014-05-27 12:51 - 2014-05-27 12:51 - 00025487 _____ () C:\Users\Nachtvogel\Desktop\ComboFix-File.txt
2014-05-27 12:50 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 12:49 - 2014-04-28 13:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 12:45 - 2009-07-14 04:34 - 66584576 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-27 12:45 - 2009-07-14 04:34 - 23330816 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-27 12:45 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-27 12:45 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-27 12:45 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-27 11:36 - 2014-05-27 11:36 - 00008704 _____ () C:\Users\Nachtvogel\Desktop\Gmer.log
2014-05-27 11:21 - 2014-05-27 11:21 - 00380416 _____ () C:\Users\Nachtvogel\Desktop\Gmer-19357.exe
2014-05-27 11:08 - 2014-05-27 11:08 - 02066944 _____ (Farbar) C:\Users\Nachtvogel\Desktop\FRST64.exe
2014-05-27 01:53 - 2012-03-01 22:35 - 00000000 ____D () C:\Users\Nachtvogel\Documents\My Games
2014-05-26 18:50 - 2014-05-26 18:50 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA Corporation
2014-05-26 18:50 - 2014-04-29 02:02 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Local\NVIDIA
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-26 18:50 - 2012-01-23 22:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-26 18:49 - 2014-05-26 18:49 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 18:49 - 2012-05-22 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-26 18:11 - 2014-05-26 17:56 - 333878864 _____ (NVIDIA Corporation) C:\Users\Nachtvogel\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-05-25 16:49 - 2014-05-25 16:49 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL
2014-05-24 19:27 - 2014-03-15 15:13 - 00022570 _____ () C:\Users\Nachtvogel\Desktop\Honvad Budapest Spielerentwicklung.ods
2014-05-20 04:44 - 2014-05-26 18:47 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-26 18:47 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-20 04:44 - 2014-05-26 18:47 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2014-05-26 18:47 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-20 04:44 - 2013-03-27 15:39 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2013-03-27 15:39 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2012-05-22 18:12 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-05-20 04:44 - 2012-05-22 18:12 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 04:44 - 2012-01-23 22:27 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 04:44 - 2010-07-10 00:38 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2010-07-10 00:38 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2010-07-09 17:17 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2010-07-09 17:17 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-26 18:49 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 23:41 - 2012-12-29 20:53 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Skype
2014-05-15 19:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 12:09 - 2012-01-23 21:53 - 00000000 ___RD () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 12:09 - 2012-01-23 21:53 - 00000000 ___RD () C:\Users\Nachtvogel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 12:06 - 2014-05-06 08:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 02:22 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 02:21 - 2012-01-24 00:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 01:49 - 2012-05-22 18:13 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 16:27 - 2014-05-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-13 21:16 - 2012-03-29 17:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:16 - 2012-03-29 17:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:16 - 2012-01-24 22:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-05-28 03:33 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 03:33 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 03:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 03:50 - 2014-05-04 22:25 - 00021157 _____ () C:\Users\Nachtvogel\Desktop\Abschied.odt
2014-05-09 08:14 - 2014-05-14 16:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 16:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 23:56 - 2012-01-23 22:34 - 00000000 ____D () C:\ProgramData\DivX
2014-05-06 06:40 - 2014-05-15 02:23 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 02:23 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 02:23 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 02:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 22:22 - 2014-05-05 22:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-04 07:33 - 2012-01-23 22:12 - 00000341 _____ () C:\Windows\lgfwup.ini
2014-05-03 12:13 - 2014-02-17 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-04-30 20:27 - 2014-05-26 18:50 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-30 20:26 - 2014-05-26 18:50 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-29 02:08 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-29 02:08 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-29 02:08 - 2009-07-14 07:13 - 00905710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 00:28 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse Advertising
2014-04-28 00:25 - 2014-04-28 00:25 - 00000000 ____D () C:\Users\Nachtvogel\AppData\Roaming\Curse

Some content of TEMP:
====================
C:\Users\Nachtvogel\AppData\Local\Temp\avgnt.exe
C:\Users\Nachtvogel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-20 00:38

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


---

Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Nachtvogel at 2014-05-28 03:46:22
Running from C:\Users\Nachtvogel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ActiveState ActivePython 2.7.5.6 (32-bit) (HKLM-x32\...\{4D22D7B3-AF9C-424C-B6AF-E88D2365A127}) (Version: 2.7.6 - ActiveState Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8900 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
ArtMoney SE v7.40 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.40 - System SoftLab)
AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Baldur's Gate (HKLM-x32\...\Baldur's Gate) (Version:  - )
Baldur's Gate II: Enhanced Edition (HKLM-x32\...\Steam App 257350) (Version:  - Beamdog)
Baldurs Gate(TM) II - Thron des Bhaal (TM) (HKLM-x32\...\{5B09F344-4406-11D5-96E8-0050BA84F5F7}) (Version:  - )
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version:  - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3102 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3102 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3224 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3224 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.1312.54 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.3228 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1520 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1520 - CyberLink Corp.) Hidden
DayZ Commander (HKLM-x32\...\{E913F678-7BAC-4C3D-A8ED-C19E13D3BAD0}) (Version: 0.9.80 - Dotjosh Studios)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live PSG) (Version:  - Sony Online Entertainment)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.48.5 - Electronic Arts)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.8.1 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Divinity II - Ego Draconis (HKLM-x32\...\Divinity II - Ego Draconis_is1) (Version:  - dtp)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 1.2.1241.10 - Infernum Productions AG)
Drakensang (HKLM-x32\...\Drakensang_is1) (Version:  - dtp)
EA Installer (HKLM-x32\...\EA Installer.-183224887) (Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - Amplitude Studios)
erLT (x32 Version: 1.12.0117 - Logitech, Inc.) Hidden
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
Fallout 2 (HKLM-x32\...\Fallout 2) (Version:  - )
Fallout 2 (HKLM-x32\...\Fallout 2_is1) (Version:  - GOG.com)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.2.0.0 - Electronic Arts)
FMRTE 13.3.3.62 (HKLM\...\{13416834-B10B-4DD4-8213-C8D66A157D7E}_is1) (Version: 13.3.3.62 - Raul Bravo)
FO2 Restoration Project 2.3.2 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version:  - killap)
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version:  - Sports Interactive)
Football Manager 2013 Editor (HKLM-x32\...\Steam App 220600) (Version:  - Sports Interactive)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.114 - Foxit Corporation)
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.3 - Electronic Arts)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.3.0 - Electronic Arts)
Game of Thrones Version 1.4.2.0 (HKLM-x32\...\AGOT_is1) (Version: 1.4.2.0 - Cyanide)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - )
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Logitech Desktop Messenger (HKLM-x32\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.56.102 - Logitech, Inc.)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
MegaTrainer eXperience V1.2.1.8 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy ds3 driver version 0.5.0002 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.5.0002 - www.motioninjoy.com)
Mozilla Firefox 29.0.1 (x86 de) (HKCU\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Firefox 9.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 9.0.1 (x86 de)) (Version: 9.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Neverwinter (HKLM-x32\...\Neverwinter) (Version:  - Cryptic Studios)
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.31.2 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Blender (HKLM-x32\...\PDF Blender) (Version:  - )
Play withSIX (HKLM-x32\...\{8E634921-4547-4CA9-AF79-08B735431C12}) (Version: 1.00.0096 - SIX Networks)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: 1.0.0.0 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - Square Enix)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SopCast 3.4.8 (HKLM-x32\...\SopCast) (Version: 3.4.8 - www.sopcast.com)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - )
Wartung Samsung ML-2525W Series (HKLM-x32\...\Samsung ML-2525W Series) (Version:  - Samsung Electronics CO.,LTD)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
X-COM: Apocalypse (HKLM-x32\...\Steam App 7660) (Version:  - MicroProse Software, Inc)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-28 03:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {30C31C62-D27C-454C-8CCC-09BACE6D9320} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {6058E528-5261-4521-B7DE-87EEE4BD3F03} - System32\Tasks\{89E67290-AA7B-4FAE-BD61-B155609C58A0} => D:\Spiele\Fallout2\fallout2.exe
Task: {9627E88C-B5A6-4CEE-BEE3-9C039451F0DB} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {A5507623-7E63-458B-BC65-CA1265D8D6A2} - System32\Tasks\{9BAA2407-91B0-44D4-A7D8-6AB61BC65566} => D:\Spiele\Fallout2\fallout2.exe
Task: {C6DD8C85-FF88-4238-8740-53D32DBD24E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {F3970FD4-3B86-4036-88E3-23438C34223F} - System32\Tasks\{0C0411B5-C616-4A73-B77C-340C6F53DD7D} => D:\Spiele\Age of Empires II\age2_x1\age2_x1.exe [2000-08-08] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-02-01 23:58 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-22 09:48 - 2011-06-22 09:48 - 00034304 _____ () C:\Windows\System32\ssp6ml6.dll
2012-01-23 22:21 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2012-01-23 22:18 - 2010-01-19 04:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2012-12-03 19:13 - 2012-12-03 19:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-23 22:08 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2012-01-23 23:40 - 2012-01-09 20:44 - 00193536 _____ () D:\Programme\WinRar\rarext64.dll
2012-01-23 21:57 - 2008-05-02 05:00 - 00077824 _____ () D:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
2013-08-07 15:17 - 2009-08-29 05:37 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-08-07 15:17 - 2009-07-17 00:24 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2013-03-27 15:55 - 2013-01-25 10:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-01-23 22:21 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2012-01-23 21:59 - 2012-01-23 21:59 - 00064664 _____ () D:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.87-8876480SL\Program\clntutil.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00619816 ____N () D:\Programme\CyberLink Blue-ray\Power2Go\CLMediaLibrary.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00013096 ____N () D:\Programme\CyberLink Blue-ray\Power2Go\CLMLSvcPS.dll
2012-07-18 23:55 - 2012-01-02 04:21 - 00374056 _____ () D:\Programme\Power DVD 12\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-10 04:47 - 2014-05-10 04:47 - 03839088 _____ () D:\Programme\Firefox\mozjs.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2014 03:44:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e0c

Startzeit: 01cf7a14e3f401ac

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: 88c80921-e609-11e3-9d1b-1c6f65902373

Error: (05/28/2014 03:24:39 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/27/2014 00:45:14 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/27/2014 11:39:13 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/27/2014 01:53:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dosbox.exe, Version: 0.72.0.0, Zeitstempel: 0x46d1bcb8
Name des fehlerhaften Moduls: dosbox.exe, Version: 0.72.0.0, Zeitstempel: 0x46d1bcb8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000df0e2
ID des fehlerhaften Prozesses: 0x15a4
Startzeit der fehlerhaften Anwendung: 0xdosbox.exe0
Pfad der fehlerhaften Anwendung: dosbox.exe1
Pfad des fehlerhaften Moduls: dosbox.exe2
Berichtskennung: dosbox.exe3

Error: (05/26/2014 05:05:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/26/2014 05:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/26/2014 05:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/26/2014 05:02:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/24/2014 11:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 13.3.3.31972, Zeitstempel: 0x514c8b4d
Name des fehlerhaften Moduls: fm.exe, Version: 13.3.3.31972, Zeitstempel: 0x514c8b4d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x014dbcc0
ID des fehlerhaften Prozesses: 0x1170
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3


System errors:
=============
Error: (05/28/2014 03:25:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/28/2014 03:25:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/28/2014 03:19:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/28/2014 03:19:28 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/28/2014 03:19:27 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/28/2014 03:17:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/28/2014 03:04:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/28/2014 03:04:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/28/2014 03:04:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎28.‎05.‎2014 um 03:02:49 unerwartet heruntergefahren.

Error: (05/28/2014 01:43:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (05/28/2014 03:44:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532e0c01cf7a14e3f401ac16C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe88c80921-e609-11e3-9d1b-1c6f65902373

Error: (05/28/2014 03:24:39 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/27/2014 00:45:14 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/27/2014 11:39:13 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/27/2014 01:53:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dosbox.exe0.72.0.046d1bcb8dosbox.exe0.72.0.046d1bcb8c0000005000df0e215a401cf7936c20c25eeD:\Programme\Steam\steamapps\common\XCom Apocalypse\dosbox.exeD:\Programme\Steam\steamapps\common\XCom Apocalypse\dosbox.exede1f297d-e530-11e3-a9f2-1c6f65902373

Error: (05/26/2014 05:05:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: d:\Spiele\fußball manager 2012\MsiCofire.dlld:\Spiele\fußball manager 2012\MsiCofire.dll2

Error: (05/26/2014 05:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestd:\Spiele\enemy territory - quake wars\lite server\serverlauncher.exe

Error: (05/26/2014 05:04:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestd:\Spiele\enemy territory - quake wars\serverlauncher.exe

Error: (05/26/2014 05:02:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/24/2014 11:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe13.3.3.31972514c8b4dfm.exe13.3.3.31972514c8b4dc0000005014dbcc0117001cf77911209a183D:\Programme\Steam\steamapps\common\Football Manager 2013\fm.exeD:\Programme\Steam\steamapps\common\Football Manager 2013\fm.exee66e0d66-e38a-11e3-98f2-1c6f65902373


CodeIntegrity Errors:
===================================
  Date: 2014-05-28 03:19:28.095
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-28 03:19:27.970
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-28 03:19:27.861
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-28 03:19:27.752
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-27 12:44:17.957
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-27 12:44:17.837
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 8183.43 MB
Available physical RAM: 6255.45 MB
Total Pagefile: 16365.04 MB
Available Pagefile: 14203.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.07 GB) (Free:21.94 GB) NTFS
Drive d: () (Fixed) (Total:1786.84 GB) (Free:1220.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 82334871)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=76 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-280416485376) - (Type=07 NTFS)

==================== End Of Log ============================
MfG

Nachtvogel

Geändert von Nachtvogel (28.05.2014 um 03:17 Uhr)

Alt 29.05.2014, 01:24   #6
Bootsektor
Ruhe in Frieden
† 2019
 
Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her - Standard

Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her


Hallo Nachtvogel,

das schaut gut aus

Hast du denn momentan noch Probleme mit dem Rechner?

Schritt 1
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
--> Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her

Antwort

Themen zu Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her
adobe, amplitude, antivir, antivirus, association, avira, defender, explorer, firefox, flash player, home, homepage, mozilla, newtab, problem, realtek, registry, rundll, scan, secur, security, services.exe, software, super, svchost.exe, system, temp, usb, vcredist, windows


« Interpol Trojaner auf Windows 7 64 bit Rechner, Abgesicherter Modus geht nicht | Windows 7: Avira wird blockiert »


Ähnliche Themen: Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her


  1. Proxy stellt sich immer auf 127.0.0.1:9880 nach hijack durch websearches
    Log-Analyse und Auswertung - 08.11.2014 (11)
  2. Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut.
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (20)
  3. Bitcoin Virus, wincpu.exe stellt sich immer wieder her : Benutzer/appdata/local/temp/64
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (11)
  4. Hilfe ! Iminent kann nicht gelöscht werden und stellt sich immer wieder als Startseite ein
    Plagegeister aller Art und deren Bekämpfung - 28.10.2013 (11)
  5. Bitcoin Miner in svhost.exe erscheint nach Neustart wieder
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (27)
  6. Viren erscheint nach Neustart immer wieder (setup.....)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2011 (41)
  7. Virus bildet sich immer wieder neu! Was tun?
    Log-Analyse und Auswertung - 10.11.2010 (3)
  8. Virus Win 32: Kates-CX stellt sich nach Beseitigung sofort wieder her!
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (23)
  9. Farbschema ? stellt sich nicht wieder zurück...
    Alles rund um Windows - 05.09.2010 (1)
  10. Virus der sich immer wieder installiert!
    Antiviren-, Firewall- und andere Schutzprogramme - 28.05.2010 (10)
  11. schlimmer virus, explorer öffnet sich immer wieder...
    Log-Analyse und Auswertung - 31.03.2010 (8)
  12. Immer wieder PC Neustart
    Log-Analyse und Auswertung - 13.08.2009 (16)
  13. [Hilfe]Tronajer kommt nach neustart immer wieder!
    Log-Analyse und Auswertung - 15.04.2009 (0)
  14. Bei mir kommt Bluescreen und danach Neustart immer wieder
    Alles rund um Windows - 02.02.2009 (3)
  15. Laptop stellt sich selbst aus und fährt wieder hoch
    Netzwerk und Hardware - 21.10.2008 (8)
  16. Virus stellt sich immer wieder her und verdopplet sich!!!
    Mülltonne - 12.09.2008 (0)
  17. immer wieder PC-Neustart, bin ratlos - bitte um Hilfe
    Alles rund um Windows - 13.11.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her - Hi, ich habe seit einigen Wochen das Problem, dass Antivir mir einen Bitcoin-Virus anzeigt. Dieser kommt bei jedem Neustart wieder. Pfad : D:\Nachtvogel\AppData\Local\Temp\64\wincpu.exe FRST-Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan - Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her...
Archiv
Du betrachtest: Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55