Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Log-Analyse und Auswertung: Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 01.06.2014, 11:46   #1
Calinjar
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Hallo liebe User,


zu meinem Problem:

Mein Computer ist jetzt etwa 3-4 Jahre alt und lief nahezu einwandfrei, abgesehen von einigen Treiberupdates die ich machen musste. Ich benutze den Laptop hauptsächlich zum Spielen oder zum Surfen. Ich bin kein Computerexperte aber manche Kniffe oder Probleme versuche ich meist selbst zu beheben.
Nun hatte sich der Laptop vor ca. 2 Wochen aufgehangen während er über Firefox Musik abspielte, was ich allerdings erst 1 bis 2 Stunden später bemerkte. Um die Leistung für's Spielen optimiert zu halten war die CPU-Mindesleistung stetig auf 100% gestellt und zwischen 1 und 2 GB auf die Fesplatte ausgelagert. Der Akku ist draussen, benutze den Laptop nur am Netzteil.
Seit dem Absturz hat der PC einen erhöhten CPU Verbrauch als vorher, im Ruhezustand beträgt die Auslastung zwischen 5 und 20%, beim Starten von Programmen steigt sie kurz um bis zu 80% - also teilweise auf 100% - bis sie sich irgendwo in der Mitte einpendelt. Videos auf hoher Qualität erzeugen regelmäßige Ruckler und anforderungshohe Spiele sind aufgrund der Hänger nahezu unspielbar. Ich glaube auch, dass seit dem Vorfall vermehrte "svchost.exe"-Prozesse im Prozess Explorer aufgetaucht sind oder jedenfalls mehr CPU beanspruchen.
Ich habe den Staub entfernt und versucht durch Systemzurücksetzung das Problem zu beheben, jedoch ohne Erfolg. Die Temperaturen von GPU und CPU liegen im Leerlauf zwischen 40 und 60°, beim Arbeiten/Spielen ca. zwischen 60 und 80°. Ich habe Dienste aus dem Systemstart gestrichen und einige Programme deinstalliert, jedoch ohne positive Resonanz. Neuinstallationen einiger Treiber ebenfalls ohne Erfolg.
Meine Frage ist nun: Ist der Rechner noch zu retten oder hat er irreparable Schäden davon getragen?

-Beim Aufräumen der Registry und der installierten Programme bin ich auch auf einige Einträge bereits deinstallierter Programme gestoßen, die sich nicht löschen lassen(Avira,Fancy Start daemon,Hamachi). Ebenso kann ich Viren nicht ausschließen, habe noch alte Programme installiert die Sicherheitslücken darstellen könnten (z.B. Java). Ein Scan durch mein Antivirenprogramm und Malwarebytes zeigten jedoch nichts an.
Ich hoffe Ihr könnt mir helfen die Möglichkeiten auszuschließen, sodass ich weiß wo ich dran bin. Einen Fehler an der Grafikkarte kann ich auch nicht ausschließen.

Zu meinem Laptop:

Asus X53T Series
Mainboard: ASUSTeK K53Z
Prozessor: AMD A4-3300M mit Radeon HD Graphics (Der Aufkleber sagt HD 6650M - 1GB)
Arbeitsspeicher: 4096 MB Ram nach Dxdiag, 3562 nach CPU-Z
Betriebssystem: Windows 7 Home Premium 64 Bit
Antivirus: Microsoft Security Essentials, ehemals Antivir (bis ~Ende 2013)
Bios: American Megatrends Version 206 vom 20.07.11


Vielen Dank für's Bearbeiten,
Sebastian

Alt 01.06.2014, 13:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 01.06.2014, 20:06   #3
Calinjar
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Danke für's schnelle Antworten. Soll ich die Scans in meinem Standartprofil ausführen oder als Administrator?

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Internet (ATTENTION: The logged in user is not administrator) on CPU on 01-06-2014 20:57:14
Running from C:\Users\Internet\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\RunOnce: [LaunchWebURL] - C:\ProgramData\LaunchURL.bat [133 2014-06-01] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
IFEO\taskmgr.exe: [Debugger] "C:\USERS\INTERNET\DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={1A78135B-1E88-4A03-A9DF-1A01DFABCC8C}&mid=af14fa18a2034553acf6ec4cbb2f1136-4c4bfe203a1c5bd611b7ff0c6e590c69bc93170c&lang=de&ds=hk011&pr=sa&d=2012-07-10 22:59:03&v=11.1.0.12&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {58253FDF-36F1-4530-A042-44509538C8EE} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
SearchScopes: HKCU - {58253FDF-36F1-4530-A042-44509538C8EE} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={1A78135B-1E88-4A03-A9DF-1A01DFABCC8C}&mid=af14fa18a2034553acf6ec4cbb2f1136-4c4bfe203a1c5bd611b7ff0c6e590c69bc93170c&lang=de&ds=hk011&pr=sa&d=2012-07-10 22:59:03&v=11.1.0.12&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.ch/search?q=
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: WOT - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-06-04]
FF Extension: NoScript - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-16]
FF Extension: Adblock Plus - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-14]
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-05]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-12]
CHR Extension: (Google Drive) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-12]
CHR Extension: (YouTube) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11]
CHR Extension: (Google-Suche) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-12]
CHR Extension: (Google Wallet) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-05]
CHR Extension: (Google Mail) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02]

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
S4 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-25] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-06] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RivaTuner64; \??\D:\RivaTuner v2.24\RivaTuner64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 20:57 - 2014-06-01 20:57 - 00017581 _____ () C:\Users\Internet\Desktop\FRST.txt
2014-06-01 20:57 - 2014-06-01 20:57 - 00000000 ____D () C:\FRST
2014-06-01 20:55 - 2014-06-01 20:56 - 02067456 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2014-06-01 15:35 - 2014-06-01 15:37 - 31419822 _____ () C:\Users\Internet\Downloads\JDownloader.zip
2014-06-01 12:54 - 2014-06-01 12:54 - 00000000 ____D () C:\Users\Internet\Documents\zips
2014-06-01 11:52 - 2014-06-01 11:52 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\Program Files\CPUID
2014-06-01 11:51 - 2014-06-01 11:52 - 01496480 _____ ( ) C:\Users\Internet\Downloads\cpu-z_1.692-setup-en.exe
2014-06-01 11:21 - 2014-06-01 11:21 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe
2014-06-01 11:17 - 2014-06-01 11:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 11:17 - 2014-06-01 11:17 - 00000617 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-01 11:17 - 2014-06-01 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-01 11:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-01 11:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-01 11:15 - 2014-06-01 11:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 09:19 - 2011-08-18 05:44 - 00053376 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-06-01 09:14 - 2014-06-01 09:14 - 00000133 _____ () C:\ProgramData\LaunchURL.bat
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-06-01 08:26 - 2014-06-01 08:26 - 00000000 ____D () C:\ProgramData\ATI
2014-06-01 08:13 - 2014-06-01 08:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-01 08:10 - 2014-06-01 08:12 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-01 08:10 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI
2014-05-29 12:42 - 2014-05-29 12:42 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-29 00:44 - 2014-05-29 00:44 - 00000000 ____D () C:\Users\Internet\AppData\Local\WinZip
2014-05-29 00:29 - 2014-05-29 00:43 - 197334425 _____ () C:\Users\Internet\Downloads\We are the Underdogs - Sound of the Underground Vol I.zip
2014-05-28 10:41 - 2014-05-28 10:41 - 00002269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00002263 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Internet\Documents\processexplorer
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 10:40 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 10:40 - 2014-05-28 10:41 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 10:28 - 2014-05-28 10:28 - 01243655 _____ () C:\Users\Internet\Downloads\ProcessExplorer.zip
2014-05-28 09:43 - 2014-05-28 09:43 - 00001266 _____ () C:\Users\Andrea\Desktop\Revo Uninstaller.lnk
2014-05-28 09:43 - 2014-05-28 09:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-28 09:42 - 2014-05-28 09:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe
2014-05-27 18:21 - 2014-05-27 18:21 - 00010736 _____ () C:\Users\Internet\Documents\cc_20140527_182153.reg
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Atheros
2014-05-20 00:56 - 2014-05-25 19:15 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-05-20 00:56 - 2014-05-20 00:56 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Atheros
2014-05-20 00:52 - 2014-05-20 00:53 - 179393762 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_AW_Compal_Win7_64_Z74098.zip
2014-05-19 23:45 - 2014-05-19 23:45 - 00000000 ____D () C:\Users\Andrea\Documents\Bluetooth Folder
2014-05-19 23:43 - 2014-05-19 23:43 - 00000000 ____D () C:\temp
2014-05-19 23:41 - 2014-05-19 23:42 - 179393768 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_Win7_64_Z74098.zip
2014-05-19 20:17 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieUserList
2014-05-19 20:17 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieSiteList
2014-05-19 20:14 - 2014-05-19 20:14 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61[1].zip
2014-05-19 20:13 - 2014-05-19 20:13 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61.zip
2014-05-15 17:21 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 17:21 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 17:21 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 17:21 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 17:21 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 17:21 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 17:30 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:30 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:30 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:30 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:30 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:30 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:30 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:30 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:30 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:30 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:30 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:30 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:30 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:30 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:30 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:30 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:30 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-10 22:29 - 2014-06-01 12:50 - 00000000 ____D () C:\Users\Internet\AppData\Local\Warframe
2014-05-10 22:27 - 2014-05-10 22:27 - 00331776 _____ () C:\Users\Internet\Downloads\Warframe.msi
2014-05-10 03:52 - 2014-05-10 09:34 - 00000000 ____D () C:\Users\Internet\AppData\Local\Mozilla Firefox
2014-05-07 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 03:01 - 2014-05-16 01:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-02 13:50 - 2014-05-02 13:50 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\TERA
2014-05-02 13:48 - 2014-05-02 13:48 - 15366160 _____ (Gameforge Productions GmbH ) C:\Users\Internet\Downloads\TERASetup(1).exe
2014-05-02 13:45 - 2014-05-02 13:46 - 15366160 _____ (Gameforge Productions GmbH ) C:\Users\Internet\Downloads\TERASetup.exe

==================== One Month Modified Files and Folders =======

2014-06-01 20:57 - 2014-06-01 20:57 - 00017581 _____ () C:\Users\Internet\Desktop\FRST.txt
2014-06-01 20:57 - 2014-06-01 20:57 - 00000000 ____D () C:\FRST
2014-06-01 20:57 - 2011-09-30 19:29 - 00000000 ____D () C:\Users\Internet\AppData\Local\Temp
2014-06-01 20:56 - 2014-06-01 20:55 - 02067456 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2014-06-01 20:54 - 2011-07-24 05:59 - 01103968 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 20:52 - 2011-04-13 04:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 20:49 - 2013-08-01 01:26 - 00147436 _____ () C:\Windows\PFRO.log
2014-06-01 20:49 - 2013-07-25 23:23 - 00044056 _____ () C:\Windows\setupact.log
2014-06-01 20:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-06-01 15:37 - 2014-06-01 15:35 - 31419822 _____ () C:\Users\Internet\Downloads\JDownloader.zip
2014-06-01 15:02 - 2011-04-13 04:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 12:54 - 2014-06-01 12:54 - 00000000 ____D () C:\Users\Internet\Documents\zips
2014-06-01 12:54 - 2013-12-01 21:23 - 00000000 ____D () C:\Users\Internet\Documents\Downloads1
2014-06-01 12:53 - 2013-12-29 13:27 - 00000000 ____D () C:\Users\Internet\Documents\Karten
2014-06-01 12:50 - 2014-05-10 22:29 - 00000000 ____D () C:\Users\Internet\AppData\Local\Warframe
2014-06-01 12:38 - 2013-05-06 02:20 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-01 11:52 - 2014-06-01 11:52 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\Program Files\CPUID
2014-06-01 11:52 - 2014-06-01 11:51 - 01496480 _____ ( ) C:\Users\Internet\Downloads\cpu-z_1.692-setup-en.exe
2014-06-01 11:21 - 2014-06-01 11:21 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe
2014-06-01 11:18 - 2014-06-01 11:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 11:17 - 2014-06-01 11:17 - 00000617 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-01 11:17 - 2014-06-01 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-01 11:17 - 2013-05-27 05:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 11:16 - 2014-06-01 11:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 10:30 - 2013-08-06 00:39 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\uTorrent
2014-06-01 10:14 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 10:14 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 09:21 - 2013-10-29 23:45 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-01 09:14 - 2014-06-01 09:14 - 00000133 _____ () C:\ProgramData\LaunchURL.bat
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-06-01 09:09 - 2011-08-17 23:00 - 00000000 ____D () C:\Users\Andrea
2014-06-01 09:06 - 2011-09-30 19:29 - 00000000 ____D () C:\Users\Internet
2014-06-01 09:05 - 2013-05-06 02:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-06-01 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-01 09:04 - 2012-09-26 01:01 - 00000000 ____D () C:\AMD
2014-06-01 08:26 - 2014-06-01 08:26 - 00000000 ____D () C:\ProgramData\ATI
2014-06-01 08:13 - 2014-06-01 08:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-01 08:13 - 2011-07-24 06:12 - 00000000 ____D () C:\ProgramData\AMD
2014-06-01 08:12 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-01 08:10 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI
2014-06-01 02:43 - 2012-09-26 00:34 - 00000352 _____ () C:\Windows\Tasks\Driver Robot.job
2014-06-01 00:17 - 2011-02-19 06:24 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2014-06-01 00:17 - 2011-02-19 06:24 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2014-06-01 00:17 - 2009-07-14 07:13 - 01652996 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 20:30 - 2012-09-29 16:27 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Spotify
2014-05-31 20:09 - 2012-09-29 16:28 - 00000000 ____D () C:\Users\Internet\AppData\Local\Spotify
2014-05-31 18:53 - 2012-09-27 22:34 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\SoftGrid Client
2014-05-31 17:03 - 2014-03-09 14:43 - 00000000 ____D () C:\Users\Internet\Documents\Bewerbungsunterlagen
2014-05-31 16:20 - 2013-11-10 11:42 - 00000000 ____D () C:\Users\Internet\AppData\Local\Battle.net
2014-05-29 12:42 - 2014-05-29 12:42 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-29 00:44 - 2014-05-29 00:44 - 00000000 ____D () C:\Users\Internet\AppData\Local\WinZip
2014-05-29 00:43 - 2014-05-29 00:29 - 197334425 _____ () C:\Users\Internet\Downloads\We are the Underdogs - Sound of the Underground Vol I.zip
2014-05-28 10:41 - 2014-05-28 10:41 - 00002269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00002263 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Internet\Documents\processexplorer
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 10:41 - 2014-05-28 10:40 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 10:41 - 2014-05-28 10:40 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 10:28 - 2014-05-28 10:28 - 01243655 _____ () C:\Users\Internet\Downloads\ProcessExplorer.zip
2014-05-28 10:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-05-28 10:00 - 2011-07-24 06:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 09:43 - 2014-05-28 09:43 - 00001266 _____ () C:\Users\Andrea\Desktop\Revo Uninstaller.lnk
2014-05-28 09:43 - 2014-05-28 09:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-28 09:42 - 2014-05-28 09:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe
2014-05-27 18:21 - 2014-05-27 18:21 - 00010736 _____ () C:\Users\Internet\Documents\cc_20140527_182153.reg
2014-05-27 17:52 - 2014-04-16 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
2014-05-27 17:52 - 2012-04-14 21:18 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-27 17:52 - 2011-04-13 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 17:52 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-27 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 17:51 - 2011-08-27 15:46 - 00000000 __RHD () C:\MSOCache
2014-05-27 17:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-05-25 19:15 - 2014-05-20 00:56 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-05-21 11:33 - 2012-07-27 22:27 - 00058520 _____ () C:\Users\Internet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-20 17:20 - 2013-10-29 02:10 - 00000000 ____D () C:\Users\Internet\Desktop\Andrej's Mukke
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Atheros
2014-05-20 00:56 - 2014-05-20 00:56 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Atheros
2014-05-20 00:53 - 2014-05-20 00:52 - 179393762 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_AW_Compal_Win7_64_Z74098.zip
2014-05-19 23:45 - 2014-05-19 23:45 - 00000000 ____D () C:\Users\Andrea\Documents\Bluetooth Folder
2014-05-19 23:43 - 2014-05-19 23:43 - 00000000 ____D () C:\temp
2014-05-19 23:42 - 2014-05-19 23:41 - 179393768 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_Win7_64_Z74098.zip
2014-05-19 20:27 - 2014-05-19 20:17 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieUserList
2014-05-19 20:27 - 2014-05-19 20:17 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieSiteList
2014-05-19 20:14 - 2014-05-19 20:14 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61[1].zip
2014-05-19 20:13 - 2014-05-19 20:13 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61.zip
2014-05-16 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 13:31 - 2014-02-20 02:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 13:31 - 2014-02-20 02:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 13:28 - 2011-09-30 19:29 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 13:28 - 2011-09-30 19:29 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:26 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 17:20 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 17:17 - 2011-08-29 20:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 19:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-12 07:26 - 2014-06-01 11:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-01 11:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2013-05-27 05:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 22:31 - 2014-04-16 17:24 - 00035506 _____ () C:\Windows\DirectX.log
2014-05-10 22:27 - 2014-05-10 22:27 - 00331776 _____ () C:\Users\Internet\Downloads\Warframe.msi
2014-05-10 09:34 - 2014-05-10 03:52 - 00000000 ____D () C:\Users\Internet\AppData\Local\Mozilla Firefox
2014-05-09 08:14 - 2014-05-14 17:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 17:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 03:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 06:40 - 2014-05-15 17:21 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 17:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 17:21 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 17:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 17:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 17:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 13:50 - 2014-05-02 13:50 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\TERA
2014-05-02 13:48 - 2014-05-02 13:48 - 15366160 _____ (Gameforge Productions GmbH ) C:\Users\Internet\Downloads\TERASetup(1).exe
2014-05-02 13:46 - 2014-05-02 13:45 - 15366160 _____ (Gameforge Productions GmbH ) C:\Users\Internet\Downloads\TERASetup.exe

Files to move or delete:
====================
C:\ProgramData\LaunchURL.bat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by Internet at 2014-06-01 20:58:08
Running from C:\Users\Internet\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F37A899E-1745-52F5-658F-9A4DA4D46BB7}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.8 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.0 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.28 - DivX, LLC)
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Free Audio Converter version 5.0.30.1029 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version:  - )
Mozilla Firefox 29.0.1 (x86 de) (HKCU\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Opera 12.15 (HKCU\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Pokemon Online 2.0.07 (HKCU\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version:  - Dreambelievers)
QuickSteuer 2013 (HKLM-x32\...\{500342C9-CCD5-4335-89AE-C8A65C0A153B}) (Version: 19.00.00.0032 - Haufe-Lexware GmbH & Co.KG)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6373 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rogue Legacy (HKLM-x32\...\GOGPACKROGUELEGACY_is1) (Version: 2.0.0.4 - GOG.com)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.2 - ASUS)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Driver Robot.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:F5C65E7BFD4D0A27
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AFBAgent => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CryptSvc => 3
MSCONFIG\Services: cvhsvc => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fsssvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: StartCCC => "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: USBChargerPlusTray => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

==================== Faulty Device Manager Devices =============

Name: ASUS USB2.0 WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 03:18:19 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (06/01/2014 03:18:19 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (06/01/2014 00:52:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/01/2014 08:16:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FBAgent.exe, Version: 1.0.9.0, Zeitstempel: 0x4d3e6927
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x528
Startzeit der fehlerhaften Anwendung: 0xFBAgent.exe0
Pfad der fehlerhaften Anwendung: FBAgent.exe1
Pfad des fehlerhaften Moduls: FBAgent.exe2
Berichtskennung: FBAgent.exe3

Error: (06/01/2014 07:52:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/27/2014 05:46:14 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (05/22/2014 01:26:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/22/2014 01:26:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/21/2014 01:14:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/21/2014 02:47:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0xbc8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3


System errors:
=============
Error: (06/01/2014 08:57:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:57:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:57:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:57:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:57:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:57:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (06/01/2014 08:52:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (06/01/2014 03:18:19 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (06/01/2014 03:18:19 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (06/01/2014 00:52:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Internet\Documents\Downloads1\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe

Error: (06/01/2014 08:16:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FBAgent.exe1.0.9.04d3e6927ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410252801cf7d60efd4ffe1C:\Windows\system32\FBAgent.exeC:\Windows\SYSTEM32\ntdll.dll507a4cf5-e954-11e3-9896-14dae99f8d0d

Error: (06/01/2014 07:52:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Internet\Documents\Downloads1\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe

Error: (05/27/2014 05:46:14 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (05/22/2014 01:26:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Internet\Documents\Downloads1\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe

Error: (05/22/2014 01:26:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Internet\Documents\Downloads1\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe

Error: (05/21/2014 01:14:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/21/2014 02:47:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102bc801cf7485089c2ce1C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll7ee204c2-e081-11e3-86c5-14dae99f8d0d


CodeIntegrity Errors:
===================================
  Date: 2014-02-25 23:09:19.858
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:09:19.615
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:09:18.163
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:09:17.922
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:09:16.668
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:09:16.422
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:09:15.176
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:09:14.932
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:08:57.938
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-25 23:08:57.700
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\RivaTuner v2.24\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3560.91 MB
Available physical RAM: 2064.63 MB
Total Pagefile: 7120 MB
Available Pagefile: 5671.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:200.28 GB) (Free:99.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:240.48 GB) (Free:146.44 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Schönen Sonntag noch.
__________________
Alt 02.06.2014, 18:35   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Unsere Tools brauchen immer Adminrechte.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.06.2014, 20:05   #5
Calinjar
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Hallo. Bei dem Scan traten ein oder mehrer Fehler auf, möglicherweise durch mein eigenes Verschulden.
Ich hätte meine obige Frage präziser formulieren sollen: Muss ich bei den Scans im Administratorprofil sein oder reicht es aus wenn ich mein zweites Benutzerprofil verwende und den entsprechenden Tools die Rechte zur Verfügung stelle?
Habe nämlich letzteres getan und mein Antivirenprogramm nicht über den Systemstart deaktiviert sondern lediglich den Live-Scan ausgestellt, möglicherweise der nächste Fehler.

Zu den Fehlern:
Nach dem eingeleiteten Systemneustart von ComboFix habe ich mich in mein zweites Benutzerprofil eingeloggt(kein Admin) und es haben sich ständig eine oder mehrere "Dos"-ähnliche Fenster geöffnet und sofort wieder geschlossen bzw. könnten von etwas geschlossen worden sein. Ich meine teilweise den Namen Combofix gelesen zu haben und den blauen Hintergrund des Programms. Die Fenster gingen so schnell und unerhört auf und zu, dass es bei einem Epileptiker einen Anfall hätte auslösen können. Unten rechts in der Taskbar erschien und verschwand in längeren Abschnitten das DE Symbol. Nachdem ich im Internet nichts über einen solchen Fehler finden konnte, habe ich nach ca. einer halben Stunde den Benutzer über den Task-Manager abgemeldet und mich in das Admin-Profil eingeloggt. Anschließen öffnete sich ein ComboFix-Fenster nebst einigen Systemstart Programmen(IE und ein Registrierungstool von Asus, den IE entschloss ich zu schließen). Die LogFile habe ich trotzdem bekommen, weiß nur nicht ob das auswertbar ist. Der komplette Vorgang hat ca. 50 Minuten gedauert, ich denke aufgrund der Fehler. -.-
Entschuldige bitte meine Unerfahrenheit und gib mir weitere Anweisungen, z.B. nochmal zu scannen.

Hier die LogFile:
Code:
ATTFilter
ComboFix 14-05-29.01 - Andrea 02.06.2014  19:55:18.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3561.2316 [GMT 2:00]
ausgeführt von:: c:\users\Internet\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-02 bis 2014-06-02  ))))))))))))))))))))))))))))))
.
.
2014-06-02 18:02 . 2014-06-02 18:44	--------	d-----w-	c:\users\Andrea\AppData\Local\temp
2014-06-02 12:21 . 2014-06-02 12:21	--------	d-----w-	c:\users\Internet\AppData\Local\DDMSettings
2014-06-02 05:13 . 2014-06-02 05:13	--------	d-----w-	c:\users\Internet\AppData\Roaming\MOVAVI
2014-06-02 05:13 . 2014-06-02 05:13	--------	d-----w-	c:\users\Internet\AppData\Local\Movavi
2014-06-02 02:10 . 2014-06-02 02:10	--------	d-----w-	c:\users\Andrea\AppData\Roaming\BitTorrent
2014-06-02 02:08 . 2014-06-02 13:24	--------	d-----w-	c:\users\Internet\AppData\Roaming\BitTorrent
2014-06-01 19:01 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BAF7851-9380-420F-B308-179617567A52}\mpengine.dll
2014-06-01 18:57 . 2014-06-01 18:58	--------	d-----w-	C:\FRST
2014-06-01 09:52 . 2014-06-01 09:52	--------	d-----w-	c:\program files\CPUID
2014-06-01 09:17 . 2014-06-01 09:18	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-01 09:17 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-06-01 09:17 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-06-01 07:19 . 2011-08-18 03:44	53376	----a-w-	c:\windows\system32\drivers\usbfilter.sys
2014-06-01 07:14 . 2014-06-01 07:14	--------	d-----w-	c:\program files (x86)\AMD APP
2014-06-01 07:14 . 2014-06-01 07:14	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2014-06-01 07:14 . 2014-06-01 07:14	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2014-06-01 06:26 . 2014-06-01 06:26	--------	d-----w-	c:\programdata\ATI
2014-06-01 06:13 . 2014-06-01 06:13	--------	d-----w-	c:\program files (x86)\AMD AVT
2014-06-01 06:10 . 2014-06-01 06:10	--------	d-----w-	c:\program files\ATI
2014-06-01 06:10 . 2014-06-01 06:12	--------	d-----w-	c:\program files\ATI Technologies
2014-05-31 08:43 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-28 22:44 . 2014-05-28 22:44	--------	d-----w-	c:\users\Internet\AppData\Local\WinZip
2014-05-28 08:41 . 2014-05-28 08:41	--------	d-----w-	c:\users\Andrea\AppData\Local\WinZip
2014-05-28 08:40 . 2014-05-28 08:41	--------	d-----w-	c:\programdata\WinZip
2014-05-28 08:40 . 2014-05-28 08:41	--------	d-----w-	c:\program files\WinZip
2014-05-28 07:43 . 2014-05-28 07:43	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-05-27 16:06 . 2014-05-02 16:19	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75766166-8847-4700-A83D-FC02EE5E1119}\gapaengine.dll
2014-05-19 23:03 . 2014-05-19 23:03	--------	d-----w-	c:\users\Internet\AppData\Roaming\Atheros
2014-05-19 22:56 . 2014-05-19 22:56	--------	d-----w-	c:\users\Andrea\AppData\Roaming\Atheros
2014-05-19 22:56 . 2014-05-19 22:56	--------	d-----w-	c:\program files (x86)\Common Files\Atheros
2014-05-19 22:56 . 2014-05-25 17:15	--------	d-----w-	c:\program files (x86)\Bluetooth Suite
2014-05-19 22:51 . 2014-05-19 22:53	--------	d-----w-	c:\users\Andrea\AppData\Local\CrashDumps
2014-05-19 21:43 . 2014-05-19 21:43	--------	d-----w-	C:\temp
2014-05-19 18:27 . 2014-06-02 10:52	--------	d-sh--w-	c:\users\Andrea\AppData\Local\EmieSiteList
2014-05-19 18:27 . 2014-05-19 18:27	--------	d-sh--w-	c:\users\Andrea\AppData\Local\EmieUserList
2014-05-19 18:17 . 2014-05-19 18:27	--------	d-sh--w-	c:\users\Internet\AppData\Local\EmieUserList
2014-05-19 18:17 . 2014-05-19 18:27	--------	d-sh--w-	c:\users\Internet\AppData\Local\EmieSiteList
2014-05-15 15:21 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-15 15:21 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-15 15:21 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-15 15:21 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-10 20:29 . 2014-06-01 10:50	--------	d-----w-	c:\users\Internet\AppData\Local\Warframe
2014-05-10 01:52 . 2014-06-02 14:16	--------	d-----w-	c:\users\Internet\AppData\Local\Mozilla Firefox
2014-05-07 01:02 . 2014-03-06 06:00	359936	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2014-05-07 01:02 . 2014-03-06 05:50	257536	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2014-05-07 01:02 . 2014-03-06 08:32	574976	----a-w-	c:\windows\system32\ieui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 11:31 . 2014-02-20 00:42	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 11:31 . 2014-02-20 00:42	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 15:17 . 2011-08-29 18:00	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-12 05:25 . 2013-05-27 03:45	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-02 16:19 . 2013-08-22 22:51	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-11 07:52 . 2013-01-20 13:59	133928	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 18:29	297128	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RivaTuner64;RivaTuner64;d:\rivatuner v2.24\RivaTuner64.sys;d:\rivatuner v2.24\RivaTuner64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-27 21:05	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-20 16:08	357432	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-22 2226280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Zusätzlicher Suchlauf -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-02  20:50:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-02 18:50
.
Vor Suchlauf: 13 Verzeichnis(se), 104.486.621.184 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 105.214.558.208 Bytes frei
.
- - End Of File - - 44249A317298786CD595C7C973607BF9
A36C5E4F47E84449FF07ED3517B43A31

Geändert von Calinjar (02.06.2014 um 20:28 Uhr)

Alt 03.06.2014, 18:42   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?

Alt 04.06.2014, 20:10   #7
Calinjar
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.06.2014
Suchlauf-Zeit: 23:19:11
Logdatei: malwarescan 03.06.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.03.06
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Andrea

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 309386
Verstrichene Zeit: 27 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
PUP.Optional.Softonic.A, C:\Users\Internet\Downloads\SoftonicDownloader_for_peerguardian.exe, In Quarantäne, [b260254ff08b91a59322869bcd34956b], 

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ATTFilter
# AdwCleaner v3.211 - Bericht erstellt am 04/06/2014 um 17:10:01
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Andrea - CPU
# Gestartet von : C:\Users\Internet\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot
Ordner Gelöscht : C:\Users\Internet\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Internet\AppData\LocalLow\Search Settings
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_amnesia-the-dark-descent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_amnesia-the-dark-descent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Uniblue

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

[ Datei : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\xee21ss4.default\prefs.js ]


[ Datei : C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\prefs.js ]

Zeile gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Gelöscht [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Gelöscht [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Gelöscht [Extension] : pfndaklgolladniicklehhancnlgocpp

*************************

AdwCleaner[R0].txt - [5358 octets] - [04/06/2014 17:08:15]
AdwCleaner[S0].txt - [4948 octets] - [04/06/2014 17:10:01]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [5008 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Andrea on 04.06.2014 at 17:27:15,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1433357763-933051137-765875078-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r515-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r515-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r515-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r515-n-bf_RASMANCS



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho4BCB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6C9F.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Andrea\AppData\Roaming\getrighttogo"
Successfully deleted: [Empty Folder] C:\Users\Andrea\appdata\local\{81CB9472-E5E5-477E-898E-164B0B100489}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.06.2014 at 17:33:52,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Internet (ATTENTION: The logged in user is not administrator) on CPU on 04-06-2014 17:49:50
Running from C:\Users\Internet\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Mozilla Corporation) C:\Users\Internet\AppData\Local\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={1A78135B-1E88-4A03-A9DF-1A01DFABCC8C}&mid=af14fa18a2034553acf6ec4cbb2f1136-4c4bfe203a1c5bd611b7ff0c6e590c69bc93170c&lang=de&ds=hk011&pr=sa&d=2012-07-10 22:59:03&v=11.1.0.12&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {58253FDF-36F1-4530-A042-44509538C8EE} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={1A78135B-1E88-4A03-A9DF-1A01DFABCC8C}&mid=af14fa18a2034553acf6ec4cbb2f1136-4c4bfe203a1c5bd611b7ff0c6e590c69bc93170c&lang=de&ds=hk011&pr=sa&d=2012-07-10 22:59:03&v=11.1.0.12&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: WOT - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-06-04]
FF Extension: NoScript - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-16]
FF Extension: Adblock Plus - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\o2go81ah.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-14]
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-05]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Internet\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-12]
CHR Extension: (Google Drive) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-12]
CHR Extension: (YouTube) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-12]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11]
CHR Extension: (Google Search) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-12]
CHR Extension: (Google Wallet) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-05]
CHR Extension: (Gmail) - C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02]

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
S4 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-25] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-06] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RivaTuner64; \??\D:\RivaTuner v2.24\RivaTuner64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 17:49 - 2014-06-04 17:49 - 00000000 ____D () C:\Users\Internet\Desktop\FRST-OlderVersion
2014-06-04 17:42 - 2014-06-04 17:42 - 00001286 _____ () C:\Users\Internet\Desktop\malwarescan 03.06.txt
2014-06-04 17:33 - 2014-06-04 17:33 - 00002152 _____ () C:\Users\Andrea\Desktop\JRT.txt
2014-06-04 17:27 - 2014-06-04 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:25 - 2014-06-04 17:25 - 01016261 _____ (Thisisu) C:\Users\Internet\Desktop\JRT.exe
2014-06-04 17:08 - 2014-06-04 17:10 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 23:18 - 2014-06-03 23:18 - 01327971 _____ () C:\Users\Internet\Desktop\adwcleaner_3.211.exe
2014-06-03 23:17 - 2014-06-04 17:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 23:17 - 2014-06-03 23:17 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 23:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 23:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 23:15 - 2014-06-03 23:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-02 20:50 - 2014-06-04 17:50 - 00000000 ____D () C:\Users\Internet\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00016234 _____ () C:\ComboFix.txt
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 19:52 - 2014-06-02 20:50 - 00000000 ____D () C:\Qoobox
2014-06-02 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 19:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 19:51 - 2014-06-02 20:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 19:45 - 2014-06-02 19:45 - 05203398 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2014-06-02 14:21 - 2014-06-02 14:21 - 00000000 ____D () C:\Users\Internet\AppData\Local\DDMSettings
2014-06-02 12:48 - 2014-06-02 12:50 - 32680168 _____ (DVDVideoSoft Ltd. ) C:\Users\Internet\Downloads\FreeMP4VideoConverter-5.0.42.530.exe
2014-06-02 12:08 - 2014-06-02 12:08 - 00000000 ____D () C:\Users\Internet\AppData\Local\{C9A67DE0-4E90-42D5-B2B5-508B7483DE7A}
2014-06-02 07:13 - 2014-06-02 07:13 - 00004919 _____ () C:\ProgramData\uxxadbmu.rlu
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\MOVAVI
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Local\Movavi
2014-06-02 05:38 - 2014-06-02 05:39 - 00000000 ____D () C:\Users\Internet\Documents\Beauties
2014-06-02 05:13 - 2014-06-02 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-02 05:09 - 2014-06-02 05:09 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerBlock - CHIP-Installer.exe
2014-06-02 04:48 - 2014-06-02 04:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerGuardian - CHIP-Installer.exe
2014-06-02 04:10 - 2014-06-02 04:10 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BitTorrent
2014-06-02 04:08 - 2014-06-02 15:24 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\BitTorrent
2014-06-01 20:58 - 2014-06-01 20:58 - 00042013 _____ () C:\Users\Internet\Desktop\Addition.txt
2014-06-01 20:57 - 2014-06-04 17:49 - 00012514 _____ () C:\Users\Internet\Desktop\FRST.txt
2014-06-01 20:57 - 2014-06-04 17:49 - 00000000 ____D () C:\FRST
2014-06-01 20:55 - 2014-06-04 17:49 - 02068992 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2014-06-01 15:35 - 2014-06-01 15:37 - 31419822 _____ () C:\Users\Internet\Downloads\JDownloader.zip
2014-06-01 12:54 - 2014-06-01 12:54 - 00000000 ____D () C:\Users\Internet\Documents\zips
2014-06-01 11:52 - 2014-06-01 11:52 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\Program Files\CPUID
2014-06-01 11:51 - 2014-06-01 11:52 - 01496480 _____ ( ) C:\Users\Internet\Downloads\cpu-z_1.692-setup-en.exe
2014-06-01 11:21 - 2014-06-01 11:21 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe
2014-06-01 11:15 - 2014-06-01 11:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 09:19 - 2011-08-18 05:44 - 00053376 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-06-01 08:26 - 2014-06-01 08:26 - 00000000 ____D () C:\ProgramData\ATI
2014-06-01 08:13 - 2014-06-01 08:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-01 08:10 - 2014-06-01 08:12 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-01 08:10 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI
2014-05-29 12:42 - 2014-05-29 12:42 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-29 00:44 - 2014-05-29 00:44 - 00000000 ____D () C:\Users\Internet\AppData\Local\WinZip
2014-05-29 00:29 - 2014-05-29 00:43 - 197334425 _____ () C:\Users\Internet\Downloads\We are the Underdogs - Sound of the Underground Vol I.zip
2014-05-28 10:41 - 2014-05-28 10:41 - 00002269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00002263 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Internet\Documents\processexplorer
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 10:40 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 10:40 - 2014-05-28 10:41 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 10:28 - 2014-05-28 10:28 - 01243655 _____ () C:\Users\Internet\Downloads\ProcessExplorer.zip
2014-05-28 09:43 - 2014-05-28 09:43 - 00001266 _____ () C:\Users\Andrea\Desktop\Revo Uninstaller.lnk
2014-05-28 09:43 - 2014-05-28 09:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-28 09:42 - 2014-05-28 09:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe
2014-05-27 18:21 - 2014-05-27 18:21 - 00010736 _____ () C:\Users\Internet\Documents\cc_20140527_182153.reg
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Atheros
2014-05-20 00:56 - 2014-05-25 19:15 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-05-20 00:56 - 2014-05-20 00:56 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Atheros
2014-05-20 00:52 - 2014-05-20 00:53 - 179393762 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_AW_Compal_Win7_64_Z74098.zip
2014-05-19 23:45 - 2014-05-19 23:45 - 00000000 ____D () C:\Users\Andrea\Documents\Bluetooth Folder
2014-05-19 23:43 - 2014-05-19 23:43 - 00000000 ____D () C:\temp
2014-05-19 23:41 - 2014-05-19 23:42 - 179393768 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_Win7_64_Z74098.zip
2014-05-19 20:17 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieUserList
2014-05-19 20:17 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieSiteList
2014-05-19 20:14 - 2014-05-19 20:14 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61[1].zip
2014-05-19 20:13 - 2014-05-19 20:13 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61.zip
2014-05-15 17:21 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 17:21 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 17:21 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 17:21 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 17:21 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 17:21 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 17:30 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:30 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:30 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:30 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:30 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:30 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:30 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:30 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:30 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:30 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:30 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:30 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:30 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:30 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:30 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:30 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:30 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-10 22:29 - 2014-06-01 12:50 - 00000000 ____D () C:\Users\Internet\AppData\Local\Warframe
2014-05-10 22:27 - 2014-05-10 22:27 - 00331776 _____ () C:\Users\Internet\Downloads\Warframe.msi
2014-05-10 03:52 - 2014-06-02 16:16 - 00000000 ____D () C:\Users\Internet\AppData\Local\Mozilla Firefox
2014-05-07 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 03:01 - 2014-05-16 01:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-06-04 17:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Internet\AppData\Local\temp
2014-06-04 17:50 - 2014-06-01 20:57 - 00012514 _____ () C:\Users\Internet\Desktop\FRST.txt
2014-06-04 17:49 - 2014-06-04 17:49 - 00000000 ____D () C:\Users\Internet\Desktop\FRST-OlderVersion
2014-06-04 17:49 - 2014-06-01 20:57 - 00000000 ____D () C:\FRST
2014-06-04 17:49 - 2014-06-01 20:55 - 02068992 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2014-06-04 17:42 - 2014-06-04 17:42 - 00001286 _____ () C:\Users\Internet\Desktop\malwarescan 03.06.txt
2014-06-04 17:41 - 2011-04-13 04:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 17:36 - 2014-06-03 23:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 17:34 - 2013-04-05 19:24 - 00001364 _____ () C:\Users\Internet\Desktop\Mozilla Firefox.lnk
2014-06-04 17:33 - 2014-06-04 17:33 - 00002152 _____ () C:\Users\Andrea\Desktop\JRT.txt
2014-06-04 17:27 - 2014-06-04 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:25 - 2014-06-04 17:25 - 01016261 _____ (Thisisu) C:\Users\Internet\Desktop\JRT.exe
2014-06-04 17:19 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 17:19 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 17:16 - 2011-07-24 05:59 - 01251096 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 17:11 - 2013-08-01 01:26 - 00150578 _____ () C:\Windows\PFRO.log
2014-06-04 17:11 - 2013-07-25 23:23 - 00044616 _____ () C:\Windows\setupact.log
2014-06-04 17:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 17:10 - 2014-06-04 17:08 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:02 - 2011-04-13 04:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 06:14 - 2011-02-19 06:24 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 06:14 - 2011-02-19 06:24 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 06:14 - 2009-07-14 07:13 - 01652996 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 06:03 - 2013-11-10 11:42 - 00000000 ____D () C:\Users\Internet\AppData\Local\Battle.net
2014-06-04 02:21 - 2011-04-13 04:43 - 00000000 ____D () C:\Windows\el
2014-06-03 23:18 - 2014-06-03 23:18 - 01327971 _____ () C:\Users\Internet\Desktop\adwcleaner_3.211.exe
2014-06-03 23:17 - 2014-06-03 23:17 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 23:16 - 2014-06-03 23:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-02 20:50 - 2014-06-02 20:50 - 00016234 _____ () C:\ComboFix.txt
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 19:52 - 00000000 ____D () C:\Qoobox
2014-06-02 20:48 - 2014-06-02 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 20:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-02 19:45 - 2014-06-02 19:45 - 05203398 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2014-06-02 16:41 - 2009-07-14 06:45 - 00280408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-02 16:16 - 2014-05-10 03:52 - 00000000 ____D () C:\Users\Internet\AppData\Local\Mozilla Firefox
2014-06-02 15:24 - 2014-06-02 04:08 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\BitTorrent
2014-06-02 14:21 - 2014-06-02 14:21 - 00000000 ____D () C:\Users\Internet\AppData\Local\DDMSettings
2014-06-02 12:52 - 2013-11-22 17:50 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\DVDVideoSoft
2014-06-02 12:52 - 2013-11-22 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-02 12:52 - 2012-11-29 19:25 - 00000000 ____D () C:\Users\Internet\Documents\DVDVideoSoft
2014-06-02 12:52 - 2012-11-29 19:21 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\DVDVideoSoft
2014-06-02 12:50 - 2014-06-02 12:48 - 32680168 _____ (DVDVideoSoft Ltd. ) C:\Users\Internet\Downloads\FreeMP4VideoConverter-5.0.42.530.exe
2014-06-02 12:13 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-02 12:08 - 2014-06-02 12:08 - 00000000 ____D () C:\Users\Internet\AppData\Local\{C9A67DE0-4E90-42D5-B2B5-508B7483DE7A}
2014-06-02 07:13 - 2014-06-02 07:13 - 00004919 _____ () C:\ProgramData\uxxadbmu.rlu
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\MOVAVI
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Local\Movavi
2014-06-02 07:13 - 2012-07-27 22:27 - 00058928 _____ () C:\Users\Internet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 06:33 - 2011-03-07 12:16 - 00000000 ____D () C:\Users\Internet\Desktop\JDownloader
2014-06-02 05:39 - 2014-06-02 05:38 - 00000000 ____D () C:\Users\Internet\Documents\Beauties
2014-06-02 05:13 - 2014-06-02 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-02 05:09 - 2014-06-02 05:09 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerBlock - CHIP-Installer.exe
2014-06-02 04:48 - 2014-06-02 04:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerGuardian - CHIP-Installer.exe
2014-06-02 04:10 - 2014-06-02 04:10 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BitTorrent
2014-06-01 20:58 - 2014-06-01 20:58 - 00042013 _____ () C:\Users\Internet\Desktop\Addition.txt
2014-06-01 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-06-01 15:37 - 2014-06-01 15:35 - 31419822 _____ () C:\Users\Internet\Downloads\JDownloader.zip
2014-06-01 12:54 - 2014-06-01 12:54 - 00000000 ____D () C:\Users\Internet\Documents\zips
2014-06-01 12:54 - 2013-12-01 21:23 - 00000000 ____D () C:\Users\Internet\Documents\Downloads1
2014-06-01 12:53 - 2013-12-29 13:27 - 00000000 ____D () C:\Users\Internet\Documents\Karten
2014-06-01 12:50 - 2014-05-10 22:29 - 00000000 ____D () C:\Users\Internet\AppData\Local\Warframe
2014-06-01 12:38 - 2013-05-06 02:20 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-01 11:52 - 2014-06-01 11:52 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\Program Files\CPUID
2014-06-01 11:52 - 2014-06-01 11:51 - 01496480 _____ ( ) C:\Users\Internet\Downloads\cpu-z_1.692-setup-en.exe
2014-06-01 11:21 - 2014-06-01 11:21 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe
2014-06-01 11:17 - 2013-05-27 05:46 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Malwarebytes
2014-06-01 11:17 - 2013-05-27 05:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 11:16 - 2014-06-01 11:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 10:30 - 2013-08-06 00:39 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\uTorrent
2014-06-01 09:21 - 2013-10-29 23:45 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-06-01 09:09 - 2011-08-17 23:00 - 00000000 ____D () C:\Users\Andrea
2014-06-01 09:06 - 2011-09-30 19:29 - 00000000 ____D () C:\Users\Internet
2014-06-01 09:05 - 2013-05-06 02:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-06-01 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-01 09:04 - 2012-09-26 01:01 - 00000000 ____D () C:\AMD
2014-06-01 08:26 - 2014-06-01 08:26 - 00000000 ____D () C:\ProgramData\ATI
2014-06-01 08:13 - 2014-06-01 08:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-01 08:13 - 2011-07-24 06:12 - 00000000 ____D () C:\ProgramData\AMD
2014-06-01 08:12 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-01 08:10 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI
2014-05-31 20:30 - 2012-09-29 16:27 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Spotify
2014-05-31 20:09 - 2012-09-29 16:28 - 00000000 ____D () C:\Users\Internet\AppData\Local\Spotify
2014-05-31 18:53 - 2012-09-27 22:34 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\SoftGrid Client
2014-05-31 17:03 - 2014-03-09 14:43 - 00000000 ____D () C:\Users\Internet\Documents\Bewerbungsunterlagen
2014-05-29 12:42 - 2014-05-29 12:42 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-29 00:44 - 2014-05-29 00:44 - 00000000 ____D () C:\Users\Internet\AppData\Local\WinZip
2014-05-29 00:43 - 2014-05-29 00:29 - 197334425 _____ () C:\Users\Internet\Downloads\We are the Underdogs - Sound of the Underground Vol I.zip
2014-05-28 10:41 - 2014-05-28 10:41 - 00002269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00002263 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Internet\Documents\processexplorer
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 10:41 - 2014-05-28 10:40 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 10:41 - 2014-05-28 10:40 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 10:28 - 2014-05-28 10:28 - 01243655 _____ () C:\Users\Internet\Downloads\ProcessExplorer.zip
2014-05-28 10:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-05-28 10:00 - 2011-07-24 06:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 09:43 - 2014-05-28 09:43 - 00001266 _____ () C:\Users\Andrea\Desktop\Revo Uninstaller.lnk
2014-05-28 09:43 - 2014-05-28 09:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-28 09:42 - 2014-05-28 09:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe
2014-05-27 18:21 - 2014-05-27 18:21 - 00010736 _____ () C:\Users\Internet\Documents\cc_20140527_182153.reg
2014-05-27 17:52 - 2014-04-16 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
2014-05-27 17:52 - 2012-04-14 21:18 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-27 17:52 - 2011-04-13 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 17:51 - 2011-08-27 15:46 - 00000000 ___RD () C:\MSOCache
2014-05-27 17:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-05-25 19:15 - 2014-05-20 00:56 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-05-20 17:20 - 2013-10-29 02:10 - 00000000 ____D () C:\Users\Internet\Desktop\Andrej's Mukke
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Atheros
2014-05-20 00:56 - 2014-05-20 00:56 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Atheros
2014-05-20 00:53 - 2014-05-20 00:52 - 179393762 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_AW_Compal_Win7_64_Z74098.zip
2014-05-19 23:45 - 2014-05-19 23:45 - 00000000 ____D () C:\Users\Andrea\Documents\Bluetooth Folder
2014-05-19 23:43 - 2014-05-19 23:43 - 00000000 ____D () C:\temp
2014-05-19 23:42 - 2014-05-19 23:41 - 179393768 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_Win7_64_Z74098.zip
2014-05-19 20:27 - 2014-05-19 20:17 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieUserList
2014-05-19 20:27 - 2014-05-19 20:17 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieSiteList
2014-05-19 20:14 - 2014-05-19 20:14 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61[1].zip
2014-05-19 20:13 - 2014-05-19 20:13 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61.zip
2014-05-16 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 13:31 - 2014-02-20 02:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 13:31 - 2014-02-20 02:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 13:28 - 2011-09-30 19:29 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 13:28 - 2011-09-30 19:29 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:26 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 17:20 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 17:17 - 2011-08-29 20:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 19:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-12 07:26 - 2014-06-03 23:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 23:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 23:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 22:31 - 2014-04-16 17:24 - 00035506 _____ () C:\Windows\DirectX.log
2014-05-10 22:27 - 2014-05-10 22:27 - 00331776 _____ () C:\Users\Internet\Downloads\Warframe.msi
2014-05-09 08:14 - 2014-05-14 17:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 17:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 03:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 06:40 - 2014-05-15 17:21 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 17:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 17:21 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 17:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 17:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 17:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Entschuldige bitte meinen Doppelpost, aber FRST versehentlich im falschen Profil aus gescannt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Andrea (administrator) on CPU on 04-06-2014 21:06:32
Running from C:\Users\Andrea\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\xee21ss4.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=231195&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-05]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Internet\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Wallet) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-06]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02]

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-25] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-06] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RivaTuner64; \??\D:\RivaTuner v2.24\RivaTuner64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 21:06 - 2014-06-04 21:06 - 00010211 _____ () C:\Users\Andrea\Desktop\FRST.txt
2014-06-04 21:06 - 2014-06-04 17:49 - 02068992 _____ (Farbar) C:\Users\Andrea\Desktop\FRST64.exe
2014-06-04 17:49 - 2014-06-04 17:49 - 00000000 ____D () C:\Users\Internet\Desktop\FRST-OlderVersion
2014-06-04 17:42 - 2014-06-04 17:42 - 00001286 _____ () C:\Users\Internet\Desktop\malwarescan 03.06.txt
2014-06-04 17:33 - 2014-06-04 17:33 - 00002152 _____ () C:\Users\Andrea\Desktop\JRT.txt
2014-06-04 17:27 - 2014-06-04 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:25 - 2014-06-04 17:25 - 01016261 _____ (Thisisu) C:\Users\Internet\Desktop\JRT.exe
2014-06-04 17:08 - 2014-06-04 17:10 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 23:18 - 2014-06-03 23:18 - 01327971 _____ () C:\Users\Internet\Desktop\adwcleaner_3.211.exe
2014-06-03 23:17 - 2014-06-04 17:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 23:17 - 2014-06-03 23:17 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 23:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 23:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 23:15 - 2014-06-03 23:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-02 20:50 - 2014-06-04 21:05 - 00000000 ____D () C:\Users\Internet\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00016234 _____ () C:\ComboFix.txt
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 20:02 - 2014-06-04 21:07 - 00000000 ____D () C:\Users\Andrea\AppData\Local\temp
2014-06-02 19:52 - 2014-06-02 20:50 - 00000000 ____D () C:\Qoobox
2014-06-02 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 19:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 19:51 - 2014-06-02 20:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 19:45 - 2014-06-02 19:45 - 05203398 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2014-06-02 14:21 - 2014-06-02 14:21 - 00000000 ____D () C:\Users\Internet\AppData\Local\DDMSettings
2014-06-02 12:48 - 2014-06-02 12:50 - 32680168 _____ (DVDVideoSoft Ltd. ) C:\Users\Internet\Downloads\FreeMP4VideoConverter-5.0.42.530.exe
2014-06-02 12:08 - 2014-06-02 12:08 - 00000000 ____D () C:\Users\Internet\AppData\Local\{C9A67DE0-4E90-42D5-B2B5-508B7483DE7A}
2014-06-02 07:13 - 2014-06-02 07:13 - 00004919 _____ () C:\ProgramData\uxxadbmu.rlu
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\MOVAVI
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Local\Movavi
2014-06-02 05:38 - 2014-06-02 05:39 - 00000000 ____D () C:\Users\Internet\Documents\Beauties
2014-06-02 05:13 - 2014-06-02 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-02 05:09 - 2014-06-02 05:09 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerBlock - CHIP-Installer.exe
2014-06-02 04:48 - 2014-06-02 04:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerGuardian - CHIP-Installer.exe
2014-06-02 04:10 - 2014-06-02 04:10 - 00001206 _____ () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-06-02 04:10 - 2014-06-02 04:10 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BitTorrent
2014-06-02 04:08 - 2014-06-02 15:24 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\BitTorrent
2014-06-01 20:58 - 2014-06-01 20:58 - 00042013 _____ () C:\Users\Internet\Desktop\Addition.txt
2014-06-01 20:57 - 2014-06-04 21:06 - 00000000 ____D () C:\FRST
2014-06-01 20:57 - 2014-06-04 17:51 - 00048572 _____ () C:\Users\Internet\Desktop\FRST.txt
2014-06-01 20:55 - 2014-06-04 17:49 - 02068992 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2014-06-01 15:35 - 2014-06-01 15:37 - 31419822 _____ () C:\Users\Internet\Downloads\JDownloader.zip
2014-06-01 12:54 - 2014-06-01 12:54 - 00000000 ____D () C:\Users\Internet\Documents\zips
2014-06-01 11:52 - 2014-06-01 11:52 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\Program Files\CPUID
2014-06-01 11:51 - 2014-06-01 11:52 - 01496480 _____ ( ) C:\Users\Internet\Downloads\cpu-z_1.692-setup-en.exe
2014-06-01 11:21 - 2014-06-01 11:21 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe
2014-06-01 11:15 - 2014-06-01 11:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 09:19 - 2011-08-18 05:44 - 00053376 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-06-01 08:26 - 2014-06-01 08:26 - 00000000 ____D () C:\ProgramData\ATI
2014-06-01 08:13 - 2014-06-01 08:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-01 08:10 - 2014-06-01 08:12 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-01 08:10 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI
2014-05-29 12:42 - 2014-05-29 12:42 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-29 00:44 - 2014-05-29 00:44 - 00000000 ____D () C:\Users\Internet\AppData\Local\WinZip
2014-05-29 00:29 - 2014-05-29 00:43 - 197334425 _____ () C:\Users\Internet\Downloads\We are the Underdogs - Sound of the Underground Vol I.zip
2014-05-28 10:41 - 2014-05-28 10:41 - 00002269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00002263 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Internet\Documents\processexplorer
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Andrea\AppData\Local\WinZip
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 10:40 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 10:40 - 2014-05-28 10:41 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 10:28 - 2014-05-28 10:28 - 01243655 _____ () C:\Users\Internet\Downloads\ProcessExplorer.zip
2014-05-28 09:43 - 2014-05-28 09:43 - 00001266 _____ () C:\Users\Andrea\Desktop\Revo Uninstaller.lnk
2014-05-28 09:43 - 2014-05-28 09:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-28 09:42 - 2014-05-28 09:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe
2014-05-27 18:21 - 2014-05-27 18:21 - 00010736 _____ () C:\Users\Internet\Documents\cc_20140527_182153.reg
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Atheros
2014-05-20 00:56 - 2014-05-25 19:15 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-05-20 00:56 - 2014-05-20 00:56 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Atheros
2014-05-20 00:52 - 2014-05-20 00:53 - 179393762 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_AW_Compal_Win7_64_Z74098.zip
2014-05-20 00:51 - 2014-05-20 00:53 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2014-05-19 23:45 - 2014-05-19 23:45 - 00000000 ____D () C:\Users\Andrea\Documents\Bluetooth Folder
2014-05-19 23:43 - 2014-05-19 23:43 - 00000000 ____D () C:\temp
2014-05-19 23:41 - 2014-05-19 23:42 - 179393768 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_Win7_64_Z74098.zip
2014-05-19 20:27 - 2014-06-02 12:52 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieSiteList
2014-05-19 20:27 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieUserList
2014-05-19 20:17 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieUserList
2014-05-19 20:17 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieSiteList
2014-05-19 20:14 - 2014-05-19 20:14 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61[1].zip
2014-05-19 20:13 - 2014-05-19 20:13 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61.zip
2014-05-15 17:21 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 17:21 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 17:21 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 17:21 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 17:21 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 17:21 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 17:30 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:30 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:30 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:30 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:30 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:30 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:30 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:30 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:30 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:30 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:30 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:30 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:30 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:30 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:30 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:30 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:30 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-10 22:29 - 2014-06-01 12:50 - 00000000 ____D () C:\Users\Internet\AppData\Local\Warframe
2014-05-10 22:27 - 2014-05-10 22:27 - 00331776 _____ () C:\Users\Internet\Downloads\Warframe.msi
2014-05-10 03:52 - 2014-06-02 16:16 - 00000000 ____D () C:\Users\Internet\AppData\Local\Mozilla Firefox
2014-05-07 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 03:01 - 2014-05-16 01:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-06-04 21:07 - 2014-06-04 21:06 - 00010211 _____ () C:\Users\Andrea\Desktop\FRST.txt
2014-06-04 21:07 - 2014-06-02 20:02 - 00000000 ____D () C:\Users\Andrea\AppData\Local\temp
2014-06-04 21:06 - 2014-06-01 20:57 - 00000000 ____D () C:\FRST
2014-06-04 21:05 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Internet\AppData\Local\temp
2014-06-04 21:05 - 2011-04-13 04:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 21:04 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 21:04 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 21:02 - 2011-04-13 04:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 20:56 - 2013-07-25 23:23 - 00044728 _____ () C:\Windows\setupact.log
2014-06-04 20:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 18:25 - 2011-07-24 05:59 - 01258908 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 17:51 - 2014-06-01 20:57 - 00048572 _____ () C:\Users\Internet\Desktop\FRST.txt
2014-06-04 17:49 - 2014-06-04 21:06 - 02068992 _____ (Farbar) C:\Users\Andrea\Desktop\FRST64.exe
2014-06-04 17:49 - 2014-06-04 17:49 - 00000000 ____D () C:\Users\Internet\Desktop\FRST-OlderVersion
2014-06-04 17:49 - 2014-06-01 20:55 - 02068992 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2014-06-04 17:42 - 2014-06-04 17:42 - 00001286 _____ () C:\Users\Internet\Desktop\malwarescan 03.06.txt
2014-06-04 17:36 - 2014-06-03 23:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 17:34 - 2013-04-05 19:24 - 00001364 _____ () C:\Users\Internet\Desktop\Mozilla Firefox.lnk
2014-06-04 17:33 - 2014-06-04 17:33 - 00002152 _____ () C:\Users\Andrea\Desktop\JRT.txt
2014-06-04 17:27 - 2014-06-04 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:25 - 2014-06-04 17:25 - 01016261 _____ (Thisisu) C:\Users\Internet\Desktop\JRT.exe
2014-06-04 17:11 - 2013-08-01 01:26 - 00150578 _____ () C:\Windows\PFRO.log
2014-06-04 17:10 - 2014-06-04 17:08 - 00000000 ____D () C:\AdwCleaner
2014-06-04 06:14 - 2011-02-19 06:24 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 06:14 - 2011-02-19 06:24 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 06:14 - 2009-07-14 07:13 - 01652996 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 06:03 - 2013-11-10 11:42 - 00000000 ____D () C:\Users\Internet\AppData\Local\Battle.net
2014-06-04 02:21 - 2011-04-13 04:43 - 00000000 ____D () C:\Windows\el
2014-06-03 23:18 - 2014-06-03 23:18 - 01327971 _____ () C:\Users\Internet\Desktop\adwcleaner_3.211.exe
2014-06-03 23:17 - 2014-06-03 23:17 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 23:16 - 2014-06-03 23:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-02 20:50 - 2014-06-02 20:50 - 00016234 _____ () C:\ComboFix.txt
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 19:52 - 00000000 ____D () C:\Qoobox
2014-06-02 20:48 - 2014-06-02 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 20:47 - 2011-08-17 23:00 - 00058928 _____ () C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 20:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-02 19:45 - 2014-06-02 19:45 - 05203398 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2014-06-02 16:41 - 2009-07-14 06:45 - 00280408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-02 16:16 - 2014-05-10 03:52 - 00000000 ____D () C:\Users\Internet\AppData\Local\Mozilla Firefox
2014-06-02 15:24 - 2014-06-02 04:08 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\BitTorrent
2014-06-02 14:21 - 2014-06-02 14:21 - 00000000 ____D () C:\Users\Internet\AppData\Local\DDMSettings
2014-06-02 12:52 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieSiteList
2014-06-02 12:52 - 2013-11-22 17:50 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\DVDVideoSoft
2014-06-02 12:52 - 2013-11-22 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-02 12:52 - 2012-11-29 19:25 - 00000000 ____D () C:\Users\Internet\Documents\DVDVideoSoft
2014-06-02 12:52 - 2012-11-29 19:21 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\DVDVideoSoft
2014-06-02 12:50 - 2014-06-02 12:48 - 32680168 _____ (DVDVideoSoft Ltd. ) C:\Users\Internet\Downloads\FreeMP4VideoConverter-5.0.42.530.exe
2014-06-02 12:13 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-02 12:08 - 2014-06-02 12:08 - 00000000 ____D () C:\Users\Internet\AppData\Local\{C9A67DE0-4E90-42D5-B2B5-508B7483DE7A}
2014-06-02 07:13 - 2014-06-02 07:13 - 00004919 _____ () C:\ProgramData\uxxadbmu.rlu
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\MOVAVI
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Local\Movavi
2014-06-02 07:13 - 2012-07-27 22:27 - 00058928 _____ () C:\Users\Internet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 06:33 - 2011-03-07 12:16 - 00000000 ____D () C:\Users\Internet\Desktop\JDownloader
2014-06-02 05:39 - 2014-06-02 05:38 - 00000000 ____D () C:\Users\Internet\Documents\Beauties
2014-06-02 05:13 - 2014-06-02 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-02 05:09 - 2014-06-02 05:09 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerBlock - CHIP-Installer.exe
2014-06-02 04:48 - 2014-06-02 04:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerGuardian - CHIP-Installer.exe
2014-06-02 04:10 - 2014-06-02 04:10 - 00001206 _____ () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-06-02 04:10 - 2014-06-02 04:10 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BitTorrent
2014-06-01 20:58 - 2014-06-01 20:58 - 00042013 _____ () C:\Users\Internet\Desktop\Addition.txt
2014-06-01 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-06-01 15:37 - 2014-06-01 15:35 - 31419822 _____ () C:\Users\Internet\Downloads\JDownloader.zip
2014-06-01 12:54 - 2014-06-01 12:54 - 00000000 ____D () C:\Users\Internet\Documents\zips
2014-06-01 12:54 - 2013-12-01 21:23 - 00000000 ____D () C:\Users\Internet\Documents\Downloads1
2014-06-01 12:53 - 2013-12-29 13:27 - 00000000 ____D () C:\Users\Internet\Documents\Karten
2014-06-01 12:50 - 2014-05-10 22:29 - 00000000 ____D () C:\Users\Internet\AppData\Local\Warframe
2014-06-01 12:38 - 2013-05-06 02:20 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-01 11:52 - 2014-06-01 11:52 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\Program Files\CPUID
2014-06-01 11:52 - 2014-06-01 11:51 - 01496480 _____ ( ) C:\Users\Internet\Downloads\cpu-z_1.692-setup-en.exe
2014-06-01 11:21 - 2014-06-01 11:21 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe
2014-06-01 11:17 - 2013-05-27 05:46 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Malwarebytes
2014-06-01 11:17 - 2013-05-27 05:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 11:16 - 2014-06-01 11:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 10:30 - 2013-08-06 00:39 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\uTorrent
2014-06-01 09:21 - 2013-10-29 23:45 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-06-01 09:09 - 2011-08-17 23:00 - 00000000 ____D () C:\Users\Andrea
2014-06-01 09:06 - 2011-09-30 19:29 - 00000000 ____D () C:\Users\Internet
2014-06-01 09:05 - 2013-05-06 02:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-06-01 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-01 09:04 - 2012-09-26 01:01 - 00000000 ____D () C:\AMD
2014-06-01 08:26 - 2014-06-01 08:26 - 00000000 ____D () C:\ProgramData\ATI
2014-06-01 08:13 - 2014-06-01 08:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-01 08:13 - 2011-07-24 06:12 - 00000000 ____D () C:\ProgramData\AMD
2014-06-01 08:12 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-01 08:10 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI
2014-05-31 20:30 - 2012-09-29 16:27 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Spotify
2014-05-31 20:09 - 2012-09-29 16:28 - 00000000 ____D () C:\Users\Internet\AppData\Local\Spotify
2014-05-31 18:53 - 2012-09-27 22:34 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\SoftGrid Client
2014-05-31 17:03 - 2014-03-09 14:43 - 00000000 ____D () C:\Users\Internet\Documents\Bewerbungsunterlagen
2014-05-29 12:42 - 2014-05-29 12:42 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-29 00:44 - 2014-05-29 00:44 - 00000000 ____D () C:\Users\Internet\AppData\Local\WinZip
2014-05-29 00:43 - 2014-05-29 00:29 - 197334425 _____ () C:\Users\Internet\Downloads\We are the Underdogs - Sound of the Underground Vol I.zip
2014-05-28 10:41 - 2014-05-28 10:41 - 00002269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00002263 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Internet\Documents\processexplorer
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Andrea\AppData\Local\WinZip
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 10:41 - 2014-05-28 10:40 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 10:41 - 2014-05-28 10:40 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 10:28 - 2014-05-28 10:28 - 01243655 _____ () C:\Users\Internet\Downloads\ProcessExplorer.zip
2014-05-28 10:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-05-28 10:00 - 2011-07-24 06:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 09:43 - 2014-05-28 09:43 - 00001266 _____ () C:\Users\Andrea\Desktop\Revo Uninstaller.lnk
2014-05-28 09:43 - 2014-05-28 09:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-28 09:42 - 2014-05-28 09:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe
2014-05-27 18:21 - 2014-05-27 18:21 - 00010736 _____ () C:\Users\Internet\Documents\cc_20140527_182153.reg
2014-05-27 18:06 - 2013-01-24 01:51 - 00007621 _____ () C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
2014-05-27 17:53 - 2014-02-26 00:07 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24
2014-05-27 17:52 - 2014-04-16 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
2014-05-27 17:52 - 2012-04-14 21:18 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-27 17:52 - 2011-04-13 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 17:51 - 2011-08-27 15:46 - 00000000 ___RD () C:\MSOCache
2014-05-27 17:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-05-27 10:57 - 2013-07-13 14:23 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Adobe
2014-05-25 19:15 - 2014-05-20 00:56 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-05-20 17:20 - 2013-10-29 02:10 - 00000000 ____D () C:\Users\Internet\Desktop\Andrej's Mukke
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Atheros
2014-05-20 00:56 - 2014-05-20 00:56 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Atheros
2014-05-20 00:53 - 2014-05-20 00:52 - 179393762 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_AW_Compal_Win7_64_Z74098.zip
2014-05-20 00:53 - 2014-05-20 00:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2014-05-19 23:45 - 2014-05-19 23:45 - 00000000 ____D () C:\Users\Andrea\Documents\Bluetooth Folder
2014-05-19 23:43 - 2014-05-19 23:43 - 00000000 ____D () C:\temp
2014-05-19 23:42 - 2014-05-19 23:41 - 179393768 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_Win7_64_Z74098.zip
2014-05-19 20:27 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieUserList
2014-05-19 20:27 - 2014-05-19 20:17 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieUserList
2014-05-19 20:27 - 2014-05-19 20:17 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieSiteList
2014-05-19 20:14 - 2014-05-19 20:14 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61[1].zip
2014-05-19 20:13 - 2014-05-19 20:13 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61.zip
2014-05-16 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 13:31 - 2014-02-20 02:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 13:31 - 2014-02-20 02:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 13:28 - 2011-09-30 19:29 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 13:28 - 2011-09-30 19:29 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:26 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 17:20 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 17:17 - 2011-08-29 20:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 19:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-12 07:26 - 2014-06-03 23:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 23:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 23:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 22:31 - 2014-04-16 17:24 - 00035506 _____ () C:\Windows\DirectX.log
2014-05-10 22:27 - 2014-05-10 22:27 - 00331776 _____ () C:\Users\Internet\Downloads\Warframe.msi
2014-05-10 01:57 - 2011-04-13 04:33 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 01:57 - 2011-04-13 04:33 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-14 17:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 17:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 03:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 06:40 - 2014-05-15 17:21 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 17:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 17:21 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 17:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 17:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 17:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 01:06

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 05.06.2014, 19:15   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.06.2014, 17:58   #9
Calinjar
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=6edf3f28026429409d6c1b62ee0873fb
# engine=18591
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-06 02:37:05
# local_time=2014-06-06 04:37:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4743338 43378741 0 0
# scanned=262367
# found=10
# cleaned=0
# scan_time=7795
sh=2CD7D23045813327DA11D264DD3209B613FAED49 ft=1 fh=89e8321fc6503f32 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andrea\Documents\Downloads\Integrated_CT2776682.exe"
sh=34D3274EA225D2BD708B1ED2B053B119E738650C ft=1 fh=1e8c2b8289b5573a vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andrea\Downloads\WinZip165International.exe"
sh=FE0BB418ACB558D6B8FF50531205D3A1D94252CB ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.Agent.NKE Trojaner" ac=I fn="C:\Users\Internet\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\781dbfd4-40d0ed21"
sh=C68C11FB6AC0FF4F46A54C13FF841D7038EE0E4B ft=1 fh=00d37b48bbddc555 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe"
sh=6103682362FA8F341FF43277A15D4FD01DEBE14D ft=1 fh=d94be57364dec760 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Internet\Documents\Downloads1\FreeAudioCDToMP3Converter_1.3.12.1228.exe"
sh=2FFBBD9256D61F714FB0B6A81A69ED1626AB1E7E ft=1 fh=024825685866f052 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Internet\Documents\Downloads1\Setup_FLVDownloader.exe"
sh=7D87DD673BBA0883DFA420DCB59C7EBB63945861 ft=1 fh=1ff55b326349dff3 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Internet\Documents\Downloads1\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe"
sh=A847B17DCBA4CAC520F0BC9013CA7C1A71B9C7D2 ft=1 fh=35507f4c88e98281 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Internet\Downloads\PeerBlock - CHIP-Installer.exe"
sh=214067092CB14AC849E724AE40EC10DC1D10C372 ft=1 fh=63bc9472b1df4ad5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Internet\Downloads\PeerGuardian - CHIP-Installer.exe"
sh=3D3E8A7E473247C98048EA927F833EDA3DECDE02 ft=1 fh=6c6c2cb9d6a3b61e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe"

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
Avira Desktop                   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 13.0.0.214  
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Andrea (administrator) on CPU on 06-06-2014 18:53:58
Running from C:\Users\Andrea\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\xee21ss4.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=231195&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-05]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Internet\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Wallet) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-06]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02]

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-25] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-06] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RivaTuner64; \??\D:\RivaTuner v2.24\RivaTuner64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 18:53 - 2014-06-06 18:53 - 00000000 ____D () C:\Users\Andrea\Desktop\FRST-OlderVersion
2014-06-06 18:48 - 2014-06-06 18:48 - 00854367 _____ () C:\Users\Andrea\Desktop\SecurityCheck.exe
2014-06-06 18:45 - 2014-06-06 18:45 - 00001613 _____ () C:\Users\Andrea\Desktop\log - Verknüpfung.lnk
2014-06-06 14:11 - 2014-06-06 14:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 14:10 - 2014-06-06 14:10 - 02347384 _____ (ESET) C:\Users\Andrea\Desktop\esetsmartinstaller_deu.exe
2014-06-04 21:06 - 2014-06-06 18:53 - 02072576 _____ (Farbar) C:\Users\Andrea\Desktop\FRST64.exe
2014-06-04 21:06 - 2014-06-06 18:53 - 00010620 _____ () C:\Users\Andrea\Desktop\FRST.txt
2014-06-04 17:49 - 2014-06-04 17:49 - 00000000 ____D () C:\Users\Internet\Desktop\FRST-OlderVersion
2014-06-04 17:42 - 2014-06-04 17:42 - 00001286 _____ () C:\Users\Internet\Desktop\malwarescan 03.06.txt
2014-06-04 17:33 - 2014-06-04 17:33 - 00002152 _____ () C:\Users\Andrea\Desktop\JRT.txt
2014-06-04 17:27 - 2014-06-04 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:25 - 2014-06-04 17:25 - 01016261 _____ (Thisisu) C:\Users\Internet\Desktop\JRT.exe
2014-06-04 17:08 - 2014-06-04 17:10 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 23:18 - 2014-06-03 23:18 - 01327971 _____ () C:\Users\Internet\Desktop\adwcleaner_3.211.exe
2014-06-03 23:17 - 2014-06-04 17:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 23:17 - 2014-06-03 23:17 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 23:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 23:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 23:15 - 2014-06-03 23:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-02 20:50 - 2014-06-06 05:04 - 00000000 ____D () C:\Users\Internet\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00016234 _____ () C:\ComboFix.txt
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 20:02 - 2014-06-06 18:54 - 00000000 ____D () C:\Users\Andrea\AppData\Local\temp
2014-06-02 19:52 - 2014-06-02 20:50 - 00000000 ____D () C:\Qoobox
2014-06-02 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 19:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 19:51 - 2014-06-02 20:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 19:45 - 2014-06-02 19:45 - 05203398 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2014-06-02 14:21 - 2014-06-02 14:21 - 00000000 ____D () C:\Users\Internet\AppData\Local\DDMSettings
2014-06-02 12:48 - 2014-06-02 12:50 - 32680168 _____ (DVDVideoSoft Ltd. ) C:\Users\Internet\Downloads\FreeMP4VideoConverter-5.0.42.530.exe
2014-06-02 12:08 - 2014-06-02 12:08 - 00000000 ____D () C:\Users\Internet\AppData\Local\{C9A67DE0-4E90-42D5-B2B5-508B7483DE7A}
2014-06-02 07:13 - 2014-06-02 07:13 - 00004919 _____ () C:\ProgramData\uxxadbmu.rlu
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\MOVAVI
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Local\Movavi
2014-06-02 05:38 - 2014-06-02 05:39 - 00000000 ____D () C:\Users\Internet\Documents\Beauties
2014-06-02 05:13 - 2014-06-02 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-02 05:09 - 2014-06-02 05:09 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerBlock - CHIP-Installer.exe
2014-06-02 04:48 - 2014-06-02 04:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerGuardian - CHIP-Installer.exe
2014-06-02 04:10 - 2014-06-02 04:10 - 00001206 _____ () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-06-02 04:10 - 2014-06-02 04:10 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BitTorrent
2014-06-02 04:08 - 2014-06-02 15:24 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\BitTorrent
2014-06-01 20:58 - 2014-06-01 20:58 - 00042013 _____ () C:\Users\Internet\Desktop\Addition.txt
2014-06-01 20:57 - 2014-06-06 18:54 - 00000000 ____D () C:\FRST
2014-06-01 20:57 - 2014-06-04 17:51 - 00048572 _____ () C:\Users\Internet\Desktop\FRST.txt
2014-06-01 20:55 - 2014-06-04 17:49 - 02068992 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2014-06-01 15:35 - 2014-06-01 15:37 - 31419822 _____ () C:\Users\Internet\Downloads\JDownloader.zip
2014-06-01 12:54 - 2014-06-01 12:54 - 00000000 ____D () C:\Users\Internet\Documents\zips
2014-06-01 11:52 - 2014-06-01 11:52 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\Program Files\CPUID
2014-06-01 11:51 - 2014-06-01 11:52 - 01496480 _____ ( ) C:\Users\Internet\Downloads\cpu-z_1.692-setup-en.exe
2014-06-01 11:21 - 2014-06-01 11:21 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe
2014-06-01 11:15 - 2014-06-01 11:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 09:19 - 2011-08-18 05:44 - 00053376 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-06-01 08:26 - 2014-06-01 08:26 - 00000000 ____D () C:\ProgramData\ATI
2014-06-01 08:13 - 2014-06-01 08:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-01 08:10 - 2014-06-01 08:12 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-01 08:10 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI
2014-05-29 12:42 - 2014-05-29 12:42 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-29 00:44 - 2014-05-29 00:44 - 00000000 ____D () C:\Users\Internet\AppData\Local\WinZip
2014-05-29 00:29 - 2014-05-29 00:43 - 197334425 _____ () C:\Users\Internet\Downloads\We are the Underdogs - Sound of the Underground Vol I.zip
2014-05-28 10:41 - 2014-05-28 10:41 - 00002269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00002263 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Internet\Documents\processexplorer
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Andrea\AppData\Local\WinZip
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 10:40 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 10:40 - 2014-05-28 10:41 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 10:28 - 2014-05-28 10:28 - 01243655 _____ () C:\Users\Internet\Downloads\ProcessExplorer.zip
2014-05-28 09:43 - 2014-05-28 09:43 - 00001266 _____ () C:\Users\Andrea\Desktop\Revo Uninstaller.lnk
2014-05-28 09:43 - 2014-05-28 09:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-28 09:42 - 2014-05-28 09:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe
2014-05-27 18:21 - 2014-05-27 18:21 - 00010736 _____ () C:\Users\Internet\Documents\cc_20140527_182153.reg
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Atheros
2014-05-20 00:56 - 2014-05-25 19:15 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-05-20 00:56 - 2014-05-20 00:56 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Atheros
2014-05-20 00:52 - 2014-05-20 00:53 - 179393762 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_AW_Compal_Win7_64_Z74098.zip
2014-05-20 00:51 - 2014-05-20 00:53 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2014-05-19 23:45 - 2014-05-19 23:45 - 00000000 ____D () C:\Users\Andrea\Documents\Bluetooth Folder
2014-05-19 23:43 - 2014-05-19 23:43 - 00000000 ____D () C:\temp
2014-05-19 23:41 - 2014-05-19 23:42 - 179393768 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_Win7_64_Z74098.zip
2014-05-19 20:27 - 2014-06-02 12:52 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieSiteList
2014-05-19 20:27 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieUserList
2014-05-19 20:17 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieUserList
2014-05-19 20:17 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieSiteList
2014-05-19 20:14 - 2014-05-19 20:14 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61[1].zip
2014-05-19 20:13 - 2014-05-19 20:13 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61.zip
2014-05-15 17:21 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 17:21 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 17:21 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 17:21 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 17:21 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 17:21 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 17:30 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:30 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:30 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:30 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:30 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:30 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:30 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:30 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:30 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:30 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:30 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:30 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:30 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:30 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:30 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:30 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:30 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:30 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:30 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:30 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:30 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-10 22:29 - 2014-06-01 12:50 - 00000000 ____D () C:\Users\Internet\AppData\Local\Warframe
2014-05-10 22:27 - 2014-05-10 22:27 - 00331776 _____ () C:\Users\Internet\Downloads\Warframe.msi
2014-05-10 03:52 - 2014-06-02 16:16 - 00000000 ____D () C:\Users\Internet\AppData\Local\Mozilla Firefox
2014-05-07 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 03:01 - 2014-05-16 01:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-06-06 18:54 - 2014-06-04 21:06 - 00010620 _____ () C:\Users\Andrea\Desktop\FRST.txt
2014-06-06 18:54 - 2014-06-02 20:02 - 00000000 ____D () C:\Users\Andrea\AppData\Local\temp
2014-06-06 18:54 - 2014-06-01 20:57 - 00000000 ____D () C:\FRST
2014-06-06 18:53 - 2014-06-06 18:53 - 00000000 ____D () C:\Users\Andrea\Desktop\FRST-OlderVersion
2014-06-06 18:53 - 2014-06-04 21:06 - 02072576 _____ (Farbar) C:\Users\Andrea\Desktop\FRST64.exe
2014-06-06 18:48 - 2014-06-06 18:48 - 00854367 _____ () C:\Users\Andrea\Desktop\SecurityCheck.exe
2014-06-06 18:45 - 2014-06-06 18:45 - 00001613 _____ () C:\Users\Andrea\Desktop\log - Verknüpfung.lnk
2014-06-06 18:02 - 2011-04-13 04:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 14:20 - 2011-07-24 05:59 - 01357759 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 14:11 - 2014-06-06 14:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-06 14:10 - 2014-06-06 14:10 - 02347384 _____ (ESET) C:\Users\Andrea\Desktop\esetsmartinstaller_deu.exe
2014-06-06 14:09 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 14:09 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 14:03 - 2011-04-13 04:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 14:01 - 2013-07-25 23:23 - 00044840 _____ () C:\Windows\setupact.log
2014-06-06 14:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 05:04 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Internet\AppData\Local\temp
2014-06-06 05:02 - 2013-11-10 11:42 - 00000000 ____D () C:\Users\Internet\AppData\Local\Battle.net
2014-06-05 17:03 - 2013-08-01 01:26 - 00150924 _____ () C:\Windows\PFRO.log
2014-06-04 17:51 - 2014-06-01 20:57 - 00048572 _____ () C:\Users\Internet\Desktop\FRST.txt
2014-06-04 17:49 - 2014-06-04 17:49 - 00000000 ____D () C:\Users\Internet\Desktop\FRST-OlderVersion
2014-06-04 17:49 - 2014-06-01 20:55 - 02068992 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2014-06-04 17:42 - 2014-06-04 17:42 - 00001286 _____ () C:\Users\Internet\Desktop\malwarescan 03.06.txt
2014-06-04 17:36 - 2014-06-03 23:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 17:34 - 2013-04-05 19:24 - 00001364 _____ () C:\Users\Internet\Desktop\Mozilla Firefox.lnk
2014-06-04 17:33 - 2014-06-04 17:33 - 00002152 _____ () C:\Users\Andrea\Desktop\JRT.txt
2014-06-04 17:27 - 2014-06-04 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:25 - 2014-06-04 17:25 - 01016261 _____ (Thisisu) C:\Users\Internet\Desktop\JRT.exe
2014-06-04 17:10 - 2014-06-04 17:08 - 00000000 ____D () C:\AdwCleaner
2014-06-04 06:14 - 2011-02-19 06:24 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 06:14 - 2011-02-19 06:24 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 06:14 - 2009-07-14 07:13 - 01652996 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 02:21 - 2011-04-13 04:43 - 00000000 ____D () C:\Windows\el
2014-06-03 23:18 - 2014-06-03 23:18 - 01327971 _____ () C:\Users\Internet\Desktop\adwcleaner_3.211.exe
2014-06-03 23:17 - 2014-06-03 23:17 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 23:16 - 2014-06-03 23:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-02 20:50 - 2014-06-02 20:50 - 00016234 _____ () C:\ComboFix.txt
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 20:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 20:50 - 2014-06-02 19:52 - 00000000 ____D () C:\Qoobox
2014-06-02 20:48 - 2014-06-02 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 20:47 - 2011-08-17 23:00 - 00058928 _____ () C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 20:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-02 19:45 - 2014-06-02 19:45 - 05203398 ____R (Swearware) C:\Users\Internet\Desktop\ComboFix.exe
2014-06-02 16:41 - 2009-07-14 06:45 - 00280408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-02 16:16 - 2014-05-10 03:52 - 00000000 ____D () C:\Users\Internet\AppData\Local\Mozilla Firefox
2014-06-02 15:24 - 2014-06-02 04:08 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\BitTorrent
2014-06-02 14:21 - 2014-06-02 14:21 - 00000000 ____D () C:\Users\Internet\AppData\Local\DDMSettings
2014-06-02 12:52 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieSiteList
2014-06-02 12:52 - 2013-11-22 17:50 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\DVDVideoSoft
2014-06-02 12:52 - 2013-11-22 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-02 12:52 - 2012-11-29 19:25 - 00000000 ____D () C:\Users\Internet\Documents\DVDVideoSoft
2014-06-02 12:52 - 2012-11-29 19:21 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\DVDVideoSoft
2014-06-02 12:50 - 2014-06-02 12:48 - 32680168 _____ (DVDVideoSoft Ltd. ) C:\Users\Internet\Downloads\FreeMP4VideoConverter-5.0.42.530.exe
2014-06-02 12:13 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-02 12:08 - 2014-06-02 12:08 - 00000000 ____D () C:\Users\Internet\AppData\Local\{C9A67DE0-4E90-42D5-B2B5-508B7483DE7A}
2014-06-02 07:13 - 2014-06-02 07:13 - 00004919 _____ () C:\ProgramData\uxxadbmu.rlu
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\MOVAVI
2014-06-02 07:13 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\Internet\AppData\Local\Movavi
2014-06-02 07:13 - 2012-07-27 22:27 - 00058928 _____ () C:\Users\Internet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 06:33 - 2011-03-07 12:16 - 00000000 ____D () C:\Users\Internet\Desktop\JDownloader
2014-06-02 05:39 - 2014-06-02 05:38 - 00000000 ____D () C:\Users\Internet\Documents\Beauties
2014-06-02 05:13 - 2014-06-02 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-02 05:09 - 2014-06-02 05:09 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerBlock - CHIP-Installer.exe
2014-06-02 04:48 - 2014-06-02 04:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\PeerGuardian - CHIP-Installer.exe
2014-06-02 04:10 - 2014-06-02 04:10 - 00001206 _____ () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-06-02 04:10 - 2014-06-02 04:10 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BitTorrent
2014-06-01 20:58 - 2014-06-01 20:58 - 00042013 _____ () C:\Users\Internet\Desktop\Addition.txt
2014-06-01 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-06-01 15:37 - 2014-06-01 15:35 - 31419822 _____ () C:\Users\Internet\Downloads\JDownloader.zip
2014-06-01 12:54 - 2014-06-01 12:54 - 00000000 ____D () C:\Users\Internet\Documents\zips
2014-06-01 12:54 - 2013-12-01 21:23 - 00000000 ____D () C:\Users\Internet\Documents\Downloads1
2014-06-01 12:53 - 2013-12-29 13:27 - 00000000 ____D () C:\Users\Internet\Documents\Karten
2014-06-01 12:50 - 2014-05-10 22:29 - 00000000 ____D () C:\Users\Internet\AppData\Local\Warframe
2014-06-01 12:38 - 2013-05-06 02:20 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-01 11:52 - 2014-06-01 11:52 - 00000871 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-01 11:52 - 2014-06-01 11:52 - 00000000 ____D () C:\Program Files\CPUID
2014-06-01 11:52 - 2014-06-01 11:51 - 01496480 _____ ( ) C:\Users\Internet\Downloads\cpu-z_1.692-setup-en.exe
2014-06-01 11:21 - 2014-06-01 11:21 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Desktop\HijackThis - CHIP-Installer.exe
2014-06-01 11:17 - 2013-05-27 05:46 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Malwarebytes
2014-06-01 11:17 - 2013-05-27 05:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 11:16 - 2014-06-01 11:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Internet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 10:30 - 2013-08-06 00:39 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\uTorrent
2014-06-01 09:21 - 2013-10-29 23:45 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-01 09:14 - 2014-06-01 09:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-06-01 09:09 - 2011-08-17 23:00 - 00000000 ____D () C:\Users\Andrea
2014-06-01 09:06 - 2011-09-30 19:29 - 00000000 ____D () C:\Users\Internet
2014-06-01 09:05 - 2013-05-06 02:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-06-01 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-01 09:04 - 2012-09-26 01:01 - 00000000 ____D () C:\AMD
2014-06-01 08:26 - 2014-06-01 08:26 - 00000000 ____D () C:\ProgramData\ATI
2014-06-01 08:13 - 2014-06-01 08:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-01 08:13 - 2011-07-24 06:12 - 00000000 ____D () C:\ProgramData\AMD
2014-06-01 08:12 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-01 08:10 - 2014-06-01 08:10 - 00000000 ____D () C:\Program Files\ATI
2014-05-31 20:30 - 2012-09-29 16:27 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Spotify
2014-05-31 20:09 - 2012-09-29 16:28 - 00000000 ____D () C:\Users\Internet\AppData\Local\Spotify
2014-05-31 18:53 - 2012-09-27 22:34 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\SoftGrid Client
2014-05-31 17:03 - 2014-03-09 14:43 - 00000000 ____D () C:\Users\Internet\Documents\Bewerbungsunterlagen
2014-05-29 12:42 - 2014-05-29 12:42 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-29 00:44 - 2014-05-29 00:44 - 00000000 ____D () C:\Users\Internet\AppData\Local\WinZip
2014-05-29 00:43 - 2014-05-29 00:29 - 197334425 _____ () C:\Users\Internet\Downloads\We are the Underdogs - Sound of the Underground Vol I.zip
2014-05-28 10:41 - 2014-05-28 10:41 - 00002269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00002263 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Internet\Documents\processexplorer
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Users\Andrea\AppData\Local\WinZip
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 10:41 - 2014-05-28 10:40 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 10:41 - 2014-05-28 10:40 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 10:28 - 2014-05-28 10:28 - 01243655 _____ () C:\Users\Internet\Downloads\ProcessExplorer.zip
2014-05-28 10:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-05-28 10:00 - 2011-07-24 06:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 09:43 - 2014-05-28 09:43 - 00001266 _____ () C:\Users\Andrea\Desktop\Revo Uninstaller.lnk
2014-05-28 09:43 - 2014-05-28 09:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-28 09:42 - 2014-05-28 09:42 - 00961360 _____ (Chip Digital GmbH) C:\Users\Internet\Downloads\Revo Uninstaller - CHIP-Installer.exe
2014-05-27 18:21 - 2014-05-27 18:21 - 00010736 _____ () C:\Users\Internet\Documents\cc_20140527_182153.reg
2014-05-27 18:06 - 2013-01-24 01:51 - 00007621 _____ () C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
2014-05-27 17:53 - 2014-02-26 00:07 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24
2014-05-27 17:52 - 2014-04-16 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
2014-05-27 17:52 - 2012-04-14 21:18 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-27 17:52 - 2011-04-13 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 17:51 - 2011-08-27 15:46 - 00000000 ___RD () C:\MSOCache
2014-05-27 17:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-05-27 10:57 - 2013-07-13 14:23 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Adobe
2014-05-25 19:15 - 2014-05-20 00:56 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-05-20 17:20 - 2013-10-29 02:10 - 00000000 ____D () C:\Users\Internet\Desktop\Andrej's Mukke
2014-05-20 01:03 - 2014-05-20 01:03 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Atheros
2014-05-20 00:56 - 2014-05-20 00:56 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Atheros
2014-05-20 00:53 - 2014-05-20 00:52 - 179393762 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_AW_Compal_Win7_64_Z74098.zip
2014-05-20 00:53 - 2014-05-20 00:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2014-05-19 23:45 - 2014-05-19 23:45 - 00000000 ____D () C:\Users\Andrea\Documents\Bluetooth Folder
2014-05-19 23:43 - 2014-05-19 23:43 - 00000000 ____D () C:\temp
2014-05-19 23:42 - 2014-05-19 23:41 - 179393768 _____ () C:\Users\Internet\Downloads\Bluetooth_Atheros_Win7_64_Z74098.zip
2014-05-19 20:27 - 2014-05-19 20:27 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieUserList
2014-05-19 20:27 - 2014-05-19 20:17 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieUserList
2014-05-19 20:27 - 2014-05-19 20:17 - 00000000 __SHD () C:\Users\Internet\AppData\Local\EmieSiteList
2014-05-19 20:14 - 2014-05-19 20:14 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61[1].zip
2014-05-19 20:13 - 2014-05-19 20:13 - 00048475 _____ () C:\Users\Andrea\Desktop\bluetoothview_1.61.zip
2014-05-16 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 13:31 - 2014-02-20 02:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 13:31 - 2014-02-20 02:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 13:28 - 2011-09-30 19:29 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 13:28 - 2011-09-30 19:29 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:26 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 17:20 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 17:17 - 2011-08-29 20:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 19:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-12 07:26 - 2014-06-03 23:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 23:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 23:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 22:31 - 2014-04-16 17:24 - 00035506 _____ () C:\Windows\DirectX.log
2014-05-10 22:27 - 2014-05-10 22:27 - 00331776 _____ () C:\Users\Internet\Downloads\Warframe.msi
2014-05-10 01:57 - 2011-04-13 04:33 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 01:57 - 2011-04-13 04:33 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-14 17:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 17:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 03:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Internet\AppData\Local\temp\RSPUpgradeInstaller.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 01:06

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Der OnlineScanner hat 10 Files gefunden, darunter 1 angeblichen Trojaner, die ich noch nicht gelöscht habe(weil's nicht in der Anleitung stand).
Nach dem Löschen der "prefs" Dateien für Firefox, speichert das Programm keine Einstellungen mehr, z.B. fragt es immer ob Mozilla Standartbrowser sein soll oder sind erlaubte Scripte nach dem Herunterfahren wieder verboten. Mozilla ist ebenso nicht als Administrator benutzbar sondern nur im zweiten Profil, war es anscheinend aber auch nie - evt. Neuinstallation?
Das Problem mit der CPU Auslastung besteht weiterhin. Ansonsten läuft der PC etwas flüssiger aber nicht so wie ich es gewohnt bin.

Alt 07.06.2014, 11:21   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Firefox zurücksetzen:

https://support.mozilla.org/de/kb/fi...einfach-loesen



Funde von ESET kannste manuell löschen. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.06.2014, 20:06   #11
Calinjar
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Zuerst ein kleines Problem: Im Menü des Touchpads ist eine Option aktiviert, die bei angeschlossener USB-Maus das Touchpad deaktivieren soll. Das funktioniert erst nachdem ich in der Systemeinstellung das Touchpad aktiviere und neu deaktiviere, also das gesamte Gerät.

Leider besteht das CPU Problem weiterhin, der Start von Firefox allein sorgt bereits für eine Auslastung von ~70%

Alt 08.06.2014, 09:57   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Zitat:
Im Menü des Touchpads ist eine Option aktiviert, die bei angeschlossener USB-Maus das Touchpad deaktivieren soll. Das funktioniert erst nachdem ich in der Systemeinstellung das Touchpad aktiviere und neu deaktiviere, also das gesamte Gerät.
Software vom Touch schon mal neu installiert?


ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.06.2014, 14:05   #13
Calinjar
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Das Touchpad-Problem ist behoben, danke!

Aus dem ProcessExplorer werd' ich leider nicht schlau, ich kann leider nicht herauslesen welche Prozesse für die Auslastung sorgen, deshalb habe ich einfach mal ein paar Screens gemacht.

Ich würde am ehesten auf svchost oder den Explorer tippen. Beim Starten von Programmen springt meist ein Antimalwaretask - MSMPEng.exe - (ich glaube von MS Security Essentials) mit hoch, geht danach aber wieder runter.
Angehängte Grafiken
Dateityp: jpg Idle 1.jpg (127,5 KB, 170x aufgerufen)
Dateityp: jpg idle sortiert nach cpu.jpg (128,7 KB, 275x aufgerufen)
Dateityp: jpg firefox1.jpg (128,9 KB, 290x aufgerufen)
Dateityp: jpg firefox sortiert nach cpu.jpg (130,2 KB, 164x aufgerufen)
Dateityp: jpg 2tasks.jpg (133,2 KB, 237x aufgerufen)
Dateityp: jpg 2tasks sortiert nach CPU.jpg (128,4 KB, 179x aufgerufen)

Alt 09.06.2014, 16:56   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann nochmal zurücksetzen:
https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.06.2014, 19:05   #15
Calinjar
 
Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Standard

Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


Firefox lässt sich seltsamerweise nicht mit Revo deinstallieren, da es im Admin Profil nicht einmal als Programm auftaucht, sehrwohl aber im Internet-Profil. Wenn ich versuche Firefox aus dem Adminprofil zu starten, sagt er mir, dass ich keine Erlaubnis habe. Gibt es 'ne andere Möglichkeit es dennoch zu deinstallieren? Über die Systemsteuerung sowie auch den CC-Cleaner wird es als Programm angezeigt (da CC-Cleaner nicht als Admin arbeiten will, glaube ich).

Antwort
Seite 1 von 2 1 2

Themen zu Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?
100%, absturz, auslastung, beim starten, computer, firefox, grafikkarte, home, java/exploit.agent.nke, löschen, problem, programme, pup.optional.softonic.a, security, svchost.exe, win32/downloadsponsor.a, win32/softonicdownloader.e, win32/toolbar.conduit, win32/toolbar.conduit.y, win32/toolbar.widgi.b, windows


« Win 8.1: Einige Websites nicht erreichbar | WIN7 - Chrome startet immer mit websearches Seite »


Ähnliche Themen: Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?


  1. CPU Auslastung immer 49% oder höher
    Alles rund um Windows - 04.10.2015 (7)
  2. LOT Polish Airlines: Flugverkehr nach Hackerangriff wieder normal
    Nachrichten - 22.06.2015 (0)
  3. Ungewöhnliches Verhalten nachts, Mac startet neu kein Absturz - ist das normal?
    Alles rund um Mac OSX & Linux - 08.05.2015 (2)
  4. Win 8 auf Win Vista - PC hängt sich häufig auf, läuft nach 0,5 - 3 min. normal weiter ohne Fehlermeldung
    Alles rund um Windows - 15.03.2015 (5)
  5. Absturz des Laptops bei jedem Viren Scan
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (17)
  6. Nach Absturz des PCs hohe CPU Auslastung und weniger FPS in Spielen
    Netzwerk und Hardware - 12.03.2014 (0)
  7. Windows friert nach Start für eine Weile ein, danach alles normal
    Log-Analyse und Auswertung - 09.05.2013 (3)
  8. Bei Abspielen von Videos - lautes Störgeräusch, PC reagiert nicht, nach >1Min. wieder normal
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (10)
  9. Bluescreen nach Kaspersky Rescue Scan (10h) -> normal und abgesichter Modus
    Diskussionsforum - 05.08.2012 (9)
  10. Nur Firefox trotzdem dauerhaft 40 % Auslastung - normal?
    Log-Analyse und Auswertung - 20.09.2011 (1)
  11. Mein CPU Auslastung ist nicht Normal
    Log-Analyse und Auswertung - 14.07.2011 (2)
  12. nach pc-absturz immer bluescreens und 90% CPU auslastung
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  13. Sehr hohe CPU auslastung bis zum absturz ( ohne erkenntlichen grund )
    Log-Analyse und Auswertung - 17.01.2010 (39)
  14. CPU Auslastung nicht normal!
    Log-Analyse und Auswertung - 18.10.2009 (5)
  15. CPU Auslastung liegt im Ruhezustand bei 50% und noch höher!
    Log-Analyse und Auswertung - 19.03.2009 (3)
  16. explorer.exe Auslastung oft höher als 50%; hier mein Log:
    Log-Analyse und Auswertung - 03.06.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? - Hallo liebe User, zu meinem Problem: Mein Computer ist jetzt etwa 3-4 Jahre alt und lief nahezu einwandfrei, abgesehen von einigen Treiberupdates die ich machen musste. Ich benutze den Laptop - Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren?...
Archiv
Du betrachtest: Win 7 - CPU Auslastung höher als normal nach Absturz, evt. Viren? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55