|
Plagegeister aller Art und deren Bekämpfung: UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.06.2014, 14:54 | #16 |
| UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Hab dort ein wenig andere Einstellungen, so richtig? |
02.06.2014, 14:59 | #17 |
/// TB-Ausbilder /// Anleitungs-Guru | UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)
__________________ |
02.06.2014, 20:02 | #18 |
| UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=a2f61345e2f4f34d98a347a24b2b2f0f # engine=18510 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-06-02 04:26:44 # local_time=2014-06-02 06:26:44 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 97 90785 166146894 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 35410 153356254 0 0 # scanned=333265 # found=23 # cleaned=0 # scan_time=8553 sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\OpenCandy\AE9FBEA9A5914E43A9B3006899EF72E4\conduitinstaller.exe.vir" sh=818EB70506F0C2CE0936CE66E6E5E5286317E70A ft=1 fh=23b2c0ba60867e14 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\OpenCandy\AE9FBEA9A5914E43A9B3006899EF72E4\OCBrowserHelper_1.0.5.112.dll.vir" sh=BDA020EF3675D8F109CDCB95A2939CD8FA14E2E9 ft=1 fh=f8ce3e1d43870230 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\NetmarbleGlobal\MarbleStation\xfire_installer.exe" sh=6685D8384BB5B1798F158D2453508A5FFC4A5B85 ft=1 fh=61bb1dd78b5e1d10 vn="Variante von Generik.FAOGOGR Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\UserLayoutOne.exe.vir" sh=6685D8384BB5B1798F158D2453508A5FFC4A5B85 ft=1 fh=61bb1dd78b5e1d10 vn="Variante von Generik.FAOGOGR Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Public\Documents\MSDCSC\msdcsc.exe.vir" sh=6685D8384BB5B1798F158D2453508A5FFC4A5B85 ft=1 fh=61bb1dd78b5e1d10 vn="Variante von Generik.FAOGOGR Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\Documents\MSDCSC\msdcsc.exe.vir" sh=9C7DF85D155CF0E8A13FB9A3DC92591FF5AF7FD2 ft=0 fh=0000000000000000 vn="VBS/Starter.NAQ Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\VOKYV\setup.vbs.vir" sh=1473B48E6BEEB45669E71DB734AB7B77F7A372C9 ft=0 fh=0000000000000000 vn="BAT/Starter.NBI Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\VOKYV\start.cmd.vir" sh=B19598D30254DDDAD081FC94F0F15BA0E30029B3 ft=0 fh=0000000000000000 vn="VBS/Runner.NBV Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\VOKYV\start.vbs.vir" sh=729BF7081904065A6713FFA2395DB039DEE07050 ft=0 fh=0000000000000000 vn="Variante von Win32/GameCheat.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Desktop\GTA Mods\Cleo Mods\Cheats n Hacks\3D-ESP-BOX.rar" sh=6812DF73465ECB5DA1749CAA0057D3576851FBD1 ft=0 fh=0000000000000000 vn="MSIL/DllInject.BD potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Desktop\Stuff\bullshit\fatal_beta.rar" sh=59111065ACB6B8D0098A3E4D4929EBBBD4AFCE40 ft=1 fh=4f447d52413051dc vn="MSIL/DllInject.BD potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Desktop\Stuff\bullshit\InjectionLibrary.dll" sh=8C310AA5B0DCDAE2E9F266DD3AAFBCF1791A17D0 ft=1 fh=3303acb538d1e29c vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Desktop\Stuff\bullshit\Injector.exe" sh=59111065ACB6B8D0098A3E4D4929EBBBD4AFCE40 ft=1 fh=4f447d52413051dc vn="MSIL/DllInject.BD potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Desktop\Stuff\bullshit\fatal_beta\InjectionLibrary.dll" sh=487A99B920CD1C6E8AA7E98A28741F1B5945499E ft=1 fh=f00cfd651cbd0b07 vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Documents\Visual Studio 2010\Projects\Injector\Injector\Injector\bin\Debug\Injector.exe" sh=C6CA12FBBD3FC8471567B0007D7B8241DF727BE0 ft=1 fh=e622cb4a23bf5beb vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Documents\Visual Studio 2010\Projects\Injector\Injector\Injector\bin\Release\Injector.exe" sh=487A99B920CD1C6E8AA7E98A28741F1B5945499E ft=1 fh=f00cfd651cbd0b07 vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Documents\Visual Studio 2010\Projects\Injector\Injector\Injector\obj\x86\Debug\Injector.exe" sh=C6CA12FBBD3FC8471567B0007D7B8241DF727BE0 ft=1 fh=e622cb4a23bf5beb vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Documents\Visual Studio 2010\Projects\Injector\Injector\Injector\obj\x86\Release\Injector.exe" sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0" sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0" |
02.06.2014, 20:12 | #19 |
/// TB-Ausbilder /// Anleitungs-Guru | UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)Code:
ATTFilter C:\Users\user\Desktop\Stuff\bullshit\Injector.exe
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.06.2014, 20:17 | #20 |
| UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Das ist ein kleines Projekt von mir, das ich mit Visual Basics gemacht hab, ist eigentlich kein Virus. Eher ein unerwünschtes Programm vom Scanner... |
02.06.2014, 20:19 | #21 |
/// TB-Ausbilder /// Anleitungs-Guru | UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Dann willst es behalten?
__________________ --> UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) |
02.06.2014, 20:41 | #22 |
| UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Ne kann ruhig weg, funktioniert eh nicht richtig, hab was falsch gemacht. Bin noch Anfänger im Coding. |
02.06.2014, 20:43 | #23 |
/// TB-Ausbilder /// Anleitungs-Guru | UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Kannst ja dann selber löschen das Zeug... Ich poste Dir dann morgen die restlichen Schritte...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.06.2014, 21:12 | #24 |
| UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Wird gemacht, bis morgen. |
03.06.2014, 07:27 | #25 |
/// TB-Ausbilder /// Anleitungs-Guru | UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Hi, so gehts weiter: Schritt 1 Bitte deinstalliere folgende Programme: Java 7 Update 55 Java 7 Update 17 Java(TM) 6 Update 33 Java(TM) 6 Update 39 Lade Dir bitte dazu Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
Temporäre Dateien löschen
Schritt 2 Opera-Update: Geht so... Falls Du diese Version behalten möchtest, sollte Dir klar sein, dass es ein Sicherheitsrisiko darstellt... Firefox wenn gewünscht bitte via "Firefox-Hilfe-Über Firefox" auf die Version 29 aktualisieren... Java bitte von hier neu herunterladen. Grundsätzlich bei solchen Downloads (Flash etc.) die "optionalen Angebote" ablehnen... Schritt 3 Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
03.06.2014, 15:47 | #26 |
| UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Alles erledigt. Hatte heute morgen leider keine Zeit, entschuldige die "Verspätung". FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by user (administrator) on STANS-PC on 03-06-2014 16:45:31 Running from C:\Users\user\Desktop Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA) HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-08] (FNet Co., Ltd.) HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-31] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files (x86)\brother\controlcenter3\brctrcensrv.exe, [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation) HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-29] () HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd) HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-06-02] () <==== ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB4A034104DDECE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {4CA0C149-4213-4B04-B3CA-76141F79093B} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKCU - {6EC98539-C975-41B0-8D84-967EBD599058} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {A31EAB68-FEA5-4C79-903F-9CB11BCA86E9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8 BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKCU - No Name - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default FF NewTab: chrome://quick_start/content/index.html FF NetworkProxy: "http", "localhost" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-10] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-24] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-06] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [] CHR HKLM-x32\...\Chrome\Extension: [neibkbfmjpkenkbjpajgfkedjaehefnc] - C:\ProgramData\DownloadnSave\neibkbfmjpkenkbjpajgfkedjaehefnc.crx [] CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [] CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S2 Mikogo-Service; C:\Users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] () S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-01-08] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-08] (FNet Co., Ltd.) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X] S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion 2014-06-03 16:44 - 2014-06-03 16:44 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-03 16:41 - 2014-06-03 16:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-03 16:39 - 2014-06-03 16:39 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u60.exe 2014-06-03 16:37 - 2014-06-03 16:37 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-03 16:36 - 2014-06-03 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-03 16:34 - 2014-06-03 16:34 - 00004026 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375122614 2014-06-03 16:23 - 2014-06-03 16:24 - 00000000 ____D () C:\Users\user\Desktop\revouninstaller-portable 2014-06-03 16:18 - 2014-06-03 16:18 - 00000000 ____D () C:\ProgramData\Sun 2014-06-03 16:16 - 2014-06-03 16:16 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip 2014-06-03 13:24 - 2014-06-03 13:24 - 00004065 _____ () C:\Windows\collectionCache.bnk 2014-06-02 22:55 - 2014-06-02 22:55 - 00004065 _____ () C:\Windows\SysWOW64\collectionCache.bnk 2014-06-02 21:38 - 2014-06-02 21:38 - 00000132 _____ () C:\Users\user\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-06-02 15:46 - 2014-06-02 15:46 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-06-02 09:01 - 2014-06-02 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-02 09:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-02 09:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-02 09:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-02 08:59 - 2014-06-02 09:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-02 08:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-02 08:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-02 08:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-02 08:03 - 2014-06-02 08:22 - 00000000 ____D () C:\Qoobox 2014-06-02 08:03 - 2014-06-02 08:20 - 00000000 ____D () C:\Windows\erdnt 2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2014-06-02 08:00 - 2014-06-02 08:01 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe 2014-06-01 21:14 - 2014-06-03 16:45 - 00020271 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-01 21:14 - 2014-06-01 21:15 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt 2014-06-01 21:13 - 2014-06-03 16:45 - 00000000 ____D () C:\FRST 2014-06-01 21:11 - 2014-06-03 16:45 - 02068992 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303} 2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46} 2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software 2014-05-31 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-31 11:40 - 2014-05-31 11:43 - 00000000 ____D () C:\AdwCleaner 2014-05-31 11:36 - 2014-05-31 12:07 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log 2014-05-27 13:48 - 2014-06-03 13:16 - 895717872 _____ () C:\Windows\MEMORY.DMP 2014-05-27 12:49 - 2014-06-02 08:16 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC 2014-05-24 03:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32_backup_wti.dll 2014-05-24 03:11 - 2011-07-05 04:00 - 01857536 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame_backup_wti.dll 2014-05-24 03:11 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr_backup_wti.dll 2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de 2014-05-23 20:09 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006 2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007 2014-05-23 20:09 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\Google 2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp 2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005 2014-05-20 21:16 - 2014-05-20 21:17 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-18 02:45 - 2014-05-18 02:35 - 00000000 ____D () C:\images_gui 2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004 2014-05-18 01:43 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\Google 2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003 2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation 2014-05-17 13:08 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys 2014-05-17 12:01 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-17 12:01 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-17 12:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-17 12:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-17 12:01 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-17 12:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 23:46 - 2014-06-01 19:14 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010 2014-05-15 23:46 - 2014-05-19 00:37 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express 2014-05-15 13:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 13:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 13:03 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 13:03 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 13:03 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 13:03 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 13:03 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 13:03 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 13:03 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 13:03 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 13:03 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 13:03 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 13:03 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 13:03 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 13:03 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 13:03 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 13:03 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 13:03 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator 2014-05-06 16:02 - 2014-05-03 22:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-06 16:02 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-06 16:02 - 2013-10-09 00:20 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010 2014-05-06 16:02 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-05-06 16:02 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-05-04 12:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-05-04 12:18 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-05-04 12:18 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb 2014-05-04 12:18 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-05-04 12:18 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-05-04 12:11 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-04 12:11 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll ==================== One Month Modified Files and Folders ======= 2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion 2014-06-03 16:45 - 2014-06-01 21:14 - 00020271 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-03 16:45 - 2014-06-01 21:13 - 00000000 ____D () C:\FRST 2014-06-03 16:45 - 2014-06-01 21:11 - 02068992 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-03 16:45 - 2012-01-08 00:36 - 00000000 ____D () C:\Users\user\AppData\Local\Temp 2014-06-03 16:44 - 2014-06-03 16:44 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-03 16:44 - 2012-01-16 15:24 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job 2014-06-03 16:42 - 2012-06-03 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify 2014-06-03 16:41 - 2014-06-03 16:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-03 16:39 - 2014-06-03 16:39 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u60.exe 2014-06-03 16:37 - 2014-06-03 16:37 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-03 16:37 - 2014-06-03 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-03 16:37 - 2013-10-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-03 16:34 - 2014-06-03 16:34 - 00004026 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375122614 2014-06-03 16:34 - 2013-07-29 20:30 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-03 16:34 - 2012-03-05 19:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-03 16:28 - 2012-06-14 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-03 16:24 - 2014-06-03 16:23 - 00000000 ____D () C:\Users\user\Desktop\revouninstaller-portable 2014-06-03 16:23 - 2013-04-24 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-03 16:23 - 2012-01-16 14:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-06-03 16:22 - 2012-01-21 16:58 - 00000000 ____D () C:\Program Files\Java 2014-06-03 16:20 - 2012-01-30 01:40 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-03 16:18 - 2014-06-03 16:18 - 00000000 ____D () C:\ProgramData\Sun 2014-06-03 16:16 - 2014-06-03 16:16 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip 2014-06-03 16:09 - 2009-07-14 06:51 - 00151603 _____ () C:\Windows\setupact.log 2014-06-03 13:34 - 2012-03-05 19:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-03 13:25 - 2012-01-08 00:38 - 01154883 _____ () C:\Windows\WindowsUpdate.log 2014-06-03 13:24 - 2014-06-03 13:24 - 00004065 _____ () C:\Windows\collectionCache.bnk 2014-06-03 13:22 - 2012-10-06 23:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-03 13:22 - 2012-06-03 19:57 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify 2014-06-03 13:20 - 2012-03-02 21:25 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-03 13:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-06-03 13:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-03 13:16 - 2014-05-27 13:48 - 895717872 _____ () C:\Windows\MEMORY.DMP 2014-06-03 13:16 - 2013-06-07 21:53 - 00000000 ____D () C:\Windows\Minidump 2014-06-03 13:16 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA 2014-06-03 13:15 - 2012-01-12 14:38 - 01790486 _____ () C:\Windows\PFRO.log 2014-06-02 23:44 - 2012-01-16 15:24 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job 2014-06-02 22:55 - 2014-06-02 22:55 - 00004065 _____ () C:\Windows\SysWOW64\collectionCache.bnk 2014-06-02 22:30 - 2009-07-14 19:58 - 00833144 _____ () C:\Windows\system32\perfh007.dat 2014-06-02 22:30 - 2009-07-14 19:58 - 00200788 _____ () C:\Windows\system32\perfc007.dat 2014-06-02 22:30 - 2009-07-14 07:13 - 01962462 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-02 21:38 - 2014-06-02 21:38 - 00000132 _____ () C:\Users\user\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-06-02 21:38 - 2012-01-26 14:48 - 88251904 ___SH () C:\Users\user\Desktop\Thumbs.db 2014-06-02 15:50 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-02 15:50 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-02 15:46 - 2014-06-02 15:46 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-06-02 13:34 - 2013-04-25 22:33 - 00925184 _____ () C:\Windows\expstart.exe 2014-06-02 13:33 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0 2014-06-02 09:27 - 2014-02-25 16:22 - 00000000 ___HD () C:\ProgramData\YTD Video Downloader 2014-06-02 09:27 - 2013-06-28 23:08 - 00000000 ____D () C:\Windows\SysWOW64\DCSCMIN 2014-06-02 09:04 - 2014-06-02 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-02 09:00 - 2014-06-02 08:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-02 08:22 - 2014-06-02 08:03 - 00000000 ____D () C:\Qoobox 2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-02 08:21 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006 2014-06-02 08:20 - 2014-06-02 08:03 - 00000000 ____D () C:\Windows\erdnt 2014-06-02 08:19 - 2009-07-14 04:34 - 00000312 _____ () C:\Windows\system.ini 2014-06-02 08:16 - 2014-05-27 12:49 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC 2014-06-02 08:16 - 2013-05-16 12:45 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-02 08:16 - 2012-01-20 20:51 - 00000000 __SHD () C:\Users\user\Documents\MSDCSC 2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2014-06-02 08:01 - 2014-06-02 08:00 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe 2014-06-01 21:15 - 2014-06-01 21:14 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt 2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 19:55 - 2014-04-29 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\WTablet 2014-06-01 19:14 - 2014-05-15 23:46 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010 2014-06-01 18:50 - 2014-04-25 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303} 2014-06-01 17:57 - 2013-10-07 20:57 - 00000000 ___RD () C:\Users\user\Desktop\GTA Mods 2014-06-01 17:54 - 2012-02-24 17:38 - 00000000 ___RD () C:\Users\user\Desktop\Stuff 2014-06-01 17:02 - 2013-08-08 14:19 - 00000000 ____D () C:\Users\user\Documents\GTA San Andreas User Files 2014-05-31 20:08 - 2013-01-04 19:42 - 00000000 ____D () C:\Users\user\AppData\Local\Mato_Technologies 2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46} 2014-05-31 16:02 - 2012-10-28 23:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2014-05-31 12:22 - 2012-02-26 00:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games 2014-05-31 12:07 - 2014-05-31 11:36 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-31 12:07 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-31 12:07 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software 2014-05-31 11:43 - 2014-05-31 11:40 - 00000000 ____D () C:\AdwCleaner 2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-31 11:36 - 2013-03-10 17:07 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-05-31 11:36 - 2013-03-10 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-05-31 11:36 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401530828817 2014-05-31 11:36 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401530828817 2014-05-31 11:36 - 2012-10-06 23:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-05-31 11:36 - 2012-10-06 23:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-05-31 11:36 - 2012-10-06 23:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-05-31 11:31 - 2012-10-06 23:10 - 00000000 ___HD () C:\ProgramData\AVAST Software 2014-05-31 11:30 - 2012-10-06 23:10 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2014-05-31 11:27 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment 2014-05-31 10:08 - 2012-01-19 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft 2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log 2014-05-29 16:56 - 2013-09-11 22:23 - 00000000 ____D () C:\Users\user\AppData\Local\fabi.me 2014-05-29 13:22 - 2013-09-25 16:27 - 00000000 ____D () C:\Users\user\Documents\Bewerbungszeug 2014-05-27 14:05 - 2012-02-24 17:59 - 00000000 ___HD () C:\ProgramData\MTA San Andreas All 2014-05-26 21:40 - 2013-04-11 13:37 - 00014336 ___SH () C:\Users\user\AppData\Roaming\Thumbs.db 2014-05-26 21:00 - 2013-03-01 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-26 21:00 - 2012-01-16 14:09 - 00000000 ___HD () C:\ProgramData\Skype 2014-05-24 03:11 - 2013-04-25 22:40 - 01566616 _____ () C:\Windows\UTP.exe 2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de 2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007 2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp 2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005 2014-05-22 22:48 - 2013-01-04 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client 2014-05-20 21:17 - 2014-05-20 21:16 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-19 15:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-19 00:37 - 2014-05-15 23:46 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express 2014-05-18 02:35 - 2014-05-18 02:45 - 00000000 ____D () C:\images_gui 2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004 2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003 2014-05-18 00:12 - 2012-09-28 22:47 - 00000000 ___RD () C:\Users\user\Desktop\GFX Stuff 2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation 2014-05-17 21:56 - 2013-10-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0 2014-05-17 18:56 - 2013-08-21 20:33 - 00000000 ____D () C:\Users\user\minecraft 2014-05-17 13:20 - 2012-01-08 00:37 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-17 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-17 11:58 - 2013-08-15 13:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-17 11:56 - 2009-10-14 07:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors 2014-05-14 14:38 - 2012-06-16 17:28 - 00000000 ____D () C:\Program Files (x86)\RocketDock 2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 23:29 - 2012-06-14 22:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 23:29 - 2012-06-14 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 23:29 - 2012-01-16 14:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-12 07:26 - 2014-06-02 09:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-02 09:01 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-02 09:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 10:26 - 2013-12-22 21:43 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive 2014-05-07 13:29 - 2012-03-05 19:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-07 13:29 - 2012-03-05 19:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator 2014-05-06 06:40 - 2014-05-17 12:01 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-17 12:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-17 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-17 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 23:39 - 2012-01-16 15:24 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA 2014-05-05 23:39 - 2012-01-16 15:24 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core 2014-05-04 12:25 - 2012-10-06 17:11 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA Corporation 2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-04 12:13 - 2014-04-07 01:46 - 00000000 ____D () C:\Users\user\AppData\Local\NVIDIA Corporation ZeroAccess: C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512} C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}\@ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe [2012-01-16 15:08] - [2011-02-25 07:30] - 2616320 ____A (Microsoft Corporation) 697651F303443F98F7EC76D4DCAE6789 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 13:58 ==================== End Of Log ============================ --- --- --- |
03.06.2014, 15:52 | #27 |
/// TB-Ausbilder /// Anleitungs-Guru | UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Hi, Addition.txt fehlt noch. Haken setzen vor dem Scan...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
03.06.2014, 16:11 | #28 |
| UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Achja, hier: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by user (administrator) on STANS-PC on 03-06-2014 17:09:48 Running from C:\Users\user\Desktop Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA) HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-08] (FNet Co., Ltd.) HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-31] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files (x86)\brother\controlcenter3\brctrcensrv.exe, [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation) HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-29] () HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd) HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-06-02] () <==== ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB4A034104DDECE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {4CA0C149-4213-4B04-B3CA-76141F79093B} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKCU - {6EC98539-C975-41B0-8D84-967EBD599058} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {A31EAB68-FEA5-4C79-903F-9CB11BCA86E9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8 BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKCU - No Name - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default FF NewTab: chrome://quick_start/content/index.html FF NetworkProxy: "http", "localhost" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-10] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-24] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-06] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [] CHR HKLM-x32\...\Chrome\Extension: [neibkbfmjpkenkbjpajgfkedjaehefnc] - C:\ProgramData\DownloadnSave\neibkbfmjpkenkbjpajgfkedjaehefnc.crx [] CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [] CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S2 Mikogo-Service; C:\Users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] () S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-01-08] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-08] (FNet Co., Ltd.) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X] S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion 2014-06-03 16:44 - 2014-06-03 16:44 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-03 16:41 - 2014-06-03 16:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-03 16:39 - 2014-06-03 16:39 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u60.exe 2014-06-03 16:37 - 2014-06-03 16:37 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-03 16:36 - 2014-06-03 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-03 16:34 - 2014-06-03 16:34 - 00004026 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375122614 2014-06-03 16:23 - 2014-06-03 16:24 - 00000000 ____D () C:\Users\user\Desktop\revouninstaller-portable 2014-06-03 16:18 - 2014-06-03 16:18 - 00000000 ____D () C:\ProgramData\Sun 2014-06-03 16:16 - 2014-06-03 16:16 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip 2014-06-03 13:24 - 2014-06-03 13:24 - 00004065 _____ () C:\Windows\collectionCache.bnk 2014-06-02 22:55 - 2014-06-02 22:55 - 00004065 _____ () C:\Windows\SysWOW64\collectionCache.bnk 2014-06-02 21:38 - 2014-06-02 21:38 - 00000132 _____ () C:\Users\user\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-06-02 15:46 - 2014-06-02 15:46 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-06-02 09:01 - 2014-06-02 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-02 09:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-02 09:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-02 09:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-02 08:59 - 2014-06-02 09:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-02 08:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-02 08:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-02 08:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-02 08:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-02 08:03 - 2014-06-02 08:22 - 00000000 ____D () C:\Qoobox 2014-06-02 08:03 - 2014-06-02 08:20 - 00000000 ____D () C:\Windows\erdnt 2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2014-06-02 08:00 - 2014-06-02 08:01 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe 2014-06-01 21:14 - 2014-06-03 17:09 - 00020446 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-01 21:14 - 2014-06-01 21:15 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt 2014-06-01 21:13 - 2014-06-03 17:09 - 00000000 ____D () C:\FRST 2014-06-01 21:11 - 2014-06-03 16:45 - 02068992 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303} 2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46} 2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software 2014-05-31 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-31 11:40 - 2014-05-31 11:43 - 00000000 ____D () C:\AdwCleaner 2014-05-31 11:36 - 2014-05-31 12:07 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log 2014-05-27 13:48 - 2014-06-03 13:16 - 895717872 _____ () C:\Windows\MEMORY.DMP 2014-05-27 12:49 - 2014-06-02 08:16 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC 2014-05-24 03:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32_backup_wti.dll 2014-05-24 03:11 - 2011-07-05 04:00 - 01857536 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame_backup_wti.dll 2014-05-24 03:11 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr_backup_wti.dll 2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de 2014-05-23 20:09 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006 2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007 2014-05-23 20:09 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\Google 2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp 2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005 2014-05-20 21:16 - 2014-05-20 21:17 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-18 02:45 - 2014-05-18 02:35 - 00000000 ____D () C:\images_gui 2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004 2014-05-18 01:43 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\Google 2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003 2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation 2014-05-17 13:08 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys 2014-05-17 12:01 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-17 12:01 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-17 12:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-17 12:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-17 12:01 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-17 12:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 23:46 - 2014-06-01 19:14 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010 2014-05-15 23:46 - 2014-05-19 00:37 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express 2014-05-15 13:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 13:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 13:03 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 13:03 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 13:03 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 13:03 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 13:03 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 13:03 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 13:03 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 13:03 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 13:03 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 13:03 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 13:03 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 13:03 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 13:03 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 13:03 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 13:03 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 13:03 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 13:03 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 13:03 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 13:03 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator 2014-05-06 16:02 - 2014-05-03 22:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-06 16:02 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-05-06 16:02 - 2013-10-09 00:20 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010 2014-05-06 16:02 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-05-06 16:02 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-05-04 12:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-05-04 12:18 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-05-04 12:18 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-05-04 12:18 - 2014-03-04 16:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb 2014-05-04 12:18 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-05-04 12:18 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-05-04 12:11 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-04 12:11 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll ==================== One Month Modified Files and Folders ======= 2014-06-03 17:09 - 2014-06-01 21:14 - 00020446 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-03 17:09 - 2014-06-01 21:13 - 00000000 ____D () C:\FRST 2014-06-03 17:09 - 2012-01-08 00:36 - 00000000 ____D () C:\Users\user\AppData\Local\Temp 2014-06-03 17:03 - 2012-06-03 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify 2014-06-03 16:48 - 2012-01-16 14:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion 2014-06-03 16:45 - 2014-06-01 21:11 - 02068992 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-03 16:44 - 2014-06-03 16:44 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-03 16:44 - 2012-01-16 15:24 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job 2014-06-03 16:41 - 2014-06-03 16:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-06-03 16:41 - 2014-06-03 16:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-03 16:39 - 2014-06-03 16:39 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u60.exe 2014-06-03 16:37 - 2014-06-03 16:37 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-03 16:37 - 2014-06-03 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-03 16:37 - 2013-10-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-03 16:34 - 2014-06-03 16:34 - 00004026 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375122614 2014-06-03 16:34 - 2013-07-29 20:30 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-03 16:34 - 2012-03-05 19:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-03 16:28 - 2012-06-14 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-03 16:24 - 2014-06-03 16:23 - 00000000 ____D () C:\Users\user\Desktop\revouninstaller-portable 2014-06-03 16:23 - 2013-04-24 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-03 16:22 - 2012-01-21 16:58 - 00000000 ____D () C:\Program Files\Java 2014-06-03 16:20 - 2012-01-30 01:40 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-03 16:18 - 2014-06-03 16:18 - 00000000 ____D () C:\ProgramData\Sun 2014-06-03 16:16 - 2014-06-03 16:16 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip 2014-06-03 16:09 - 2012-01-08 00:38 - 01154883 _____ () C:\Windows\WindowsUpdate.log 2014-06-03 16:09 - 2009-07-14 06:51 - 00151603 _____ () C:\Windows\setupact.log 2014-06-03 13:34 - 2012-03-05 19:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-03 13:24 - 2014-06-03 13:24 - 00004065 _____ () C:\Windows\collectionCache.bnk 2014-06-03 13:22 - 2012-10-06 23:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-03 13:22 - 2012-06-03 19:57 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify 2014-06-03 13:20 - 2012-03-02 21:25 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-03 13:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-06-03 13:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-03 13:16 - 2014-05-27 13:48 - 895717872 _____ () C:\Windows\MEMORY.DMP 2014-06-03 13:16 - 2013-06-07 21:53 - 00000000 ____D () C:\Windows\Minidump 2014-06-03 13:16 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA 2014-06-03 13:15 - 2012-01-12 14:38 - 01790486 _____ () C:\Windows\PFRO.log 2014-06-02 23:44 - 2012-01-16 15:24 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job 2014-06-02 22:55 - 2014-06-02 22:55 - 00004065 _____ () C:\Windows\SysWOW64\collectionCache.bnk 2014-06-02 22:30 - 2009-07-14 19:58 - 00833144 _____ () C:\Windows\system32\perfh007.dat 2014-06-02 22:30 - 2009-07-14 19:58 - 00200788 _____ () C:\Windows\system32\perfc007.dat 2014-06-02 22:30 - 2009-07-14 07:13 - 01962462 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-02 21:38 - 2014-06-02 21:38 - 00000132 _____ () C:\Users\user\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-06-02 21:38 - 2012-01-26 14:48 - 88251904 ___SH () C:\Users\user\Desktop\Thumbs.db 2014-06-02 15:50 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-02 15:50 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-02 15:46 - 2014-06-02 15:46 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-06-02 13:34 - 2013-04-25 22:33 - 00925184 _____ () C:\Windows\expstart.exe 2014-06-02 13:33 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0 2014-06-02 09:27 - 2014-02-25 16:22 - 00000000 ___HD () C:\ProgramData\YTD Video Downloader 2014-06-02 09:27 - 2013-06-28 23:08 - 00000000 ____D () C:\Windows\SysWOW64\DCSCMIN 2014-06-02 09:04 - 2014-06-02 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-02 09:00 - 2014-06-02 08:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-02 08:22 - 2014-06-02 08:03 - 00000000 ____D () C:\Qoobox 2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-02 08:21 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006 2014-06-02 08:20 - 2014-06-02 08:03 - 00000000 ____D () C:\Windows\erdnt 2014-06-02 08:19 - 2009-07-14 04:34 - 00000312 _____ () C:\Windows\system.ini 2014-06-02 08:16 - 2014-05-27 12:49 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC 2014-06-02 08:16 - 2013-05-16 12:45 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-02 08:16 - 2012-01-20 20:51 - 00000000 __SHD () C:\Users\user\Documents\MSDCSC 2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2014-06-02 08:01 - 2014-06-02 08:00 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe 2014-06-01 21:15 - 2014-06-01 21:14 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt 2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-01 19:55 - 2014-04-29 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\WTablet 2014-06-01 19:14 - 2014-05-15 23:46 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010 2014-06-01 18:50 - 2014-04-25 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303} 2014-06-01 17:57 - 2013-10-07 20:57 - 00000000 ___RD () C:\Users\user\Desktop\GTA Mods 2014-06-01 17:54 - 2012-02-24 17:38 - 00000000 ___RD () C:\Users\user\Desktop\Stuff 2014-06-01 17:02 - 2013-08-08 14:19 - 00000000 ____D () C:\Users\user\Documents\GTA San Andreas User Files 2014-05-31 20:08 - 2013-01-04 19:42 - 00000000 ____D () C:\Users\user\AppData\Local\Mato_Technologies 2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46} 2014-05-31 16:02 - 2012-10-28 23:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2014-05-31 12:22 - 2012-02-26 00:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games 2014-05-31 12:07 - 2014-05-31 11:36 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-31 12:07 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-31 12:07 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software 2014-05-31 11:43 - 2014-05-31 11:40 - 00000000 ____D () C:\AdwCleaner 2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-31 11:36 - 2013-03-10 17:07 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-05-31 11:36 - 2013-03-10 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-05-31 11:36 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401530828817 2014-05-31 11:36 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401530828817 2014-05-31 11:36 - 2012-10-06 23:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-05-31 11:36 - 2012-10-06 23:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-05-31 11:36 - 2012-10-06 23:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-05-31 11:31 - 2012-10-06 23:10 - 00000000 ___HD () C:\ProgramData\AVAST Software 2014-05-31 11:30 - 2012-10-06 23:10 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2014-05-31 11:27 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment 2014-05-31 10:08 - 2012-01-19 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft 2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log 2014-05-29 16:56 - 2013-09-11 22:23 - 00000000 ____D () C:\Users\user\AppData\Local\fabi.me 2014-05-29 13:22 - 2013-09-25 16:27 - 00000000 ____D () C:\Users\user\Documents\Bewerbungszeug 2014-05-27 14:05 - 2012-02-24 17:59 - 00000000 ___HD () C:\ProgramData\MTA San Andreas All 2014-05-26 21:40 - 2013-04-11 13:37 - 00014336 ___SH () C:\Users\user\AppData\Roaming\Thumbs.db 2014-05-26 21:00 - 2013-03-01 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-26 21:00 - 2012-01-16 14:09 - 00000000 ___HD () C:\ProgramData\Skype 2014-05-24 03:11 - 2013-04-25 22:40 - 01566616 _____ () C:\Windows\UTP.exe 2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de 2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007 2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp 2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005 2014-05-22 22:48 - 2013-01-04 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client 2014-05-20 21:17 - 2014-05-20 21:16 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-19 15:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-19 00:37 - 2014-05-15 23:46 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express 2014-05-18 02:35 - 2014-05-18 02:45 - 00000000 ____D () C:\images_gui 2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004 2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003 2014-05-18 00:12 - 2012-09-28 22:47 - 00000000 ___RD () C:\Users\user\Desktop\GFX Stuff 2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation 2014-05-17 21:56 - 2013-10-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0 2014-05-17 18:56 - 2013-08-21 20:33 - 00000000 ____D () C:\Users\user\minecraft 2014-05-17 13:20 - 2012-01-08 00:37 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-17 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-17 11:58 - 2013-08-15 13:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-17 11:56 - 2009-10-14 07:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors 2014-05-14 14:38 - 2012-06-16 17:28 - 00000000 ____D () C:\Program Files (x86)\RocketDock 2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 23:29 - 2012-06-14 22:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 23:29 - 2012-06-14 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 23:29 - 2012-01-16 14:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-12 07:26 - 2014-06-02 09:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-02 09:01 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-02 09:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 10:26 - 2013-12-22 21:43 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive 2014-05-07 13:29 - 2012-03-05 19:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-07 13:29 - 2012-03-05 19:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA 2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator 2014-05-06 06:40 - 2014-05-17 12:01 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-17 12:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-17 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-17 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 23:39 - 2012-01-16 15:24 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA 2014-05-05 23:39 - 2012-01-16 15:24 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core 2014-05-04 12:25 - 2012-10-06 17:11 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA Corporation 2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-04 12:13 - 2014-04-07 01:46 - 00000000 ____D () C:\Users\user\AppData\Local\NVIDIA Corporation ZeroAccess: C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512} C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}\@ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe [2012-01-16 15:08] - [2011-02-25 07:30] - 2616320 ____A (Microsoft Corporation) 697651F303443F98F7EC76D4DCAE6789 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 13:58 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014 Ran by user at 2014-06-03 17:10:10 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) ASRock eXtreme Tuner v0.1.78 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - ) ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - ) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software) Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production) Crosshair (HKCU\...\5b164957566923bc) (Version: 1.0.1.1 - Basti B) DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge) Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle) JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation) JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual Basic 2008 Express Edition - DEU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - DEU) (Version: - Microsoft Corporation) Microsoft Visual Basic 2008 Express Edition - DEU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft) Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C# 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{cde5fd82-4a8f-483e-adf0-ca7343d00433}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (Version: 9.0.21022 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}) (Version: 3.5.21022 - Microsoft) Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla) MP3jam 1.1.1.6 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.6 - MP3jam) MSDN Library for Microsoft Visual Studio 2008 Express Editions (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden MSDN Library für Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version: - Microsoft Corporation) MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MTA:SA v1.3.3 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.3 - Multi Theft Auto) Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.061 - Deutsche Telekom AG) Netzmanager (Version: 1.061 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden New Great Effects 1.6 Uninstall (HKLM-x32\...\New Great Effects 1.6 Uninstall) (Version: - ) Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 22.0.1471.50 (HKCU\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA) PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Radio (HKCU\...\e17cdb53303d6bd9) (Version: 1.0.0.18 - Microsoft) Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - ) ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer) T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - ) T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - ) Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.0 - Topaz Labs, LLC) Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1 - Topaz Labs, LLC) Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs, LLC) Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC) Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs, LLC) Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.1.0 - Topaz Labs, LLC) Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC) Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC) Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs, LLC) Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.0.0 - Topaz Labs, LLC) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation) VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden Vegas Pro 10.0 (HKLM-x32\...\{6E0E4D61-11EC-11E0-B454-0013D3D69929}) (Version: 10.0.469 - Sony) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XFastUsb (HKLM-x32\...\XFastUsb) (Version: - ) YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL) ==================== Restore Points ========================= 01-06-2014 17:00:12 Windows-Sicherung 03-06-2014 10:43:24 Windows Update 03-06-2014 14:17:33 Removed Java 7 Update 55 03-06-2014 14:18:33 Removed Java 7 Update 17 (64-bit) 03-06-2014 14:20:01 Removed Java(TM) 6 Update 33 03-06-2014 14:21:24 Removed Java(TM) 6 Update 39 (64-bit) 03-06-2014 14:26:13 Revo Uninstaller's restore point - Camtasia Studio 7 03-06-2014 14:41:08 Installed Java 7 Update 60 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-06-02 08:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {15DF1B55-64F5-4CE5-977B-A69E7F562DA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.) Task: {263A08EF-E768-4BDE-BA6C-2BB0C29575AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.) Task: {3950AADF-E2EB-4979-A1E3-200733FD5914} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {3EA8CC69-B289-4A12-B22D-E5576524F962} - System32\Tasks\Opera scheduled Autoupdate 1375122614 => C:\Program Files (x86)\Opera\launcher.exe [2014-05-27] (Opera Software) Task: {6EAA3458-E9F2-4975-9F9E-0AC679653234} - \Software Updater Ui No Task File <==== ATTENTION Task: {703F8FAD-E525-41B8-A46A-39E4B715E26F} - System32\Tasks\{5785815B-F91D-4A1B-8C52-2EB9FDBB3691} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.114/de/abandoninstall?page=tsProgressBar Task: {740E0DE0-0235-4EDD-A714-7A13A9F70C2A} - System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303} => C:\ProgramData\UserLayoutOne.exe Task: {8278A5C6-8BA6-458E-ABE5-872BD0943B13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {93648F88-1D29-4690-8CB6-0CEC42D5E964} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.) Task: {9EA15BC2-9C7D-4786-A1E1-7FB66A709D51} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-31] (AVAST Software) Task: {CA461829-15E6-421E-9211-FB8F749455AB} - \Software Updater No Task File <==== ATTENTION Task: {D5A03701-F1BD-4B0D-8431-66591B4D4EC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.) Task: {F1DF7BB2-0AF8-45EA-8CC7-42C1DE66404A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {FB4078B5-96A1-40C0-88B4-7DE07D012F39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-01-08 01:00 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-06-16 17:28 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2012-01-08 00:46 - 2011-02-22 08:03 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2012-01-08 00:46 - 2011-02-22 08:03 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2012-01-08 00:46 - 2011-02-22 08:03 - 00621168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll 2013-09-24 22:35 - 2014-05-15 17:54 - 00598072 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2014-06-03 12:32 - 2014-06-03 12:32 - 02260480 _____ () C:\Program Files\AVAST Software\Avast\defs\14060300\algo.dll 2012-06-16 17:28 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2012-06-03 19:57 - 2014-05-15 17:54 - 36966968 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libcef.dll 2014-05-31 11:36 - 2014-05-31 11:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-09-24 22:35 - 2014-05-15 17:54 - 00886840 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libglesv2.dll 2013-09-24 22:35 - 2014-05-15 17:54 - 00108600 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libegl.dll 2014-05-13 23:29 - 2014-05-13 23:29 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll 2014-05-21 19:59 - 2014-05-14 01:40 - 00716616 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll 2014-05-21 19:59 - 2014-05-14 01:40 - 00126280 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll 2014-05-21 19:59 - 2014-05-14 01:40 - 04217672 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll 2014-05-21 19:59 - 2014-05-14 01:40 - 00414536 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll 2014-05-21 19:59 - 2014-05-14 01:40 - 01732424 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll 2014-05-21 19:59 - 2014-05-14 01:40 - 13695816 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\user\Anwendungsdaten:NT AlternateDataStreams: C:\Users\user\AppData\Roaming:NT ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/03/2014 04:44:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/03/2014 04:41:09 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {9aed2fca-641f-48f1-ba62-2c7d8c8f77cb} Error: (06/03/2014 04:27:08 PM) (Source: MsiInstaller) (EventID: 11721) (User: STANS-PC) Description: Produkt: Camtasia Studio 7 -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: TSC_RemoveMediaLibrary, Pfad: C:\Program Files (x86)\TechSmith\Camtasia Studio 7\, Befehl: C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe /uninstallliball Error: (06/03/2014 04:26:13 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {6f8fc7cc-b871-4ef5-b71c-44633623d157} Error: (06/03/2014 04:21:24 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a} Error: (06/03/2014 04:20:01 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a} Error: (06/03/2014 04:18:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a} Error: (06/03/2014 04:17:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a} Error: (06/03/2014 00:43:24 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {f87a7b15-75ec-445a-a579-cdf599157119} Error: (06/02/2014 08:59:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (06/03/2014 01:17:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Mikogo-Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/03/2014 01:16:30 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000116 (0xfffffa800f9714e0, 0xfffff8800f9d7e2c, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP Error: (06/03/2014 01:16:30 PM) (Source: BugCheck) (EventID: 1005) (User: ) Description: Error: (06/03/2014 01:16:29 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 03.06.2014 um 13:15:05 unerwartet heruntergefahren. Error: (06/03/2014 00:37:14 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/03/2014 00:32:11 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/03/2014 00:32:10 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/02/2014 10:27:50 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (06/02/2014 10:27:50 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (06/02/2014 10:27:49 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Microsoft Office Sessions: ========================= Error: (06/03/2014 04:44:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_deu.exe Error: (06/03/2014 04:41:09 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {9aed2fca-641f-48f1-ba62-2c7d8c8f77cb} Error: (06/03/2014 04:27:08 PM) (Source: MsiInstaller) (EventID: 11721) (User: STANS-PC) Description: Produkt: Camtasia Studio 7 -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: TSC_RemoveMediaLibrary, Pfad: C:\Program Files (x86)\TechSmith\Camtasia Studio 7\, Befehl: C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe /uninstallliball (NULL)(NULL)(NULL)(NULL)(NULL) Error: (06/03/2014 04:26:13 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {6f8fc7cc-b871-4ef5-b71c-44633623d157} Error: (06/03/2014 04:21:24 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a} Error: (06/03/2014 04:20:01 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a} Error: (06/03/2014 04:18:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a} Error: (06/03/2014 04:17:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a} Error: (06/03/2014 00:43:24 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {f87a7b15-75ec-445a-a579-cdf599157119} Error: (06/02/2014 08:59:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe CodeIntegrity Errors: =================================== Date: 2014-06-02 08:16:22.662 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-06-02 08:16:22.537 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 8174.75 MB Available physical RAM: 5400.8 MB Total Pagefile: 16347.67 MB Available Pagefile: 12600.18 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.31 GB) (Free:40.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: FD86FD86) Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
03.06.2014, 16:13 | #29 |
/// TB-Ausbilder /// Anleitungs-Guru | UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Ok. Danke sind noch nicht fertig....
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
03.06.2014, 16:54 | #30 |
| UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Ok, ich warte auf weitere Anweisungen. |
Themen zu UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) |
ausgegraut, backdoor.agent.dc, bat/starter.nbi, datei gelöscht, msil/dllinject.bd, msil/dllinject.c, pum.disabled.securitycenter, pup.optional.plushd.a, pup.optional.pricegong.a, pup.optional.qone8, pup.optional.spigot.a, vbs/runner.nbv, vbs/starter.naq, versteckter ordner, win32/bundled.toolbar.ask, win32/downloadsponsor.a, win32/gamecheat.j, win32/opencandy.a, win32/toolbar.conduit, öffnet werbung |