Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.06.2014, 14:54   #16
Stan_
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Hab dort ein wenig andere Einstellungen, so richtig?

Alt 02.06.2014, 14:59   #17
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



__________________

__________________

Alt 02.06.2014, 20:02   #18
Stan_
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=a2f61345e2f4f34d98a347a24b2b2f0f
# engine=18510
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-02 04:26:44
# local_time=2014-06-02 06:26:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 90785 166146894 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 35410 153356254 0 0
# scanned=333265
# found=23
# cleaned=0
# scan_time=8553
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\OpenCandy\AE9FBEA9A5914E43A9B3006899EF72E4\conduitinstaller.exe.vir"
sh=818EB70506F0C2CE0936CE66E6E5E5286317E70A ft=1 fh=23b2c0ba60867e14 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\OpenCandy\AE9FBEA9A5914E43A9B3006899EF72E4\OCBrowserHelper_1.0.5.112.dll.vir"
sh=BDA020EF3675D8F109CDCB95A2939CD8FA14E2E9 ft=1 fh=f8ce3e1d43870230 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\NetmarbleGlobal\MarbleStation\xfire_installer.exe"
sh=6685D8384BB5B1798F158D2453508A5FFC4A5B85 ft=1 fh=61bb1dd78b5e1d10 vn="Variante von Generik.FAOGOGR Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\UserLayoutOne.exe.vir"
sh=6685D8384BB5B1798F158D2453508A5FFC4A5B85 ft=1 fh=61bb1dd78b5e1d10 vn="Variante von Generik.FAOGOGR Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Public\Documents\MSDCSC\msdcsc.exe.vir"
sh=6685D8384BB5B1798F158D2453508A5FFC4A5B85 ft=1 fh=61bb1dd78b5e1d10 vn="Variante von Generik.FAOGOGR Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\Documents\MSDCSC\msdcsc.exe.vir"
sh=9C7DF85D155CF0E8A13FB9A3DC92591FF5AF7FD2 ft=0 fh=0000000000000000 vn="VBS/Starter.NAQ Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\VOKYV\setup.vbs.vir"
sh=1473B48E6BEEB45669E71DB734AB7B77F7A372C9 ft=0 fh=0000000000000000 vn="BAT/Starter.NBI Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\VOKYV\start.cmd.vir"
sh=B19598D30254DDDAD081FC94F0F15BA0E30029B3 ft=0 fh=0000000000000000 vn="VBS/Runner.NBV Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\user\VOKYV\start.vbs.vir"
sh=729BF7081904065A6713FFA2395DB039DEE07050 ft=0 fh=0000000000000000 vn="Variante von Win32/GameCheat.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Desktop\GTA Mods\Cleo Mods\Cheats n Hacks\3D-ESP-BOX.rar"
sh=6812DF73465ECB5DA1749CAA0057D3576851FBD1 ft=0 fh=0000000000000000 vn="MSIL/DllInject.BD potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Desktop\Stuff\bullshit\fatal_beta.rar"
sh=59111065ACB6B8D0098A3E4D4929EBBBD4AFCE40 ft=1 fh=4f447d52413051dc vn="MSIL/DllInject.BD potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Desktop\Stuff\bullshit\InjectionLibrary.dll"
sh=8C310AA5B0DCDAE2E9F266DD3AAFBCF1791A17D0 ft=1 fh=3303acb538d1e29c vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Desktop\Stuff\bullshit\Injector.exe"
sh=59111065ACB6B8D0098A3E4D4929EBBBD4AFCE40 ft=1 fh=4f447d52413051dc vn="MSIL/DllInject.BD potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Desktop\Stuff\bullshit\fatal_beta\InjectionLibrary.dll"
sh=487A99B920CD1C6E8AA7E98A28741F1B5945499E ft=1 fh=f00cfd651cbd0b07 vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Documents\Visual Studio 2010\Projects\Injector\Injector\Injector\bin\Debug\Injector.exe"
sh=C6CA12FBBD3FC8471567B0007D7B8241DF727BE0 ft=1 fh=e622cb4a23bf5beb vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Documents\Visual Studio 2010\Projects\Injector\Injector\Injector\bin\Release\Injector.exe"
sh=487A99B920CD1C6E8AA7E98A28741F1B5945499E ft=1 fh=f00cfd651cbd0b07 vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Documents\Visual Studio 2010\Projects\Injector\Injector\Injector\obj\x86\Debug\Injector.exe"
sh=C6CA12FBBD3FC8471567B0007D7B8241DF727BE0 ft=1 fh=e622cb4a23bf5beb vn="Variante von MSIL/DllInject.C potenziell unsichere Anwendung" ac=I fn="C:\Users\user\Documents\Visual Studio 2010\Projects\Injector\Injector\Injector\obj\x86\Release\Injector.exe"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0"
         
Sorry, hat etwas länger gedauert, da ich den Scan erst gegen 16 Uhr gestartet hab und er bis 18 Uhr (musste bis eben weg) nicht fertig war.
__________________

Alt 02.06.2014, 20:12   #19
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Code:
ATTFilter
C:\Users\user\Desktop\Stuff\bullshit\Injector.exe
         
???
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.06.2014, 20:17   #20
Stan_
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Das ist ein kleines Projekt von mir, das ich mit Visual Basics gemacht hab, ist eigentlich kein Virus. Eher ein unerwünschtes Programm vom Scanner...


Alt 02.06.2014, 20:19   #21
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Dann willst es behalten?
__________________
--> UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)

Alt 02.06.2014, 20:41   #22
Stan_
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Ne kann ruhig weg, funktioniert eh nicht richtig, hab was falsch gemacht. Bin noch Anfänger im Coding.

Alt 02.06.2014, 20:43   #23
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Kannst ja dann selber löschen das Zeug...

Ich poste Dir dann morgen die restlichen Schritte...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.06.2014, 21:12   #24
Stan_
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Wird gemacht, bis morgen.

Alt 03.06.2014, 07:27   #25
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Hi,
so gehts weiter:

Schritt 1

Bitte deinstalliere folgende Programme:

Java 7 Update 55
Java 7 Update 17
Java(TM) 6 Update 33
Java(TM) 6 Update 39


Lade Dir bitte dazu Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben genannten Programmen.
    Klicke auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Temporäre Dateien löschen
  • Klicke auf
    dann auf und wähle
  • Wähle bei allen Browsern
    und klicke auf
  • Klicke auf

    und wähle
  • Setze nur hier Haken
  • Klicke auf

Schritt 2

Opera-Update: Geht so...
Falls Du diese Version behalten möchtest, sollte Dir klar sein, dass es ein Sicherheitsrisiko darstellt...

Firefox wenn gewünscht bitte via "Firefox-Hilfe-Über Firefox" auf die Version 29 aktualisieren...

Java bitte von hier neu herunterladen.

Grundsätzlich bei solchen Downloads (Flash etc.) die "optionalen Angebote" ablehnen...

Schritt 3



Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.06.2014, 15:47   #26
Stan_
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Alles erledigt. Hatte heute morgen leider keine Zeit, entschuldige die "Verspätung".


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by user (administrator) on STANS-PC on 03-06-2014 16:45:31
Running from C:\Users\user\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-08] (FNet Co., Ltd.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files (x86)\brother\controlcenter3\brctrcensrv.exe, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-29] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-06-02] () <==== ATTENTION 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB4A034104DDECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4CA0C149-4213-4B04-B3CA-76141F79093B} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6EC98539-C975-41B0-8D84-967EBD599058} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {A31EAB68-FEA5-4C79-903F-9CB11BCA86E9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2015C8D4-8534-48DB-B5FB-5C76291F080C} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-10]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-06]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR HKLM-x32\...\Chrome\Extension: [neibkbfmjpkenkbjpajgfkedjaehefnc] - C:\ProgramData\DownloadnSave\neibkbfmjpkenkbjpajgfkedjaehefnc.crx []
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 Mikogo-Service; C:\Users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-01-08] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-08] (FNet Co., Ltd.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-06-03 16:44 - 2014-06-03 16:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-03 16:41 - 2014-06-03 16:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-03 16:39 - 2014-06-03 16:39 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u60.exe
2014-06-03 16:37 - 2014-06-03 16:37 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 16:36 - 2014-06-03 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 16:34 - 2014-06-03 16:34 - 00004026 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375122614
2014-06-03 16:23 - 2014-06-03 16:24 - 00000000 ____D () C:\Users\user\Desktop\revouninstaller-portable
2014-06-03 16:18 - 2014-06-03 16:18 - 00000000 ____D () C:\ProgramData\Sun
2014-06-03 16:16 - 2014-06-03 16:16 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip
2014-06-03 13:24 - 2014-06-03 13:24 - 00004065 _____ () C:\Windows\collectionCache.bnk
2014-06-02 22:55 - 2014-06-02 22:55 - 00004065 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-02 21:38 - 2014-06-02 21:38 - 00000132 _____ () C:\Users\user\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-06-02 15:46 - 2014-06-02 15:46 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-02 09:01 - 2014-06-02 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 09:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 09:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 08:59 - 2014-06-02 09:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-02 08:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 08:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 08:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 08:03 - 2014-06-02 08:22 - 00000000 ____D () C:\Qoobox
2014-06-02 08:03 - 2014-06-02 08:20 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-02 08:00 - 2014-06-02 08:01 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-01 21:14 - 2014-06-03 16:45 - 00020271 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-01 21:14 - 2014-06-01 21:15 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-01 21:13 - 2014-06-03 16:45 - 00000000 ____D () C:\FRST
2014-06-01 21:11 - 2014-06-03 16:45 - 02068992 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-31 11:40 - 2014-05-31 11:43 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 12:07 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-27 13:48 - 2014-06-03 13:16 - 895717872 _____ () C:\Windows\MEMORY.DMP
2014-05-27 12:49 - 2014-06-02 08:16 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-05-24 03:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32_backup_wti.dll
2014-05-24 03:11 - 2011-07-05 04:00 - 01857536 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame_backup_wti.dll
2014-05-24 03:11 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr_backup_wti.dll
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-23 20:09 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 20:09 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\Google
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-20 21:16 - 2014-05-20 21:17 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-18 02:45 - 2014-05-18 02:35 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:43 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\Google
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 13:08 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-05-17 12:01 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 12:01 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 12:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 12:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 23:46 - 2014-06-01 19:14 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-05-15 23:46 - 2014-05-19 00:37 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-15 13:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:03 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:03 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:03 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:03 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:03 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:03 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:03 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 16:02 - 2014-05-03 22:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 16:02 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-06 16:02 - 2013-10-09 00:20 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010
2014-05-06 16:02 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-06 16:02 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-04 12:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-04 12:18 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-04 12:18 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-05-04 12:18 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-04 12:18 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-04 12:11 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-04 12:11 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

==================== One Month Modified Files and Folders =======

2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-06-03 16:45 - 2014-06-01 21:14 - 00020271 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-03 16:45 - 2014-06-01 21:13 - 00000000 ____D () C:\FRST
2014-06-03 16:45 - 2014-06-01 21:11 - 02068992 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-03 16:45 - 2012-01-08 00:36 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-03 16:44 - 2014-06-03 16:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-03 16:44 - 2012-01-16 15:24 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job
2014-06-03 16:42 - 2012-06-03 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-06-03 16:41 - 2014-06-03 16:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-03 16:39 - 2014-06-03 16:39 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u60.exe
2014-06-03 16:37 - 2014-06-03 16:37 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 16:37 - 2014-06-03 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 16:37 - 2013-10-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 16:34 - 2014-06-03 16:34 - 00004026 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375122614
2014-06-03 16:34 - 2013-07-29 20:30 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-03 16:34 - 2012-03-05 19:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 16:28 - 2012-06-14 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 16:24 - 2014-06-03 16:23 - 00000000 ____D () C:\Users\user\Desktop\revouninstaller-portable
2014-06-03 16:23 - 2013-04-24 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-03 16:23 - 2012-01-16 14:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-06-03 16:22 - 2012-01-21 16:58 - 00000000 ____D () C:\Program Files\Java
2014-06-03 16:20 - 2012-01-30 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-03 16:18 - 2014-06-03 16:18 - 00000000 ____D () C:\ProgramData\Sun
2014-06-03 16:16 - 2014-06-03 16:16 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip
2014-06-03 16:09 - 2009-07-14 06:51 - 00151603 _____ () C:\Windows\setupact.log
2014-06-03 13:34 - 2012-03-05 19:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 13:25 - 2012-01-08 00:38 - 01154883 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 13:24 - 2014-06-03 13:24 - 00004065 _____ () C:\Windows\collectionCache.bnk
2014-06-03 13:22 - 2012-10-06 23:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-03 13:22 - 2012-06-03 19:57 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-06-03 13:20 - 2012-03-02 21:25 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-03 13:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-03 13:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 13:16 - 2014-05-27 13:48 - 895717872 _____ () C:\Windows\MEMORY.DMP
2014-06-03 13:16 - 2013-06-07 21:53 - 00000000 ____D () C:\Windows\Minidump
2014-06-03 13:16 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA
2014-06-03 13:15 - 2012-01-12 14:38 - 01790486 _____ () C:\Windows\PFRO.log
2014-06-02 23:44 - 2012-01-16 15:24 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job
2014-06-02 22:55 - 2014-06-02 22:55 - 00004065 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-02 22:30 - 2009-07-14 19:58 - 00833144 _____ () C:\Windows\system32\perfh007.dat
2014-06-02 22:30 - 2009-07-14 19:58 - 00200788 _____ () C:\Windows\system32\perfc007.dat
2014-06-02 22:30 - 2009-07-14 07:13 - 01962462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 21:38 - 2014-06-02 21:38 - 00000132 _____ () C:\Users\user\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-06-02 21:38 - 2012-01-26 14:48 - 88251904 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-06-02 15:50 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 15:50 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 15:46 - 2014-06-02 15:46 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-02 13:34 - 2013-04-25 22:33 - 00925184 _____ () C:\Windows\expstart.exe
2014-06-02 13:33 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0
2014-06-02 09:27 - 2014-02-25 16:22 - 00000000 ___HD () C:\ProgramData\YTD Video Downloader
2014-06-02 09:27 - 2013-06-28 23:08 - 00000000 ____D () C:\Windows\SysWOW64\DCSCMIN
2014-06-02 09:04 - 2014-06-02 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 09:00 - 2014-06-02 08:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 08:22 - 2014-06-02 08:03 - 00000000 ____D () C:\Qoobox
2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-02 08:21 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-06-02 08:20 - 2014-06-02 08:03 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 08:19 - 2009-07-14 04:34 - 00000312 _____ () C:\Windows\system.ini
2014-06-02 08:16 - 2014-05-27 12:49 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-06-02 08:16 - 2013-05-16 12:45 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 08:16 - 2012-01-20 20:51 - 00000000 __SHD () C:\Users\user\Documents\MSDCSC
2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-02 08:01 - 2014-06-02 08:00 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-01 21:15 - 2014-06-01 21:14 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 19:55 - 2014-04-29 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\WTablet
2014-06-01 19:14 - 2014-05-15 23:46 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-06-01 18:50 - 2014-04-25 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-06-01 17:57 - 2013-10-07 20:57 - 00000000 ___RD () C:\Users\user\Desktop\GTA Mods
2014-06-01 17:54 - 2012-02-24 17:38 - 00000000 ___RD () C:\Users\user\Desktop\Stuff
2014-06-01 17:02 - 2013-08-08 14:19 - 00000000 ____D () C:\Users\user\Documents\GTA San Andreas User Files
2014-05-31 20:08 - 2013-01-04 19:42 - 00000000 ____D () C:\Users\user\AppData\Local\Mato_Technologies
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 16:02 - 2012-10-28 23:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-05-31 12:22 - 2012-02-26 00:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-05-31 12:07 - 2014-05-31 11:36 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:43 - 2014-05-31 11:40 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-31 11:36 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-31 11:36 - 2012-10-06 23:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-31 11:36 - 2012-10-06 23:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-31 11:31 - 2012-10-06 23:10 - 00000000 ___HD () C:\ProgramData\AVAST Software
2014-05-31 11:30 - 2012-10-06 23:10 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-31 11:27 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-05-31 10:08 - 2012-01-19 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-29 16:56 - 2013-09-11 22:23 - 00000000 ____D () C:\Users\user\AppData\Local\fabi.me
2014-05-29 13:22 - 2013-09-25 16:27 - 00000000 ____D () C:\Users\user\Documents\Bewerbungszeug
2014-05-27 14:05 - 2012-02-24 17:59 - 00000000 ___HD () C:\ProgramData\MTA San Andreas All
2014-05-26 21:40 - 2013-04-11 13:37 - 00014336 ___SH () C:\Users\user\AppData\Roaming\Thumbs.db
2014-05-26 21:00 - 2013-03-01 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 21:00 - 2012-01-16 14:09 - 00000000 ___HD () C:\ProgramData\Skype
2014-05-24 03:11 - 2013-04-25 22:40 - 01566616 _____ () C:\Windows\UTP.exe
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-22 22:48 - 2013-01-04 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client
2014-05-20 21:17 - 2014-05-20 21:16 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-19 15:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-19 00:37 - 2014-05-15 23:46 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-18 02:35 - 2014-05-18 02:45 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-18 00:12 - 2012-09-28 22:47 - 00000000 ___RD () C:\Users\user\Desktop\GFX Stuff
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 21:56 - 2013-10-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-05-17 18:56 - 2013-08-21 20:33 - 00000000 ____D () C:\Users\user\minecraft
2014-05-17 13:20 - 2012-01-08 00:37 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 11:58 - 2013-08-15 13:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 11:56 - 2009-10-14 07:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-05-14 14:38 - 2012-06-16 17:28 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 23:29 - 2012-01-16 14:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-06-02 09:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 09:01 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 09:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:26 - 2013-12-22 21:43 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-05-07 13:29 - 2012-03-05 19:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 13:29 - 2012-03-05 19:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 06:40 - 2014-05-17 12:01 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-17 12:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-17 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-17 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:39 - 2012-01-16 15:24 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA
2014-05-05 23:39 - 2012-01-16 15:24 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core
2014-05-04 12:25 - 2012-10-06 17:11 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-04 12:13 - 2014-04-07 01:46 - 00000000 ____D () C:\Users\user\AppData\Local\NVIDIA Corporation

ZeroAccess:
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}\@

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2012-01-16 15:08] - [2011-02-25 07:30] - 2616320 ____A (Microsoft Corporation) 697651F303443F98F7EC76D4DCAE6789

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 13:58

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 03.06.2014, 15:52   #27
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Hi,
Addition.txt fehlt noch. Haken setzen vor dem Scan...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.06.2014, 16:11   #28
Stan_
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Achja, hier:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by user (administrator) on STANS-PC on 03-06-2014 17:09:48
Running from C:\Users\user\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-08] (FNet Co., Ltd.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files (x86)\brother\controlcenter3\brctrcensrv.exe, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-29] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-06-02] () <==== ATTENTION 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB4A034104DDECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4CA0C149-4213-4B04-B3CA-76141F79093B} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6EC98539-C975-41B0-8D84-967EBD599058} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {A31EAB68-FEA5-4C79-903F-9CB11BCA86E9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2015C8D4-8534-48DB-B5FB-5C76291F080C} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-10]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-06]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR HKLM-x32\...\Chrome\Extension: [neibkbfmjpkenkbjpajgfkedjaehefnc] - C:\ProgramData\DownloadnSave\neibkbfmjpkenkbjpajgfkedjaehefnc.crx []
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 Mikogo-Service; C:\Users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-01-08] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-08] (FNet Co., Ltd.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-06-03 16:44 - 2014-06-03 16:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-03 16:41 - 2014-06-03 16:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-03 16:39 - 2014-06-03 16:39 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u60.exe
2014-06-03 16:37 - 2014-06-03 16:37 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 16:36 - 2014-06-03 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 16:34 - 2014-06-03 16:34 - 00004026 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375122614
2014-06-03 16:23 - 2014-06-03 16:24 - 00000000 ____D () C:\Users\user\Desktop\revouninstaller-portable
2014-06-03 16:18 - 2014-06-03 16:18 - 00000000 ____D () C:\ProgramData\Sun
2014-06-03 16:16 - 2014-06-03 16:16 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip
2014-06-03 13:24 - 2014-06-03 13:24 - 00004065 _____ () C:\Windows\collectionCache.bnk
2014-06-02 22:55 - 2014-06-02 22:55 - 00004065 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-02 21:38 - 2014-06-02 21:38 - 00000132 _____ () C:\Users\user\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-06-02 15:46 - 2014-06-02 15:46 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-02 09:01 - 2014-06-02 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 09:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 09:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 08:59 - 2014-06-02 09:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-02 08:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 08:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 08:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 08:03 - 2014-06-02 08:22 - 00000000 ____D () C:\Qoobox
2014-06-02 08:03 - 2014-06-02 08:20 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-02 08:00 - 2014-06-02 08:01 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-01 21:14 - 2014-06-03 17:09 - 00020446 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-01 21:14 - 2014-06-01 21:15 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-01 21:13 - 2014-06-03 17:09 - 00000000 ____D () C:\FRST
2014-06-01 21:11 - 2014-06-03 16:45 - 02068992 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-31 11:40 - 2014-05-31 11:43 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 12:07 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-27 13:48 - 2014-06-03 13:16 - 895717872 _____ () C:\Windows\MEMORY.DMP
2014-05-27 12:49 - 2014-06-02 08:16 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-05-24 03:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32_backup_wti.dll
2014-05-24 03:11 - 2011-07-05 04:00 - 01857536 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame_backup_wti.dll
2014-05-24 03:11 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr_backup_wti.dll
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-23 20:09 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 20:09 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\Google
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-20 21:16 - 2014-05-20 21:17 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-18 02:45 - 2014-05-18 02:35 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:43 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\Google
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 13:08 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-05-17 12:01 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 12:01 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 12:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 12:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 23:46 - 2014-06-01 19:14 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-05-15 23:46 - 2014-05-19 00:37 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-15 13:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:03 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:03 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:03 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:03 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:03 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:03 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:03 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 16:02 - 2014-05-03 22:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 16:02 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-06 16:02 - 2013-10-09 00:20 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010
2014-05-06 16:02 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-06 16:02 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-04 12:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-04 12:18 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-04 12:18 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-05-04 12:18 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-04 12:18 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-04 12:11 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-04 12:11 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

==================== One Month Modified Files and Folders =======

2014-06-03 17:09 - 2014-06-01 21:14 - 00020446 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-03 17:09 - 2014-06-01 21:13 - 00000000 ____D () C:\FRST
2014-06-03 17:09 - 2012-01-08 00:36 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-03 17:03 - 2012-06-03 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-06-03 16:48 - 2012-01-16 14:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-06-03 16:45 - 2014-06-01 21:11 - 02068992 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-03 16:44 - 2014-06-03 16:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-03 16:44 - 2012-01-16 15:24 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job
2014-06-03 16:41 - 2014-06-03 16:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-03 16:41 - 2014-06-03 16:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-03 16:39 - 2014-06-03 16:39 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u60.exe
2014-06-03 16:37 - 2014-06-03 16:37 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 16:37 - 2014-06-03 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 16:37 - 2013-10-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 16:34 - 2014-06-03 16:34 - 00004026 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375122614
2014-06-03 16:34 - 2013-07-29 20:30 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-03 16:34 - 2012-03-05 19:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 16:28 - 2012-06-14 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 16:24 - 2014-06-03 16:23 - 00000000 ____D () C:\Users\user\Desktop\revouninstaller-portable
2014-06-03 16:23 - 2013-04-24 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-03 16:22 - 2012-01-21 16:58 - 00000000 ____D () C:\Program Files\Java
2014-06-03 16:20 - 2012-01-30 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-03 16:18 - 2014-06-03 16:18 - 00000000 ____D () C:\ProgramData\Sun
2014-06-03 16:16 - 2014-06-03 16:16 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip
2014-06-03 16:09 - 2012-01-08 00:38 - 01154883 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 16:09 - 2009-07-14 06:51 - 00151603 _____ () C:\Windows\setupact.log
2014-06-03 13:34 - 2012-03-05 19:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 13:24 - 2014-06-03 13:24 - 00004065 _____ () C:\Windows\collectionCache.bnk
2014-06-03 13:22 - 2012-10-06 23:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-03 13:22 - 2012-06-03 19:57 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-06-03 13:20 - 2012-03-02 21:25 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-03 13:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-03 13:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 13:16 - 2014-05-27 13:48 - 895717872 _____ () C:\Windows\MEMORY.DMP
2014-06-03 13:16 - 2013-06-07 21:53 - 00000000 ____D () C:\Windows\Minidump
2014-06-03 13:16 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA
2014-06-03 13:15 - 2012-01-12 14:38 - 01790486 _____ () C:\Windows\PFRO.log
2014-06-02 23:44 - 2012-01-16 15:24 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job
2014-06-02 22:55 - 2014-06-02 22:55 - 00004065 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-02 22:30 - 2009-07-14 19:58 - 00833144 _____ () C:\Windows\system32\perfh007.dat
2014-06-02 22:30 - 2009-07-14 19:58 - 00200788 _____ () C:\Windows\system32\perfc007.dat
2014-06-02 22:30 - 2009-07-14 07:13 - 01962462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 21:38 - 2014-06-02 21:38 - 00000132 _____ () C:\Users\user\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-06-02 21:38 - 2012-01-26 14:48 - 88251904 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-06-02 15:50 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 15:50 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 15:46 - 2014-06-02 15:46 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-02 13:34 - 2013-04-25 22:33 - 00925184 _____ () C:\Windows\expstart.exe
2014-06-02 13:33 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0
2014-06-02 09:27 - 2014-02-25 16:22 - 00000000 ___HD () C:\ProgramData\YTD Video Downloader
2014-06-02 09:27 - 2013-06-28 23:08 - 00000000 ____D () C:\Windows\SysWOW64\DCSCMIN
2014-06-02 09:04 - 2014-06-02 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 09:00 - 2014-06-02 08:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 08:22 - 2014-06-02 08:03 - 00000000 ____D () C:\Qoobox
2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-02 08:21 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-06-02 08:20 - 2014-06-02 08:03 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 08:19 - 2009-07-14 04:34 - 00000312 _____ () C:\Windows\system.ini
2014-06-02 08:16 - 2014-05-27 12:49 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-06-02 08:16 - 2013-05-16 12:45 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 08:16 - 2012-01-20 20:51 - 00000000 __SHD () C:\Users\user\Documents\MSDCSC
2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-02 08:01 - 2014-06-02 08:00 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-01 21:15 - 2014-06-01 21:14 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 19:55 - 2014-04-29 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\WTablet
2014-06-01 19:14 - 2014-05-15 23:46 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-06-01 18:50 - 2014-04-25 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-06-01 17:57 - 2013-10-07 20:57 - 00000000 ___RD () C:\Users\user\Desktop\GTA Mods
2014-06-01 17:54 - 2012-02-24 17:38 - 00000000 ___RD () C:\Users\user\Desktop\Stuff
2014-06-01 17:02 - 2013-08-08 14:19 - 00000000 ____D () C:\Users\user\Documents\GTA San Andreas User Files
2014-05-31 20:08 - 2013-01-04 19:42 - 00000000 ____D () C:\Users\user\AppData\Local\Mato_Technologies
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 16:02 - 2012-10-28 23:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-05-31 12:22 - 2012-02-26 00:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-05-31 12:07 - 2014-05-31 11:36 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:43 - 2014-05-31 11:40 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-31 11:36 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-31 11:36 - 2012-10-06 23:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-31 11:36 - 2012-10-06 23:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-31 11:31 - 2012-10-06 23:10 - 00000000 ___HD () C:\ProgramData\AVAST Software
2014-05-31 11:30 - 2012-10-06 23:10 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-31 11:27 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-05-31 10:08 - 2012-01-19 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-29 16:56 - 2013-09-11 22:23 - 00000000 ____D () C:\Users\user\AppData\Local\fabi.me
2014-05-29 13:22 - 2013-09-25 16:27 - 00000000 ____D () C:\Users\user\Documents\Bewerbungszeug
2014-05-27 14:05 - 2012-02-24 17:59 - 00000000 ___HD () C:\ProgramData\MTA San Andreas All
2014-05-26 21:40 - 2013-04-11 13:37 - 00014336 ___SH () C:\Users\user\AppData\Roaming\Thumbs.db
2014-05-26 21:00 - 2013-03-01 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 21:00 - 2012-01-16 14:09 - 00000000 ___HD () C:\ProgramData\Skype
2014-05-24 03:11 - 2013-04-25 22:40 - 01566616 _____ () C:\Windows\UTP.exe
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-22 22:48 - 2013-01-04 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client
2014-05-20 21:17 - 2014-05-20 21:16 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-19 15:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-19 00:37 - 2014-05-15 23:46 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-18 02:35 - 2014-05-18 02:45 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-18 00:12 - 2012-09-28 22:47 - 00000000 ___RD () C:\Users\user\Desktop\GFX Stuff
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 21:56 - 2013-10-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-05-17 18:56 - 2013-08-21 20:33 - 00000000 ____D () C:\Users\user\minecraft
2014-05-17 13:20 - 2012-01-08 00:37 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 11:58 - 2013-08-15 13:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 11:56 - 2009-10-14 07:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-05-14 14:38 - 2012-06-16 17:28 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 23:29 - 2012-01-16 14:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-06-02 09:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 09:01 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 09:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:26 - 2013-12-22 21:43 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-05-07 13:29 - 2012-03-05 19:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 13:29 - 2012-03-05 19:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 06:40 - 2014-05-17 12:01 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-17 12:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-17 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-17 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:39 - 2012-01-16 15:24 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA
2014-05-05 23:39 - 2012-01-16 15:24 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core
2014-05-04 12:25 - 2012-10-06 17:11 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-04 12:13 - 2014-04-07 01:46 - 00000000 ____D () C:\Users\user\AppData\Local\NVIDIA Corporation

ZeroAccess:
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}\@

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2012-01-16 15:08] - [2011-02-25 07:30] - 2616320 ____A (Microsoft Corporation) 697651F303443F98F7EC76D4DCAE6789

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 13:58

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by user at 2014-06-03 17:10:10
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.78 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Crosshair (HKCU\...\5b164957566923bc) (Version: 1.0.1.1 - Basti B)
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - DEU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - DEU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{cde5fd82-4a8f-483e-adf0-ca7343d00433}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla)
MP3jam 1.1.1.6 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.6 - MP3jam)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
MSDN Library für Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version:  - Microsoft Corporation)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.3.3 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.3 - Multi Theft Auto)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.061 - Deutsche Telekom AG)
Netzmanager (Version: 1.061 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
New Great Effects 1.6 Uninstall (HKLM-x32\...\New Great Effects 1.6 Uninstall) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 22.0.1471.50 (HKCU\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Radio (HKCU\...\e17cdb53303d6bd9) (Version: 1.0.0.18 - Microsoft)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.0.0 - Topaz Labs, LLC)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Vegas Pro 10.0 (HKLM-x32\...\{6E0E4D61-11EC-11E0-B454-0013D3D69929}) (Version: 10.0.469 - Sony)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XFastUsb (HKLM-x32\...\XFastUsb) (Version:  - )
YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)

==================== Restore Points  =========================

01-06-2014 17:00:12 Windows-Sicherung
03-06-2014 10:43:24 Windows Update
03-06-2014 14:17:33 Removed Java 7 Update 55
03-06-2014 14:18:33 Removed Java 7 Update 17 (64-bit)
03-06-2014 14:20:01 Removed Java(TM) 6 Update 33
03-06-2014 14:21:24 Removed Java(TM) 6 Update 39 (64-bit)
03-06-2014 14:26:13 Revo Uninstaller's restore point - Camtasia Studio 7
03-06-2014 14:41:08 Installed Java 7 Update 60

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-02 08:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15DF1B55-64F5-4CE5-977B-A69E7F562DA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)
Task: {263A08EF-E768-4BDE-BA6C-2BB0C29575AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)
Task: {3950AADF-E2EB-4979-A1E3-200733FD5914} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3EA8CC69-B289-4A12-B22D-E5576524F962} - System32\Tasks\Opera scheduled Autoupdate 1375122614 => C:\Program Files (x86)\Opera\launcher.exe [2014-05-27] (Opera Software)
Task: {6EAA3458-E9F2-4975-9F9E-0AC679653234} - \Software Updater Ui No Task File <==== ATTENTION
Task: {703F8FAD-E525-41B8-A46A-39E4B715E26F} - System32\Tasks\{5785815B-F91D-4A1B-8C52-2EB9FDBB3691} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.114/de/abandoninstall?page=tsProgressBar
Task: {740E0DE0-0235-4EDD-A714-7A13A9F70C2A} - System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303} => C:\ProgramData\UserLayoutOne.exe
Task: {8278A5C6-8BA6-458E-ABE5-872BD0943B13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {93648F88-1D29-4690-8CB6-0CEC42D5E964} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.)
Task: {9EA15BC2-9C7D-4786-A1E1-7FB66A709D51} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-31] (AVAST Software)
Task: {CA461829-15E6-421E-9211-FB8F749455AB} - \Software Updater No Task File <==== ATTENTION
Task: {D5A03701-F1BD-4B0D-8431-66591B4D4EC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.)
Task: {F1DF7BB2-0AF8-45EA-8CC7-42C1DE66404A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {FB4078B5-96A1-40C0-88B4-7DE07D012F39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-08 01:00 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-16 17:28 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-01-08 00:46 - 2011-02-22 08:03 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-01-08 00:46 - 2011-02-22 08:03 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-01-08 00:46 - 2011-02-22 08:03 - 00621168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-09-24 22:35 - 2014-05-15 17:54 - 00598072 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-06-03 12:32 - 2014-06-03 12:32 - 02260480 _____ () C:\Program Files\AVAST Software\Avast\defs\14060300\algo.dll
2012-06-16 17:28 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2012-06-03 19:57 - 2014-05-15 17:54 - 36966968 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libcef.dll
2014-05-31 11:36 - 2014-05-31 11:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-24 22:35 - 2014-05-15 17:54 - 00886840 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-24 22:35 - 2014-05-15 17:54 - 00108600 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-13 23:29 - 2014-05-13 23:29 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 00716616 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 00126280 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 04217672 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 00414536 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 01732424 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 13695816 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\user\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\user\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 04:44:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2014 04:41:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {9aed2fca-641f-48f1-ba62-2c7d8c8f77cb}

Error: (06/03/2014 04:27:08 PM) (Source: MsiInstaller) (EventID: 11721) (User: STANS-PC)
Description: Produkt: Camtasia Studio 7 -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: TSC_RemoveMediaLibrary, Pfad: C:\Program Files (x86)\TechSmith\Camtasia Studio 7\, Befehl: C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe /uninstallliball

Error: (06/03/2014 04:26:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {6f8fc7cc-b871-4ef5-b71c-44633623d157}

Error: (06/03/2014 04:21:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a}

Error: (06/03/2014 04:20:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a}

Error: (06/03/2014 04:18:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a}

Error: (06/03/2014 04:17:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a}

Error: (06/03/2014 00:43:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {f87a7b15-75ec-445a-a579-cdf599157119}

Error: (06/02/2014 08:59:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/03/2014 01:17:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mikogo-Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/03/2014 01:16:30 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xfffffa800f9714e0, 0xfffff8800f9d7e2c, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP

Error: (06/03/2014 01:16:30 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description: 

Error: (06/03/2014 01:16:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎06.‎2014 um 13:15:05 unerwartet heruntergefahren.

Error: (06/03/2014 00:37:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/03/2014 00:32:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/03/2014 00:32:10 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/02/2014 10:27:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/02/2014 10:27:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/02/2014 10:27:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (06/03/2014 04:44:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_deu.exe

Error: (06/03/2014 04:41:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {9aed2fca-641f-48f1-ba62-2c7d8c8f77cb}

Error: (06/03/2014 04:27:08 PM) (Source: MsiInstaller) (EventID: 11721) (User: STANS-PC)
Description: Produkt: Camtasia Studio 7 -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: TSC_RemoveMediaLibrary, Pfad: C:\Program Files (x86)\TechSmith\Camtasia Studio 7\, Befehl: C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe /uninstallliball (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/03/2014 04:26:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {6f8fc7cc-b871-4ef5-b71c-44633623d157}

Error: (06/03/2014 04:21:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a}

Error: (06/03/2014 04:20:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a}

Error: (06/03/2014 04:18:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a}

Error: (06/03/2014 04:17:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {815de467-b22d-46ac-8b9e-00785a8fd16a}

Error: (06/03/2014 00:43:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {f87a7b15-75ec-445a-a579-cdf599157119}

Error: (06/02/2014 08:59:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2014-06-02 08:16:22.662
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-02 08:16:22.537
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 8174.75 MB
Available physical RAM: 5400.8 MB
Total Pagefile: 16347.67 MB
Available Pagefile: 12600.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:40.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: FD86FD86)
Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 03.06.2014, 16:13   #29
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Ok. Danke
sind noch nicht fertig....
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.06.2014, 16:54   #30
Stan_
 
UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Standard

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)



Ok, ich warte auf weitere Anweisungen.

Antwort

Themen zu UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)
ausgegraut, backdoor.agent.dc, bat/starter.nbi, datei gelöscht, msil/dllinject.bd, msil/dllinject.c, pum.disabled.securitycenter, pup.optional.plushd.a, pup.optional.pricegong.a, pup.optional.qone8, pup.optional.spigot.a, vbs/runner.nbv, vbs/starter.naq, versteckter ordner, win32/bundled.toolbar.ask, win32/downloadsponsor.a, win32/gamecheat.j, win32/opencandy.a, win32/toolbar.conduit, öffnet werbung




Ähnliche Themen: UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)


  1. Chrome öffnet bei Klick auf Link Werbung & Werbung PopUps im Browser
    Plagegeister aller Art und deren Bekämpfung - 03.11.2015 (1)
  2. Windows 8: neuer Laptop öffnet Unmengen an Werbung im Browser
    Log-Analyse und Auswertung - 07.04.2015 (11)
  3. Adware Probleme Browser öffnet mit Omniboxes
    Log-Analyse und Auswertung - 02.03.2015 (11)
  4. Werbung öffnet sich im Browser automatisch - Maleware gefunden
    Log-Analyse und Auswertung - 05.01.2015 (3)
  5. Browser öffnet selbsständig Tabs mit Werbung und ad einblendungen.
    Log-Analyse und Auswertung - 08.12.2014 (3)
  6. Win8.1 x64 - Browser ist überflutet mir Werbung und öffnet Tabs
    Log-Analyse und Auswertung - 04.11.2014 (16)
  7. Windows 8: Browser öffnet Werbung in Tabs
    Log-Analyse und Auswertung - 06.06.2014 (5)
  8. Adware öffnet im Browser (Firefox/Chrome) dauernd neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (16)
  9. Browser öffnet neue Fenster mit Werbung und Outlook stürzt ab
    Log-Analyse und Auswertung - 30.07.2012 (35)
  10. Browser öffnet automatisch Werbung
    Log-Analyse und Auswertung - 01.06.2012 (1)
  11. Browser öffnet ständig Werbung / Internet langsam
    Log-Analyse und Auswertung - 03.06.2010 (3)
  12. Browser öffnet sich von selbst mit Werbung
    Log-Analyse und Auswertung - 07.05.2010 (3)
  13. Browser öffnet alle 2 min mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 21.06.2009 (10)
  14. FireFox Öffnet neuen browser mit werbung
    Mülltonne - 07.10.2008 (0)
  15. Browser öffnet sich von alleine mit Werbung
    Mülltonne - 23.09.2008 (0)
  16. Browser öffnet sich mit werbung ständig!
    Log-Analyse und Auswertung - 20.02.2008 (5)
  17. Nervende Werbung öffnet sich bei Browser-Start
    Log-Analyse und Auswertung - 27.02.2007 (1)

Zum Thema UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) - Hab dort ein wenig andere Einstellungen, so richtig? - UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)...
Archiv
Du betrachtest: UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.