UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)

Stan_ · 01.06.2014, 19:52

Hallo,
seit einigen Tagen habe ich ein unerwünschtes Programm auf dem PC, es heißt UserLayoutOne.exe, erscheint nur im Taskmanager unter Prozesse und öffnet ab und zu Werbung im Internet (z.B. Youtube durch AdFly link etc.). Der Prozess startet immer automatisch mit Windows.

Im Taskmanager sind manchmal bis zu 6 Prozesse dieses Programmes aufgelistet. Dateipfad lautet C:\ProgramData (Versteckter Ordner mit Systemdateien). Um die Datei zu sehen, musste ich unter den Ordner-Optionen die Option Geschützte Systemdateien ausblenden (empfohlen) deaktivieren und die Option Ausgeblendete Dateien, Laufwerke und Ordner anzeigen aktivieren. Die Datei war zudem auch administrativ geschützt, ich musste also mir selber (dem einzigen Benutzer sowie Administrator auf diesem Rechner) Administratoren-Rechte zuweisen. Danach hab ich die Datei gelöscht, nach einem PC neustart tauchte sie jedoch wieder auf (wieder (schreib-)geschützt und versteckt). Der Virusscanner Avast hat nichts es nicht als Virus erkannt bzw. keine Funde gehabt. Ich habe eine Abbilddatei erstellt, nach dem erstellen stürzte die exe ab. (RAR-Archiv 22,6MB - hxxp://www.file-upload.net/download-8989821/UserLayoutOne.rar.html)

Alles was ich selbst versucht/gemacht hab:
- Die Datei zu löschen (taucht nach System-Neustart wieder auf)
- Prozess beenden (Prozess taucht nach beenden doppelt auf)
- Durch suche im Internet über Webungsviren etc. auf Adware gekommen
- Mit CCleaner den automatischen Start mit Windows verhindert/deaktiviert
- Mit Virustotal gescannt (Ergebnis am ersten Tag (8/53) Heute: (20/53) https://www.virustotal.com/de/file/0da5431e3cc61d35cc5017575c4da7c4200c4abe1adb3083e5156badbc9fcc6b/analysis/1401648805/ )
Infos falls nötig:
Windows 7 Ultimate (SP1) - 64 Bit
Eigentschaften von UserLayoutOne.exe
Dateibeschreibung: UserLayoutOne Environment
Größe: 812 KB (831.488 Bytes)
Attribute: [x] Schreibgeschützt [X] Versteckt (<- ausgegraut)
Copyright: Copyright (c) 2004 Fantasie Software

PS: Bitte falls möglich eine Lösung ohne System zurück zu setzen oder Windows Neuinstallation finden.

PSS: Ich habe nicht viel Ahnung von Software oder Coding, nur von Bildbearbeitung. Hoffe, dass das kein zu langer Text ist, und mir möglichst schnell geholfen wird.

Zitat:

Zitat von Die 7 goldenen Regeln im Trojaner-Board:

4. Schreibe in verständlichem Deutsch und in ganzen Sätzen. Vergiß nicht: Dies ist ein Forum, kein Chat. Du hast Zeit! Beseitige Fehler, bevor du Deinen Beitrag erstellst. Hältst Du Dich nicht an diese Regel, kannst Du keine hilfreichen Antworten erwarten.

deeprybka · 01.06.2014, 20:03

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier...

Ich bedanke mich für Deine Geduld!

Schritt 1 (Scan mit FRST)
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Stan_ · 01.06.2014, 20:17

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by user (administrator) on STANS-PC on 01-06-2014 21:14:08
Running from C:\Users\user\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
() C:\Program Files (x86)\puush\puush.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-08] (FNet Co., Ltd.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MicroUpdate] => C:\Users\Public\Documents\MSDCSC\msdcsc.exe [830976 2014-05-24] (Fantaisie Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-31] (AVAST Software)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Windows\system32\DCSCMIN\IMDCSC.exe,C:\Users\user\Documents\DCSCMIN\IMDCSC.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\Public\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe,C:\Users\user\Documents\MSDCSC\msdcsc.exe
HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files (x86)\brother\controlcenter3\brctrcensrv.exe [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-16] (Google Inc.)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [REGETDI] => C:\Users\user\AppData\Roaming\install\SysMain.exe
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [svchost] => C:\Windows\system32\DCSCMIN\IMDCSC.exe
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-29] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Win32 Update] => C:\Users\user\Documents\DCSCMIN\IMDCSC.exe
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [MicroUpdate] => C:\Users\user\Documents\MSDCSC\msdcsc.exe [830976 2014-05-24] (Fantaisie Software)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\RunOnce: [UserLayoutOne.exe] - C:\ProgramData\UserLayoutOne.exe [830976 2014-05-24] (Fantaisie Software)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Policies\Explorer\Run: [Policies] => C:\Users\user\AppData\Roaming\install\SysMain.exe
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\MountPoints2: E - E:\Launch.exe
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\MountPoints2: F - autorun.bat
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\MountPoints2: G - autorun.bat
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\MountPoints2: H - autorun.bat
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\MountPoints2: I - autorun.bat
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\MountPoints2: {4ca8c4ff-397f-11e1-b252-806e6f6e6963} - D:\Startup.exe
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\MountPoints2: {c180ae75-3983-11e1-a0cd-002522c67b37} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-05-24] () <==== ATTENTION 
InternetURL: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.com.url -> C:\ProgramData\UserLayoutOne.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB4A034104DDECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {4CA0C149-4213-4B04-B3CA-76141F79093B} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6EC98539-C975-41B0-8D84-967EBD599058} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {A31EAB68-FEA5-4C79-903F-9CB11BCA86E9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2015C8D4-8534-48DB-B5FB-5C76291F080C} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\staged [2014-05-25]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-10]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-06]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR HKLM-x32\...\Chrome\Extension: [neibkbfmjpkenkbjpajgfkedjaehefnc] - C:\ProgramData\DownloadnSave\neibkbfmjpkenkbjpajgfkedjaehefnc.crx []
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 Mikogo-Service; C:\Users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-01-08] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-08] (FNet Co., Ltd.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 21:14 - 2014-06-01 21:14 - 00023399 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-01 21:13 - 2014-06-01 21:14 - 00000000 ____D () C:\FRST
2014-06-01 21:11 - 2014-06-01 21:11 - 02067456 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 19:57 - 2014-06-01 19:58 - 03673664 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup414_slim.exe
2014-06-01 19:53 - 2014-06-01 19:53 - 00001313 _____ () C:\Users\user\Desktop\thread.txt
2014-06-01 19:33 - 2014-06-01 19:33 - 23681945 _____ () C:\Users\user\Desktop\UserLayoutOne.rar
2014-06-01 18:42 - 2014-06-01 18:42 - 00001208 _____ () C:\Windows\collectionCache.bnk
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-31 11:40 - 2014-05-31 11:43 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 12:07 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-27 13:48 - 2014-06-01 17:13 - 583307911 _____ () C:\Windows\MEMORY.DMP
2014-05-27 12:49 - 2014-05-27 12:49 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-05-25 00:01 - 2014-05-25 00:01 - 81471565 _____ () C:\Users\user\Desktop\UserLayoutOne.DMP
2014-05-24 03:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32_backup_wti.dll
2014-05-24 03:11 - 2011-07-05 04:00 - 01857536 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame_backup_wti.dll
2014-05-24 03:11 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr_backup_wti.dll
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-24 02:08 - 2014-05-24 02:03 - 00830976 __RSH (Fantaisie Software) C:\ProgramData\UserLayoutOne.exe
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-05-23 20:09 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\Google
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-20 21:17 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-20 21:17 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-20 21:17 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-20 21:17 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-20 21:16 - 2014-05-20 21:17 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-18 02:45 - 2014-05-18 02:35 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:43 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\Google
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 13:08 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-05-17 12:01 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 12:01 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 12:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 12:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 23:46 - 2014-06-01 19:14 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-05-15 23:46 - 2014-05-19 00:37 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-15 13:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:03 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:03 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:03 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:03 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:03 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:03 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:03 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-12 16:04 - 2014-05-12 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 19:48 - 2014-04-22 00:30 - 01796888 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 16:02 - 2014-05-03 22:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 16:02 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-06 16:02 - 2013-10-09 00:20 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010
2014-05-06 16:02 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-06 16:02 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-06 16:02 - 2009-07-14 04:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp
2014-05-04 12:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-04 12:18 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-04 12:18 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-05-04 12:18 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-04 12:18 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-04 12:11 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-04 12:11 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-03 21:51 - 2014-05-19 12:34 - 00000000 __SHD () C:\Users\user\VOKYV
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001

==================== One Month Modified Files and Folders =======

2014-06-01 21:14 - 2014-06-01 21:14 - 00023399 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-01 21:14 - 2014-06-01 21:13 - 00000000 ____D () C:\FRST
2014-06-01 21:14 - 2012-01-08 00:36 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-01 21:11 - 2014-06-01 21:11 - 02067456 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-01 21:07 - 2012-01-16 14:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-06-01 20:59 - 2012-01-08 00:38 - 01629650 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 20:44 - 2012-01-16 15:24 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job
2014-06-01 20:34 - 2012-03-05 19:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 20:28 - 2012-06-14 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 19:58 - 2014-06-01 19:57 - 03673664 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup414_slim.exe
2014-06-01 19:58 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 19:58 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 19:55 - 2014-04-29 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\WTablet
2014-06-01 19:53 - 2014-06-01 19:53 - 00001313 _____ () C:\Users\user\Desktop\thread.txt
2014-06-01 19:42 - 2012-06-03 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-06-01 19:33 - 2014-06-01 19:33 - 23681945 _____ () C:\Users\user\Desktop\UserLayoutOne.rar
2014-06-01 19:14 - 2014-05-15 23:46 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-06-01 18:50 - 2014-04-25 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-01 18:48 - 2012-01-20 20:51 - 00000000 __SHD () C:\Users\user\Documents\MSDCSC
2014-06-01 18:42 - 2014-06-01 18:42 - 00001208 _____ () C:\Windows\collectionCache.bnk
2014-06-01 18:39 - 2012-03-02 21:25 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-01 18:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-01 18:38 - 2012-10-06 23:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-01 18:38 - 2009-07-14 06:51 - 00150134 _____ () C:\Windows\setupact.log
2014-06-01 18:37 - 2013-04-24 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-01 18:36 - 2012-03-05 19:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 18:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 18:35 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA
2014-06-01 18:34 - 2012-01-12 14:38 - 01778230 _____ () C:\Windows\PFRO.log
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-06-01 17:57 - 2013-10-07 20:57 - 00000000 ___RD () C:\Users\user\Desktop\GTA Mods
2014-06-01 17:54 - 2012-02-24 17:38 - 00000000 ___RD () C:\Users\user\Desktop\Stuff
2014-06-01 17:14 - 2013-06-07 21:53 - 00000000 ____D () C:\Windows\Minidump
2014-06-01 17:13 - 2014-05-27 13:48 - 583307911 _____ () C:\Windows\MEMORY.DMP
2014-06-01 17:02 - 2013-08-08 14:19 - 00000000 ____D () C:\Users\user\Documents\GTA San Andreas User Files
2014-05-31 23:44 - 2012-01-16 15:24 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job
2014-05-31 20:08 - 2013-01-04 19:42 - 00000000 ____D () C:\Users\user\AppData\Local\Mato_Technologies
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 16:17 - 2012-06-03 19:57 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-05-31 16:02 - 2012-10-28 23:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-05-31 12:22 - 2012-02-26 00:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-05-31 12:07 - 2014-05-31 11:36 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:43 - 2014-05-31 11:40 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-31 11:36 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-31 11:36 - 2012-10-06 23:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-31 11:36 - 2012-10-06 23:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-31 11:31 - 2012-10-06 23:10 - 00000000 ___HD () C:\ProgramData\AVAST Software
2014-05-31 11:30 - 2012-10-06 23:10 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-31 11:27 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-05-31 10:08 - 2012-01-19 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-05-30 01:40 - 2012-01-26 14:48 - 88247296 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-29 16:56 - 2013-09-11 22:23 - 00000000 ____D () C:\Users\user\AppData\Local\fabi.me
2014-05-29 13:22 - 2013-09-25 16:27 - 00000000 ____D () C:\Users\user\Documents\Bewerbungszeug
2014-05-27 14:05 - 2012-02-24 17:59 - 00000000 ___HD () C:\ProgramData\MTA San Andreas All
2014-05-27 12:49 - 2014-05-27 12:49 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-05-26 21:40 - 2013-04-11 13:37 - 00014336 ___SH () C:\Users\user\AppData\Roaming\Thumbs.db
2014-05-26 21:00 - 2013-03-01 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 21:00 - 2012-01-16 14:09 - 00000000 ___HD () C:\ProgramData\Skype
2014-05-25 00:01 - 2014-05-25 00:01 - 81471565 _____ () C:\Users\user\Desktop\UserLayoutOne.DMP
2014-05-24 03:12 - 2013-04-25 22:33 - 00925184 _____ () C:\Windows\expstart.exe
2014-05-24 03:11 - 2013-04-25 22:40 - 01566616 _____ () C:\Windows\UTP.exe
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-24 02:08 - 2013-05-16 12:45 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 02:03 - 2014-05-24 02:08 - 00830976 __RSH (Fantaisie Software) C:\ProgramData\UserLayoutOne.exe
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-22 22:48 - 2013-01-04 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client
2014-05-20 21:17 - 2014-05-20 21:16 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-20 21:17 - 2012-01-30 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-19 15:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-19 12:34 - 2014-05-03 21:51 - 00000000 __SHD () C:\Users\user\VOKYV
2014-05-19 00:37 - 2014-05-15 23:46 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-18 02:35 - 2014-05-18 02:45 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-18 00:12 - 2012-09-28 22:47 - 00000000 ___RD () C:\Users\user\Desktop\GFX Stuff
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 21:56 - 2013-10-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-05-17 18:56 - 2013-08-21 20:33 - 00000000 ____D () C:\Users\user\minecraft
2014-05-17 13:20 - 2012-01-08 00:37 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 13:14 - 2013-10-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 11:58 - 2013-08-15 13:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 11:56 - 2009-10-14 07:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-05-14 14:38 - 2012-06-16 17:28 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 23:29 - 2012-01-16 14:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 16:04 - 2014-05-12 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 10:26 - 2013-12-22 21:43 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-05-07 13:29 - 2012-03-05 19:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 13:29 - 2012-03-05 19:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 06:40 - 2014-05-17 12:01 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-17 12:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-17 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-17 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:39 - 2012-01-16 15:24 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA
2014-05-05 23:39 - 2012-01-16 15:24 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core
2014-05-04 12:25 - 2012-10-06 17:11 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-04 12:13 - 2014-04-07 01:46 - 00000000 ____D () C:\Users\user\AppData\Local\NVIDIA Corporation
2014-05-03 22:07 - 2013-06-21 13:36 - 00001421 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-03 22:04 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 22:04 - 2012-01-11 20:25 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 22:04 - 2012-01-11 20:25 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001

ZeroAccess:
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}\@

Files to move or delete:
====================
C:\ProgramData\UserLayoutOne.exe
C:\Users\user\x.exe


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\AskSLib.dll
C:\Users\user\AppData\Local\Temp\AVG.exe
C:\Users\user\AppData\Local\Temp\bdfilters.dll
C:\Users\user\AppData\Local\Temp\conduitinstaller.exe
C:\Users\user\AppData\Local\Temp\contentDATs.exe
C:\Users\user\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\user\AppData\Local\Temp\d0468cd76fc145a0b00b9c821fd9ad88.dll
C:\Users\user\AppData\Local\Temp\DeltaTB.exe
C:\Users\user\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\user\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\user\AppData\Local\Temp\dxwebsetup.exe
C:\Users\user\AppData\Local\Temp\EslWireSetup-1.15.3.7454-x64.exe
C:\Users\user\AppData\Local\Temp\EslWireSetup-1.17.1.7657-x64.exe
C:\Users\user\AppData\Local\Temp\FastDownload.exe
C:\Users\user\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\user\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\user\AppData\Local\Temp\i4jdel1.exe
C:\Users\user\AppData\Local\Temp\i4jdel2.exe
C:\Users\user\AppData\Local\Temp\i4jdel3.exe
C:\Users\user\AppData\Local\Temp\i4jdel4.exe
C:\Users\user\AppData\Local\Temp\ICReinstall_pando-media-booster.exe
C:\Users\user\AppData\Local\Temp\instloffer.exe
C:\Users\user\AppData\Local\Temp\JavaRa.exe
C:\Users\user\AppData\Local\Temp\jli.dll
C:\Users\user\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u55-windows-i586.exe
C:\Users\user\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\keytool.exe
C:\Users\user\AppData\Local\Temp\mgsqlite3.dll
C:\Users\user\AppData\Local\Temp\mpa06540.exe
C:\Users\user\AppData\Local\Temp\mpa07176.exe
C:\Users\user\AppData\Local\Temp\msvcr100.dll
C:\Users\user\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\user\AppData\Local\Temp\MyBabylonTB_google_20120807.exe
C:\Users\user\AppData\Local\Temp\MyBabylonTB_I.exe
C:\Users\user\AppData\Local\Temp\NGE_Uninstall.exe
C:\Users\user\AppData\Local\Temp\NGM.exe
C:\Users\user\AppData\Local\Temp\NGMDll.dll
C:\Users\user\AppData\Local\Temp\NGMResource.dll
C:\Users\user\AppData\Local\Temp\node.exe
C:\Users\user\AppData\Local\Temp\nseD946.exe
C:\Users\user\AppData\Local\Temp\nsm2DCE.exe
C:\Users\user\AppData\Local\Temp\nsp2736.exe
C:\Users\user\AppData\Local\Temp\nsp35E2.exe
C:\Users\user\AppData\Local\Temp\nsu3164.exe
C:\Users\user\AppData\Local\Temp\nsuBF6F.exe
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\oi_{C4AAE7CE-F53B-46CC-959E-9475C67FB0D3}.exe
C:\Users\user\AppData\Local\Temp\oypjue01.dll
C:\Users\user\AppData\Local\Temp\Ping AIMBOT by FYP.exe
C:\Users\user\AppData\Local\Temp\pricepeep_130001_1001.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\user\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\user\AppData\Local\Temp\setupA9_.exe
C:\Users\user\AppData\Local\Temp\Shortcut_SweetImSetup.exe
C:\Users\user\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sp-downloader.exe
C:\Users\user\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\user\AppData\Local\Temp\SPStub.exe
C:\Users\user\AppData\Local\Temp\sqlite3.exe
C:\Users\user\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\user\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\user\AppData\Local\Temp\tbDVDV.dll
C:\Users\user\AppData\Local\Temp\tbentr.dll
C:\Users\user\AppData\Local\Temp\tbWinl.dll
C:\Users\user\AppData\Local\Temp\tmp609E.tmp.exe
C:\Users\user\AppData\Local\Temp\tmp7CF.tmp.exe
C:\Users\user\AppData\Local\Temp\tmpA281.tmp.exe
C:\Users\user\AppData\Local\Temp\tmpF821.tmp.exe
C:\Users\user\AppData\Local\Temp\toolbar.exe
C:\Users\user\AppData\Local\Temp\topazfusion2_setup.exe
C:\Users\user\AppData\Local\Temp\Tsu071B321A.dll
C:\Users\user\AppData\Local\Temp\TubeBoxSetup.exe
C:\Users\user\AppData\Local\Temp\umynemd5.dll
C:\Users\user\AppData\Local\Temp\unicows.dll
C:\Users\user\AppData\Local\Temp\uninst1.exe
C:\Users\user\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\user\AppData\Local\Temp\vcredist_x86.exe
C:\Users\user\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\user\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\user\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\user\AppData\Local\Temp\vlc-2.0.6-win64.exe
C:\Users\user\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\user\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\user\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\user\AppData\Local\Temp\_isD8BA.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2012-01-16 15:08] - [2011-02-25 07:30] - 2616320 ____A (Microsoft Corporation) 697651F303443F98F7EC76D4DCAE6789

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 13:58

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by user at 2014-06-01 21:14:43
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.78 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Crosshair (HKCU\...\5b164957566923bc) (Version: 1.0.1.1 - Basti B)
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Java(TM) 6 Update 39 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416039FF}) (Version: 6.0.390 - Oracle)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - DEU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - DEU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C# 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C# 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{cde5fd82-4a8f-483e-adf0-ca7343d00433}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla)
MP3jam 1.1.1.6 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.6 - MP3jam)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
MSDN Library für Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version:  - Microsoft Corporation)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.3.3 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.3 - Multi Theft Auto)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.061 - Deutsche Telekom AG)
Netzmanager (Version: 1.061 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
New Great Effects 1.6 Uninstall (HKLM-x32\...\New Great Effects 1.6 Uninstall) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 20.0.1387.91 (HKCU\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Radio (HKCU\...\e17cdb53303d6bd9) (Version: 1.0.0.18 - Microsoft)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.0.0 - Topaz Labs, LLC)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Vegas Pro 10.0 (HKLM-x32\...\{6E0E4D61-11EC-11E0-B454-0013D3D69929}) (Version: 10.0.469 - Sony)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XFastUsb (HKLM-x32\...\XFastUsb) (Version:  - )
YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)

==================== Restore Points  =========================

30-05-2014 07:51:02 Windows Update
31-05-2014 09:31:38 avast! antivirus system restore point
01-06-2014 17:00:12 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {15DF1B55-64F5-4CE5-977B-A69E7F562DA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)
Task: {263A08EF-E768-4BDE-BA6C-2BB0C29575AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)
Task: {3950AADF-E2EB-4979-A1E3-200733FD5914} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6EAA3458-E9F2-4975-9F9E-0AC679653234} - \Software Updater Ui No Task File <==== ATTENTION
Task: {703F8FAD-E525-41B8-A46A-39E4B715E26F} - System32\Tasks\{5785815B-F91D-4A1B-8C52-2EB9FDBB3691} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.114/de/abandoninstall?page=tsProgressBar
Task: {740E0DE0-0235-4EDD-A714-7A13A9F70C2A} - System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303} => C:\ProgramData\UserLayoutOne.exe [2014-05-24] (Fantaisie Software)
Task: {8278A5C6-8BA6-458E-ABE5-872BD0943B13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {93648F88-1D29-4690-8CB6-0CEC42D5E964} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.)
Task: {9EA15BC2-9C7D-4786-A1E1-7FB66A709D51} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-31] (AVAST Software)
Task: {CA461829-15E6-421E-9211-FB8F749455AB} - \Software Updater No Task File <==== ATTENTION
Task: {D5A03701-F1BD-4B0D-8431-66591B4D4EC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.)
Task: {F1DF7BB2-0AF8-45EA-8CC7-42C1DE66404A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {FB4078B5-96A1-40C0-88B4-7DE07D012F39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-08 01:00 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-16 17:28 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-01-10 14:41 - 2013-09-29 20:19 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2012-01-08 00:46 - 2011-02-22 08:03 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-01-08 00:46 - 2011-02-22 08:03 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-01-08 00:46 - 2011-02-22 08:03 - 00621168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-09-24 22:35 - 2014-05-15 17:54 - 00598072 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-06-01 17:20 - 2014-06-01 17:20 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14060101\algo.dll
2012-06-16 17:28 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-05-23 16:25 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-03 10:01 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-23 16:25 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-25 02:21 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-25 14:23 - 2014-05-17 03:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-23 16:25 - 2014-05-29 19:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-23 16:25 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-04-19 13:10 - 2014-05-29 19:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-06-03 19:57 - 2014-05-15 17:54 - 36966968 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libcef.dll
2014-05-31 11:36 - 2014-05-31 11:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-24 22:35 - 2014-05-15 17:54 - 00886840 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-24 22:35 - 2014-05-15 17:54 - 00108600 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 00716616 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 00126280 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 04217672 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 00414536 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-21 19:59 - 2014-05-14 01:40 - 01732424 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\user\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\user\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 07:54:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DevInst.exe, Version: 0.0.1.0, Zeitstempel: 0x51afee4c
Name des fehlerhaften Moduls: PenInst.dll, Version: 0.0.1.0, Zeitstempel: 0x51afee4f
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000000b624
ID des fehlerhaften Prozesses: 0x18a4
Startzeit der fehlerhaften Anwendung: 0xDevInst.exe0
Pfad der fehlerhaften Anwendung: DevInst.exe1
Pfad des fehlerhaften Moduls: DevInst.exe2
Berichtskennung: DevInst.exe3

Error: (06/01/2014 07:52:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 18c8

Startzeit: 01cf7dc221521ebf

Endzeit: 2

Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID: 83ba7d8b-e9b5-11e3-a99c-002522c67b37

Error: (06/01/2014 07:00:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {6db0efa1-b5c9-4c0b-bc61-5776fb0727bf}

Error: (06/01/2014 06:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UserLayoutOne.exe, Version: 4.0.0.0, Zeitstempel: 0x4fd0cff9
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1734
Startzeit der fehlerhaften Anwendung: 0xUserLayoutOne.exe0
Pfad der fehlerhaften Anwendung: UserLayoutOne.exe1
Pfad des fehlerhaften Moduls: UserLayoutOne.exe2
Berichtskennung: UserLayoutOne.exe3

Error: (06/01/2014 06:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: msdcsc.exe, Version: 0.0.0.0, Zeitstempel: 0x537e910f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xmsdcsc.exe0
Pfad der fehlerhaften Anwendung: msdcsc.exe1
Pfad des fehlerhaften Moduls: msdcsc.exe2
Berichtskennung: msdcsc.exe3

Error: (06/01/2014 06:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UserLayoutOne.exe, Version: 4.0.0.0, Zeitstempel: 0x4fd0cff9
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x12bc
Startzeit der fehlerhaften Anwendung: 0xUserLayoutOne.exe0
Pfad der fehlerhaften Anwendung: UserLayoutOne.exe1
Pfad des fehlerhaften Moduls: UserLayoutOne.exe2
Berichtskennung: UserLayoutOne.exe3

Error: (06/01/2014 06:47:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UserLayoutOne.exe, Version: 4.0.0.0, Zeitstempel: 0x4fd0cff9
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1568
Startzeit der fehlerhaften Anwendung: 0xUserLayoutOne.exe0
Pfad der fehlerhaften Anwendung: UserLayoutOne.exe1
Pfad des fehlerhaften Moduls: UserLayoutOne.exe2
Berichtskennung: UserLayoutOne.exe3

Error: (06/01/2014 06:46:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UserLayoutOne.exe, Version: 4.0.0.0, Zeitstempel: 0x4fd0cff9
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xdc4
Startzeit der fehlerhaften Anwendung: 0xUserLayoutOne.exe0
Pfad der fehlerhaften Anwendung: UserLayoutOne.exe1
Pfad des fehlerhaften Moduls: UserLayoutOne.exe2
Berichtskennung: UserLayoutOne.exe3

Error: (06/01/2014 06:45:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UserLayoutOne.exe, Version: 4.0.0.0, Zeitstempel: 0x4fd0cff9
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0xUserLayoutOne.exe0
Pfad der fehlerhaften Anwendung: UserLayoutOne.exe1
Pfad des fehlerhaften Moduls: UserLayoutOne.exe2
Berichtskennung: UserLayoutOne.exe3

Error: (06/01/2014 06:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UserLayoutOne.exe, Version: 4.0.0.0, Zeitstempel: 0x4fd0cff9
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1990
Startzeit der fehlerhaften Anwendung: 0xUserLayoutOne.exe0
Pfad der fehlerhaften Anwendung: UserLayoutOne.exe1
Pfad des fehlerhaften Moduls: UserLayoutOne.exe2
Berichtskennung: UserLayoutOne.exe3


System errors:
=============
Error: (06/01/2014 06:41:27 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/01/2014 06:38:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Netzmanager Infrastruktur Informationssystem Dienst erreicht.

Error: (06/01/2014 06:36:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mikogo-Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/01/2014 06:36:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Hi-Rez Studios Authenticate and Update Service erreicht.

Error: (06/01/2014 05:20:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet.

Error: (06/01/2014 05:16:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Netzmanager Infrastruktur Informationssystem Dienst erreicht.

Error: (06/01/2014 05:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mikogo-Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/01/2014 05:15:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Hi-Rez Studios Authenticate and Update Service erreicht.

Error: (06/01/2014 05:14:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xfffffa8009b80010, 0xfffff8800f9d7e2c, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP

Error: (06/01/2014 05:14:16 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description: 


Microsoft Office Sessions:
=========================
Error: (06/01/2014 07:54:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DevInst.exe0.0.1.051afee4cPenInst.dll0.0.1.051afee4fc0000417000000000000b62418a401cf7dc28c5a1052C:\Program Files\Tablet\DevInst.exeC:\Program Files\Tablet\PenInst.dllca87004c-e9b5-11e3-a99c-002522c67b37

Error: (06/01/2014 07:52:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.1.7600.1638518c801cf7dc221521ebf2C:\Windows\system32\NOTEPAD.EXE83ba7d8b-e9b5-11e3-a99c-002522c67b37

Error: (06/01/2014 07:00:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {6db0efa1-b5c9-4c0b-bc61-5776fb0727bf}

Error: (06/01/2014 06:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UserLayoutOne.exe4.0.0.04fd0cff9KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d173401cf7db9428a18c9C:\ProgramData\UserLayoutOne.exeC:\Windows\syswow64\KERNELBASE.dll80413aca-e9ac-11e3-a99c-002522c67b37

Error: (06/01/2014 06:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msdcsc.exe0.0.0.0537e910fKERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42d

Error: (06/01/2014 06:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UserLayoutOne.exe4.0.0.04fd0cff9KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d12bc01cf7db92e65db69C:\ProgramData\UserLayoutOne.exeC:\Windows\syswow64\KERNELBASE.dll6c1d4b8b-e9ac-11e3-a99c-002522c67b37

Error: (06/01/2014 06:47:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UserLayoutOne.exe4.0.0.04fd0cff9KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d156801cf7db91c7faf91C:\ProgramData\UserLayoutOne.exeC:\Windows\syswow64\KERNELBASE.dll5a383127-e9ac-11e3-a99c-002522c67b37

Error: (06/01/2014 06:46:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UserLayoutOne.exe4.0.0.04fd0cff9KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42ddc401cf7db907a82521C:\ProgramData\UserLayoutOne.exeC:\Windows\syswow64\KERNELBASE.dll455f4722-e9ac-11e3-a99c-002522c67b37

Error: (06/01/2014 06:45:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UserLayoutOne.exe4.0.0.04fd0cff9KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d8c801cf7db8f3e32026C:\ProgramData\UserLayoutOne.exeC:\Windows\syswow64\KERNELBASE.dll3199f406-e9ac-11e3-a99c-002522c67b37

Error: (06/01/2014 06:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UserLayoutOne.exe4.0.0.04fd0cff9KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d199001cf7db8dfb96472C:\ProgramData\UserLayoutOne.exeC:\Windows\syswow64\KERNELBASE.dll1d6f74fe-e9ac-11e3-a99c-002522c67b37


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 8174.75 MB
Available physical RAM: 4916.21 MB
Total Pagefile: 16347.67 MB
Available Pagefile: 12581.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:26.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Tablet_CD) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: FD86FD86)
Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · 01.06.2014, 20:28

Jup, da ist einiges los...

Bis Du ein "clean" bekommst bitte von diesem PC aus keine sensiblen Logins (Bank, paypal etc.) mehr vornehmen. Passwortänderungen von einem sauberen System aus sind grundsätzlich empfehlenswert.

Ich melde mich vermutlich morgen wieder mit weiteren Anweisungen. Bis dahin bitte keine Tools etc. ohne Anweisung verwenden, OK?

deeprybka · 01.06.2014, 21:56

Wir machen so weiter....

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Stan_ · 02.06.2014, 07:24

Code:

ATTFilter

ComboFix 14-05-29.01 - user 02.06.2014   8:07.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8175.6622 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dclogs
c:\programdata\dclogs\2014-05-27-3.dc
c:\programdata\dclogs\2014-05-28-4.dc
c:\programdata\dclogs\2014-05-31-7.dc
c:\programdata\Microsoft\Windows\Start Menu\MSDCSC
c:\programdata\UserLayoutOne.exe
c:\users\Public\Documents\MSDCSC\msdcsc.exe
c:\users\user\AppData\Roaming\dclogs
c:\users\user\AppData\Roaming\dclogs\2013-07-01-2.dc
c:\users\user\AppData\Roaming\dclogs\2013-07-02-3.dc
c:\users\user\AppData\Roaming\dclogs\2013-07-03-4.dc
c:\users\user\AppData\Roaming\dclogs\2013-07-04-5.dc
c:\users\user\AppData\Roaming\dclogs\2013-07-05-6.dc
c:\users\user\AppData\Roaming\dclogs\2013-07-06-7.dc
c:\users\user\AppData\Roaming\dclogs\2013-07-07-1.dc
c:\users\user\AppData\Roaming\dclogs\2014-05-03-7.dc
c:\users\user\AppData\Roaming\dclogs\2014-05-06-3.dc
c:\users\user\AppData\Roaming\dclogs\2014-05-17-7.dc
c:\users\user\AppData\Roaming\dclogs\2014-05-24-7.dc
c:\users\user\AppData\Roaming\dclogs\2014-05-26-2.dc
c:\users\user\AppData\Roaming\dclogs\2014-06-01-1.dc
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.com.url
c:\users\user\AppData\Roaming\userlog.dat
c:\users\user\Documents\MSDCSC\msdcsc.exe
c:\users\user\VOKYV
c:\users\user\VOKYV\11019.TVL
c:\users\user\VOKYV\11158.LPW
c:\users\user\VOKYV\11176.WHT
c:\users\user\VOKYV\11704.ILL
c:\users\user\VOKYV\11769.UJV
c:\users\user\VOKYV\1178.SJX
c:\users\user\VOKYV\12177.HES
c:\users\user\VOKYV\12357.PEX
c:\users\user\VOKYV\12529.SKV
c:\users\user\VOKYV\14345.THS
c:\users\user\VOKYV\14373.SFL
c:\users\user\VOKYV\14445.SIL
c:\users\user\VOKYV\14543.EOV
c:\users\user\VOKYV\14944.ESH
c:\users\user\VOKYV\15102.HHN
c:\users\user\VOKYV\15301.EMS
c:\users\user\VOKYV\15779.ZZJ
c:\users\user\VOKYV\16290.AUR
c:\users\user\VOKYV\1639.SYW
c:\users\user\VOKYV\1645.MMB
c:\users\user\VOKYV\16872.JOW
c:\users\user\VOKYV\17065.ABF
c:\users\user\VOKYV\17110.KAU
c:\users\user\VOKYV\17580.QLT
c:\users\user\VOKYV\17697.DLV
c:\users\user\VOKYV\17965.TJB
c:\users\user\VOKYV\18420.KNP
c:\users\user\VOKYV\18525.XGZ
c:\users\user\VOKYV\18690.VCG
c:\users\user\VOKYV\19888.SRP
c:\users\user\VOKYV\20396.AAQ
c:\users\user\VOKYV\20457.RMG
c:\users\user\VOKYV\20760.SNI
c:\users\user\VOKYV\20904.SYQ
c:\users\user\VOKYV\21257.FQN
c:\users\user\VOKYV\22202.BMP
c:\users\user\VOKYV\22720.TJV
c:\users\user\VOKYV\23139.KHX
c:\users\user\VOKYV\23202.DKD
c:\users\user\VOKYV\23480.EEY
c:\users\user\VOKYV\23613.MFG
c:\users\user\VOKYV\23948.WYV
c:\users\user\VOKYV\24037.KOF
c:\users\user\VOKYV\24116.QCW
c:\users\user\VOKYV\244128.dat
c:\users\user\VOKYV\24679.DOU
c:\users\user\VOKYV\24830.BVD
c:\users\user\VOKYV\24862.GHA
c:\users\user\VOKYV\26003.VAD
c:\users\user\VOKYV\26191.PVR
c:\users\user\VOKYV\26279.ZHH
c:\users\user\VOKYV\26281.ZRL
c:\users\user\VOKYV\26567.AJG
c:\users\user\VOKYV\26684.RDJ
c:\users\user\VOKYV\26715.WHP
c:\users\user\VOKYV\27034.JMT
c:\users\user\VOKYV\27613.ZJV
c:\users\user\VOKYV\27855.VQB
c:\users\user\VOKYV\27858.ODI
c:\users\user\VOKYV\28661.VNG
c:\users\user\VOKYV\28776.REP
c:\users\user\VOKYV\29366.IFD
c:\users\user\VOKYV\29611.YRR
c:\users\user\VOKYV\29730.RBC
c:\users\user\VOKYV\29909.QWW
c:\users\user\VOKYV\30262.DTW
c:\users\user\VOKYV\30351.RMJ
c:\users\user\VOKYV\30615.XQO
c:\users\user\VOKYV\3062.LZD
c:\users\user\VOKYV\3142.UCT
c:\users\user\VOKYV\31933.GVT
c:\users\user\VOKYV\32329.YTL
c:\users\user\VOKYV\32604.XPR
c:\users\user\VOKYV\32683.INT
c:\users\user\VOKYV\33190.JHO
c:\users\user\VOKYV\33269.OVV
c:\users\user\VOKYV\33574.KCM
c:\users\user\VOKYV\34141.ROM
c:\users\user\VOKYV\34513.RPT
c:\users\user\VOKYV\34803.LBI
c:\users\user\VOKYV\351817.IMS
c:\users\user\VOKYV\35462.TPP
c:\users\user\VOKYV\35868.NIC
c:\users\user\VOKYV\36555.CNH
c:\users\user\VOKYV\36594.RRU
c:\users\user\VOKYV\36604.CTX
c:\users\user\VOKYV\36626.NGT
c:\users\user\VOKYV\36673.XWI
c:\users\user\VOKYV\37020.REC
c:\users\user\VOKYV\37603.UNM
c:\users\user\VOKYV\38326.WPP
c:\users\user\VOKYV\3849.FOZ
c:\users\user\VOKYV\38770.PUL
c:\users\user\VOKYV\38970.TQG
c:\users\user\VOKYV\39344.BKP
c:\users\user\VOKYV\39378.DWB
c:\users\user\VOKYV\39447.LAB
c:\users\user\VOKYV\39720.ILE
c:\users\user\VOKYV\40314.EEF
c:\users\user\VOKYV\40416.EAP
c:\users\user\VOKYV\40495.SMF
c:\users\user\VOKYV\40627.YFU
c:\users\user\VOKYV\40729.VOW
c:\users\user\VOKYV\4084.VSC
c:\users\user\VOKYV\42169.KES
c:\users\user\VOKYV\42287.WQR
c:\users\user\VOKYV\42589.ZAQ
c:\users\user\VOKYV\42770.KIV
c:\users\user\VOKYV\43973.LKB
c:\users\user\VOKYV\44098.DFJ
c:\users\user\VOKYV\4420.RTZ
c:\users\user\VOKYV\44994.VDC
c:\users\user\VOKYV\45049.LLD
c:\users\user\VOKYV\45107.TUS
c:\users\user\VOKYV\45378.QTW
c:\users\user\VOKYV\46011.DGU
c:\users\user\VOKYV\46542.NKG
c:\users\user\VOKYV\46557.SMF
c:\users\user\VOKYV\47233.UAM
c:\users\user\VOKYV\47460.UAK
c:\users\user\VOKYV\4747.WGB
c:\users\user\VOKYV\47733.GAX
c:\users\user\VOKYV\47813.TEO
c:\users\user\VOKYV\47968.RZH
c:\users\user\VOKYV\4847.IGC
c:\users\user\VOKYV\4885.TOH
c:\users\user\VOKYV\48914.SPB
c:\users\user\VOKYV\49511.KLQ
c:\users\user\VOKYV\49831.UFB
c:\users\user\VOKYV\498875.exe
c:\users\user\VOKYV\5006.QNS
c:\users\user\VOKYV\50181.GXE
c:\users\user\VOKYV\50235.RLV
c:\users\user\VOKYV\51590.JJW
c:\users\user\VOKYV\51635.GSE
c:\users\user\VOKYV\5211.YEP
c:\users\user\VOKYV\52240.FMW
c:\users\user\VOKYV\52531.OMA
c:\users\user\VOKYV\52752.IMU
c:\users\user\VOKYV\53485.BUI
c:\users\user\VOKYV\54160.WNW
c:\users\user\VOKYV\54644.ZOX
c:\users\user\VOKYV\54705.QBD
c:\users\user\VOKYV\55154.OUG
c:\users\user\VOKYV\55208.CZT
c:\users\user\VOKYV\55623.NKL
c:\users\user\VOKYV\56492.HAG
c:\users\user\VOKYV\56691.ZNX
c:\users\user\VOKYV\570423.dat
c:\users\user\VOKYV\57091.ZRU
c:\users\user\VOKYV\57117.QZW
c:\users\user\VOKYV\57793.XEZ
c:\users\user\VOKYV\58125.SGJ
c:\users\user\VOKYV\58515.BNN
c:\users\user\VOKYV\58874.PUD
c:\users\user\VOKYV\59021.THC
c:\users\user\VOKYV\59142.PQD
c:\users\user\VOKYV\5971.WBD
c:\users\user\VOKYV\59906.NLV
c:\users\user\VOKYV\60149.LRC
c:\users\user\VOKYV\60288.JHW
c:\users\user\VOKYV\60505.JYB
c:\users\user\VOKYV\60824.EST
c:\users\user\VOKYV\6130.UCN
c:\users\user\VOKYV\61561.RSM
c:\users\user\VOKYV\61649.OYN
c:\users\user\VOKYV\61676.UZF
c:\users\user\VOKYV\61879.ALC
c:\users\user\VOKYV\62121.ZHX
c:\users\user\VOKYV\62272.ICT
c:\users\user\VOKYV\62293.ZTN
c:\users\user\VOKYV\63063.EYU
c:\users\user\VOKYV\6358.UCL
c:\users\user\VOKYV\64054.XNF
c:\users\user\VOKYV\64407.DTO
c:\users\user\VOKYV\64472.SRD
c:\users\user\VOKYV\65246.UDI
c:\users\user\VOKYV\65470.ZMA
c:\users\user\VOKYV\65640.RCJ
c:\users\user\VOKYV\65795.OVY
c:\users\user\VOKYV\65911.GYR
c:\users\user\VOKYV\66209.YXK
c:\users\user\VOKYV\6645.XPD
c:\users\user\VOKYV\66462.VOC
c:\users\user\VOKYV\67534.EYT
c:\users\user\VOKYV\67563.ABR
c:\users\user\VOKYV\68324.YVI
c:\users\user\VOKYV\68384.RVU
c:\users\user\VOKYV\68450.XNO
c:\users\user\VOKYV\6908.DEM
c:\users\user\VOKYV\69294.RYX
c:\users\user\VOKYV\69712.CBN
c:\users\user\VOKYV\69738.KYJ
c:\users\user\VOKYV\69852.XBC
c:\users\user\VOKYV\7119.LWY
c:\users\user\VOKYV\71905.RHD
c:\users\user\VOKYV\73147.ZJC
c:\users\user\VOKYV\73652.RPV
c:\users\user\VOKYV\73690.YVQ
c:\users\user\VOKYV\74362.UHQ
c:\users\user\VOKYV\75280.DQH
c:\users\user\VOKYV\75403.HRR
c:\users\user\VOKYV\7574.JGC
c:\users\user\VOKYV\75786.CQW
c:\users\user\VOKYV\75931.XPI
c:\users\user\VOKYV\75959.FQS
c:\users\user\VOKYV\76158.YND
c:\users\user\VOKYV\76992.ULJ
c:\users\user\VOKYV\77034.UOB
c:\users\user\VOKYV\78317.LCB
c:\users\user\VOKYV\78466.YBA
c:\users\user\VOKYV\78603.XOL
c:\users\user\VOKYV\79239.EXZ
c:\users\user\VOKYV\79550.BVM
c:\users\user\VOKYV\79575.SXV
c:\users\user\VOKYV\79705.VIT
c:\users\user\VOKYV\81273.XXF
c:\users\user\VOKYV\81398.TOG
c:\users\user\VOKYV\82086.CCW
c:\users\user\VOKYV\82682.YTM
c:\users\user\VOKYV\82704.RTI
c:\users\user\VOKYV\82709.NZU
c:\users\user\VOKYV\83005.NSI
c:\users\user\VOKYV\83563.VFA
c:\users\user\VOKYV\84219.BLE
c:\users\user\VOKYV\85112.YTF
c:\users\user\VOKYV\85522.TIT
c:\users\user\VOKYV\8587.WEO
c:\users\user\VOKYV\86056.CKF
c:\users\user\VOKYV\86087.TOF
c:\users\user\VOKYV\86492.MOC
c:\users\user\VOKYV\86589.RQF
c:\users\user\VOKYV\86648.FSR
c:\users\user\VOKYV\86689.PGM
c:\users\user\VOKYV\86993.DGN
c:\users\user\VOKYV\87054.OTS
c:\users\user\VOKYV\87251.HJB
c:\users\user\VOKYV\88552.BIT
c:\users\user\VOKYV\88587.ZIO
c:\users\user\VOKYV\88758.ZOI
c:\users\user\VOKYV\89721.LYU
c:\users\user\VOKYV\89999.WNA
c:\users\user\VOKYV\90326.SWN
c:\users\user\VOKYV\90995.GAD
c:\users\user\VOKYV\91203.QUM
c:\users\user\VOKYV\92275.KXQ
c:\users\user\VOKYV\92507.QOK
c:\users\user\VOKYV\93473.CFM
c:\users\user\VOKYV\94464.DUO
c:\users\user\VOKYV\94540.BRO
c:\users\user\VOKYV\94561.HTY
c:\users\user\VOKYV\95140.ZYV
c:\users\user\VOKYV\95313.TNQ
c:\users\user\VOKYV\95835.OCM
c:\users\user\VOKYV\96132.JOE
c:\users\user\VOKYV\96468.JLP
c:\users\user\VOKYV\96796.ZOS
c:\users\user\VOKYV\96824.JSZ
c:\users\user\VOKYV\97122.FHL
c:\users\user\VOKYV\97260.CSY
c:\users\user\VOKYV\97547.KLB
c:\users\user\VOKYV\98023.QAS
c:\users\user\VOKYV\98222.DYH
c:\users\user\VOKYV\99540.LNO
c:\users\user\VOKYV\99600.VNL
c:\users\user\VOKYV\A19703.BGL
c:\users\user\VOKYV\A21938.IXO
c:\users\user\VOKYV\A25369.TCA
c:\users\user\VOKYV\A30561.LIY
c:\users\user\VOKYV\A33494.REH
c:\users\user\VOKYV\A35251.XML
c:\users\user\VOKYV\A69533.ZAZ
c:\users\user\VOKYV\A74411.IMV
c:\users\user\VOKYV\B14487.QCZ
c:\users\user\VOKYV\B2723.DPZ
c:\users\user\VOKYV\B74536.FHU
c:\users\user\VOKYV\B87172.YFT
c:\users\user\VOKYV\B87418.JAU
c:\users\user\VOKYV\B90271.DJE
c:\users\user\VOKYV\B98970.XDN
c:\users\user\VOKYV\C19021.BOE
c:\users\user\VOKYV\C32687.UOO
c:\users\user\VOKYV\C34658.EYK
c:\users\user\VOKYV\C49296.RDY
c:\users\user\VOKYV\C58457.ISS
c:\users\user\VOKYV\C63557.QMJ
c:\users\user\VOKYV\C66322.KNM
c:\users\user\VOKYV\C78333.FRK
c:\users\user\VOKYV\C83503.PRW
c:\users\user\VOKYV\D26726.OGF
c:\users\user\VOKYV\D37126.KQQ
c:\users\user\VOKYV\D42760.EPW
c:\users\user\VOKYV\D44504.PXD
c:\users\user\VOKYV\D57802.EZP
c:\users\user\VOKYV\D7143.UEU
c:\users\user\VOKYV\D82996.YRD
c:\users\user\VOKYV\D9137.GEV
c:\users\user\VOKYV\D97694.LFY
c:\users\user\VOKYV\D98650.QFP
c:\users\user\VOKYV\E10419.MYC
c:\users\user\VOKYV\E1222.BQF
c:\users\user\VOKYV\E17787.SYS
c:\users\user\VOKYV\E22554.STY
c:\users\user\VOKYV\E23748.DGX
c:\users\user\VOKYV\E2639.NGO
c:\users\user\VOKYV\E27355.HWP
c:\users\user\VOKYV\E39479.WOT
c:\users\user\VOKYV\E46490.VQG
c:\users\user\VOKYV\E48551.BQX
c:\users\user\VOKYV\E50526.DMZ
c:\users\user\VOKYV\E50563.TIO
c:\users\user\VOKYV\E5287.WOM
c:\users\user\VOKYV\E53698.ACU
c:\users\user\VOKYV\E60423.ITR
c:\users\user\VOKYV\E68039.UNO
c:\users\user\VOKYV\E75836.NXG
c:\users\user\VOKYV\E85799.HYP
c:\users\user\VOKYV\E94207.ULH
c:\users\user\VOKYV\E95727.WFY
c:\users\user\VOKYV\F13079.IWA
c:\users\user\VOKYV\F13336.BTD
c:\users\user\VOKYV\F25587.COW
c:\users\user\VOKYV\F57830.HNC
c:\users\user\VOKYV\F78179.WFB
c:\users\user\VOKYV\G25449.YOS
c:\users\user\VOKYV\G39978.PME
c:\users\user\VOKYV\G43748.BVL
c:\users\user\VOKYV\G61315.PVH
c:\users\user\VOKYV\G62982.WYO
c:\users\user\VOKYV\G72377.NQP
c:\users\user\VOKYV\G72743.FAD
c:\users\user\VOKYV\G7694.JLI
c:\users\user\VOKYV\G79000.TSK
c:\users\user\VOKYV\G90676.VYA
c:\users\user\VOKYV\H22776.CVL
c:\users\user\VOKYV\H23811.CTF
c:\users\user\VOKYV\H24490.COI
c:\users\user\VOKYV\H39951.HGI
c:\users\user\VOKYV\H40445.GIG
c:\users\user\VOKYV\H45260.LIZ
c:\users\user\VOKYV\H61707.YET
c:\users\user\VOKYV\H77603.QYN
c:\users\user\VOKYV\H83842.GGM
c:\users\user\VOKYV\H93476.UOI
c:\users\user\VOKYV\H98994.FND
c:\users\user\VOKYV\I2097.IFQ
c:\users\user\VOKYV\I35908.OUJ
c:\users\user\VOKYV\I37102.GXG
c:\users\user\VOKYV\I38698.CIR
c:\users\user\VOKYV\I40395.EJH
c:\users\user\VOKYV\I69681.QAA
c:\users\user\VOKYV\I9315.WWZ
c:\users\user\VOKYV\I96923.CIH
c:\users\user\VOKYV\J22331.HQN
c:\users\user\VOKYV\J32741.QQE
c:\users\user\VOKYV\J45595.QLU
c:\users\user\VOKYV\J56541.CBT
c:\users\user\VOKYV\J63249.PUB
c:\users\user\VOKYV\J76848.LHQ
c:\users\user\VOKYV\J83970.EMC
c:\users\user\VOKYV\J86571.TSM
c:\users\user\VOKYV\J95985.BOY
c:\users\user\VOKYV\K10184.JWW
c:\users\user\VOKYV\K10299.KLF
c:\users\user\VOKYV\K28014.VVZ
c:\users\user\VOKYV\K38679.VHD
c:\users\user\VOKYV\K48191.RHP
c:\users\user\VOKYV\K48244.RXU
c:\users\user\VOKYV\K5423.ZMC
c:\users\user\VOKYV\K55611.JCQ
c:\users\user\VOKYV\K57922.GFF
c:\users\user\VOKYV\K61957.FWC
c:\users\user\VOKYV\K74378.JWR
c:\users\user\VOKYV\K77477.YCZ
c:\users\user\VOKYV\K83425.MWW
c:\users\user\VOKYV\K89201.JAZ
c:\users\user\VOKYV\K90846.EKS
c:\users\user\VOKYV\K99318.PZQ
c:\users\user\VOKYV\L16490.YVH
c:\users\user\VOKYV\L17002.YTC
c:\users\user\VOKYV\L28646.LAS
c:\users\user\VOKYV\L34139.NCE
c:\users\user\VOKYV\L34622.TPB
c:\users\user\VOKYV\L39733.ANO
c:\users\user\VOKYV\L57050.KFN
c:\users\user\VOKYV\L60495.CZI
c:\users\user\VOKYV\L69579.DFW
c:\users\user\VOKYV\L73843.YOP
c:\users\user\VOKYV\L88407.UXV
c:\users\user\VOKYV\L93597.MEZ
c:\users\user\VOKYV\M17931.GTD
c:\users\user\VOKYV\M30338.STQ
c:\users\user\VOKYV\M37946.VHX
c:\users\user\VOKYV\M55840.GUX
c:\users\user\VOKYV\M57671.JQB
c:\users\user\VOKYV\M58342.NNV
c:\users\user\VOKYV\M60106.VDM
c:\users\user\VOKYV\M71067.JXO
c:\users\user\VOKYV\M82276.YFG
c:\users\user\VOKYV\N29860.UEP
c:\users\user\VOKYV\N35959.CXV
c:\users\user\VOKYV\N36792.SXK
c:\users\user\VOKYV\N42910.FZE
c:\users\user\VOKYV\N51627.NOA
c:\users\user\VOKYV\N60835.QJA
c:\users\user\VOKYV\N77007.FET
c:\users\user\VOKYV\N7735.AGA
c:\users\user\VOKYV\N90763.OAQ
c:\users\user\VOKYV\N98663.RIZ
c:\users\user\VOKYV\O20319.SWI
c:\users\user\VOKYV\O24449.PIY
c:\users\user\VOKYV\O25756.QNO
c:\users\user\VOKYV\O25779.SLM
c:\users\user\VOKYV\O26137.NZU
c:\users\user\VOKYV\O28452.KEZ
c:\users\user\VOKYV\O33364.EPM
c:\users\user\VOKYV\O33499.QRW
c:\users\user\VOKYV\O47116.NTZ
c:\users\user\VOKYV\O48807.TUG
c:\users\user\VOKYV\O51233.UQD
c:\users\user\VOKYV\O74097.SKE
c:\users\user\VOKYV\P14784.LML
c:\users\user\VOKYV\P20328.YPV
c:\users\user\VOKYV\P32368.DMD
c:\users\user\VOKYV\P45446.CIH
c:\users\user\VOKYV\P51719.VEA
c:\users\user\VOKYV\P62690.MIW
c:\users\user\VOKYV\P65913.YNC
c:\users\user\VOKYV\P67408.AEH
c:\users\user\VOKYV\P86754.QIO
c:\users\user\VOKYV\PSCGenerator.exe
c:\users\user\VOKYV\Q31160.ZMR
c:\users\user\VOKYV\Q33737.MEI
c:\users\user\VOKYV\Q35587.CXH
c:\users\user\VOKYV\Q37878.QCE
c:\users\user\VOKYV\Q52308.SWG
c:\users\user\VOKYV\Q57204.QNU
c:\users\user\VOKYV\Q92424.DIM
c:\users\user\VOKYV\Q93836.XQA
c:\users\user\VOKYV\Q94550.OBW
c:\users\user\VOKYV\R11994.RNW
c:\users\user\VOKYV\R44239.AQM
c:\users\user\VOKYV\R59676.DCM
c:\users\user\VOKYV\R62321.YJY
c:\users\user\VOKYV\R6247.FLC
c:\users\user\VOKYV\R65720.QDZ
c:\users\user\VOKYV\R69970.SFV
c:\users\user\VOKYV\R91522.TUV
c:\users\user\VOKYV\R96308.LMD
c:\users\user\VOKYV\S2474.BOF
c:\users\user\VOKYV\S29237.JZK
c:\users\user\VOKYV\S32490.TUU
c:\users\user\VOKYV\S35632.WBY
c:\users\user\VOKYV\S41221.XGW
c:\users\user\VOKYV\S51400.UIW
c:\users\user\VOKYV\S5279.FMB
c:\users\user\VOKYV\S70558.BTF
c:\users\user\VOKYV\S84119.NCF
c:\users\user\VOKYV\settings.ini
c:\users\user\VOKYV\setup.vbs
c:\users\user\VOKYV\start.cmd
c:\users\user\VOKYV\start.vbs
c:\users\user\VOKYV\T26912.INK
c:\users\user\VOKYV\T28086.XQZ
c:\users\user\VOKYV\T30795.LAK
c:\users\user\VOKYV\T34361.PTI
c:\users\user\VOKYV\T43787.DVS
c:\users\user\VOKYV\T67574.OCB
c:\users\user\VOKYV\T83996.HIA
c:\users\user\VOKYV\T95213.KVZ
c:\users\user\VOKYV\U16865.GBE
c:\users\user\VOKYV\U23929.AMJ
c:\users\user\VOKYV\U24609.KRG
c:\users\user\VOKYV\U26251.EDI
c:\users\user\VOKYV\U29579.ANO
c:\users\user\VOKYV\U31383.FTE
c:\users\user\VOKYV\U3890.AXV
c:\users\user\VOKYV\U49347.PSG
c:\users\user\VOKYV\U5131.TRJ
c:\users\user\VOKYV\U59535.WTT
c:\users\user\VOKYV\U61245.WNG
c:\users\user\VOKYV\V24964.CYS
c:\users\user\VOKYV\V44101.LBW
c:\users\user\VOKYV\V55751.XRD
c:\users\user\VOKYV\V78283.LVG
c:\users\user\VOKYV\V79461.VNA
c:\users\user\VOKYV\V87248.BMD
c:\users\user\VOKYV\W11313.AXP
c:\users\user\VOKYV\W36253.FUD
c:\users\user\VOKYV\W3739.XVK
c:\users\user\VOKYV\W55686.VUE
c:\users\user\VOKYV\W70607.WXQ
c:\users\user\VOKYV\W71453.IUK
c:\users\user\VOKYV\W76591.MQC
c:\users\user\VOKYV\W80018.TOG
c:\users\user\VOKYV\W82055.VCV
c:\users\user\VOKYV\W87840.EUU
c:\users\user\VOKYV\W9651.NTB
c:\users\user\VOKYV\W98243.HPO
c:\users\user\VOKYV\X2069.KYE
c:\users\user\VOKYV\X24351.MJG
c:\users\user\VOKYV\X27440.BCR
c:\users\user\VOKYV\X40770.KXX
c:\users\user\VOKYV\X42440.FQK
c:\users\user\VOKYV\X54528.XZG
c:\users\user\VOKYV\X55560.UDZ
c:\users\user\VOKYV\X56739.FJC
c:\users\user\VOKYV\X7931.DOO
c:\users\user\VOKYV\X83972.NOJ
c:\users\user\VOKYV\X85589.PDC
c:\users\user\VOKYV\Y15835.CKQ
c:\users\user\VOKYV\Y16248.UHT
c:\users\user\VOKYV\Y24684.CBW
c:\users\user\VOKYV\Y4950.TVG
c:\users\user\VOKYV\Y56352.QOU
c:\users\user\VOKYV\Y69066.TJM
c:\users\user\VOKYV\Y93749.GYM
c:\users\user\VOKYV\Z22280.FAT
c:\users\user\VOKYV\Z24553.NJK
c:\users\user\VOKYV\Z28108.MFH
c:\users\user\VOKYV\Z39872.WEP
c:\users\user\VOKYV\Z49847.AMZ
c:\users\user\VOKYV\Z50399.VTX
c:\users\user\VOKYV\Z5680.GLU
c:\users\user\VOKYV\Z58863.JFU
c:\users\user\VOKYV\Z59384.LDB
c:\users\user\VOKYV\Z80653.IXI
c:\users\user\VOKYV\Z86461.KCU
c:\users\user\VOKYV\Z86875.JLD
c:\users\user\VOKYV\Z96644.REX
c:\users\user\x.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\install
c:\windows\SysWow64\tmpDFC4.tmp
c:\windows\SysWow64\tmpE051.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-02 bis 2014-06-02  ))))))))))))))))))))))))))))))
.
.
2014-06-02 06:17 . 2014-06-02 06:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-01 19:13 . 2014-06-01 19:15	--------	d-----w-	C:\FRST
2014-06-01 17:59 . 2014-06-01 17:59	--------	d-----w-	c:\program files\CCleaner
2014-06-01 16:44 . 2014-06-01 16:44	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{43E1AC72-7C34-477D-BC20-C841CB2CEBF6}\offreg.dll
2014-05-31 09:49 . 2014-05-31 09:49	--------	d-----w-	c:\users\user\AppData\Roaming\AVAST Software
2014-05-31 09:41 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-31 09:40 . 2014-05-31 09:43	--------	d-----w-	C:\AdwCleaner
2014-05-31 09:36 . 2014-05-31 10:07	85328	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-05-31 09:36 . 2014-05-31 09:36	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-05-31 09:36 . 2014-05-31 09:36	43152	----a-w-	c:\windows\avastSS.scr
2014-05-30 07:51 . 2014-04-30 23:20	10702536	---ha-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{43E1AC72-7C34-477D-BC20-C841CB2CEBF6}\mpengine.dll
2014-05-26 19:00 . 2014-05-26 19:00	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-05-24 01:11 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32_backup_wti.dll
2014-05-24 01:11 . 2011-07-05 02:00	1857536	----a-w-	c:\windows\system32\ExplorerFrame_backup_wti.dll
2014-05-24 01:11 . 2010-11-20 13:27	898560	----a-w-	c:\windows\system32\OobeFldr_backup_wti.dll
2014-05-24 00:24 . 2014-05-24 00:24	--------	d-----w-	c:\users\user\AppData\Local\mfbot.de
2014-05-23 18:09 . 2014-05-23 18:09	--------	d-----w-	c:\users\TEMP.IIS APPPOOL.007
2014-05-23 18:09 . 2014-05-23 18:09	--------	d-----w-	c:\users\TEMP.IIS APPPOOL.006
2014-05-23 17:20 . 2014-05-23 17:20	--------	d-----w-	c:\users\TEMP.IIS APPPOOL.005
2014-05-20 19:17 . 2014-04-14 18:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-18 00:45 . 2014-05-18 00:35	--------	d-----w-	C:\images_gui
2014-05-17 23:43 . 2014-05-17 23:43	--------	d-----w-	c:\users\TEMP.IIS APPPOOL.004
2014-05-17 23:42 . 2014-05-17 23:42	--------	d-----w-	c:\users\TEMP.IIS APPPOOL.003
2014-05-17 21:03 . 2014-05-17 21:03	--------	d-----w-	c:\users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 19:57 . 2014-05-18 22:36	207008	---ha-w-	c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2014-05-17 11:08 . 2013-04-30 17:18	14136	----a-w-	c:\windows\system32\drivers\hidkmdf.sys
2014-05-17 10:01 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-17 10:01 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-17 10:01 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-17 10:01 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-15 11:04 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-05-13 21:29 . 2014-05-13 21:29	17938608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-05-06 17:48 . 2014-04-21 22:30	1796888	----a-w-	c:\windows\system32\Wintab32.dll
2014-05-06 14:02 . 2014-05-06 14:02	--------	d-----w-	c:\users\Administrator
2014-05-04 10:24 . 2014-03-04 11:32	599840	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-05-04 10:11 . 2014-03-21 19:43	40392	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-05-04 10:11 . 2014-03-21 19:43	33568	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-05-03 08:20 . 2014-05-03 08:20	--------	d-----w-	c:\users\TEMP.IIS APPPOOL.002
2014-05-03 08:20 . 2014-05-03 08:20	--------	d-----w-	c:\users\TEMP.IIS APPPOOL.001
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-01 16:37 . 2012-02-27 16:59	4194304	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-05-31 10:07 . 2012-10-06 21:11	423240	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-05-31 10:07 . 2012-10-06 21:11	1039096	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-05-31 09:36 . 2013-03-10 15:07	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-05-31 09:36 . 2013-03-10 15:07	208416	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-05-31 09:36 . 2012-10-06 21:11	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-05-31 09:36 . 2012-10-06 21:10	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-05-31 09:36 . 2012-10-06 21:10	334648	----a-w-	c:\windows\system32\aswBoot.exe
2014-05-24 01:12 . 2013-04-25 20:33	925184	----a-w-	c:\windows\expstart.exe
2014-05-24 01:11 . 2013-04-25 20:40	1566616	----a-w-	c:\windows\UTP.exe
2014-05-18 22:37 . 2013-10-07 22:03	188896	---ha-w-	c:\programdata\Microsoft\VCSExpress\10.0\1031\ResourceCache.dll
2014-05-17 09:56 . 2009-10-14 05:12	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-13 21:29 . 2012-06-14 20:33	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-13 21:29 . 2012-01-16 12:37	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-02 13:27 . 2014-04-06 23:45	1081112	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-04-02 13:27 . 2014-04-06 23:45	1225920	----a-w-	c:\windows\system32\nvspcap64.dll
2014-03-31 07:35 . 2009-10-14 05:13	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-21 19:43 . 2013-07-30 17:04	37320	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-03-06 09:31 . 2014-04-10 06:58	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-10 06:58	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-10 06:58	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-10 06:58	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-10 06:58	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-10 06:58	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-10 06:58	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-10 06:58	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-10 06:58	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-10 06:58	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-10 06:58	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-10 06:58	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-10 06:58	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-10 06:58	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-10 06:58	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-10 06:58	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-10 06:58	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-10 06:58	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-10 06:58	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-10 06:58	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-10 06:58	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-10 06:58	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-10 06:58	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-10 06:58	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-10 06:58	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-10 06:58	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-10 06:58	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-10 06:58	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-10 06:58	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-10 06:58	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-10 06:58	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-10 06:58	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-10 06:58	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 14:35 . 2013-09-25 13:34	31474976	----a-w-	c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2013-02-25 22:32	18302384	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2012-10-06 15:07	2715264	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2012-10-06 15:07	14709720	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2012-02-09 20:43	947808	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2012-01-07 22:59	3093280	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-04 13:06 . 2012-01-07 23:00	6714312	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2012-01-07 23:00	3497816	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2012-01-07 23:00	922968	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2012-01-07 23:00	64968	----a-w-	c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2012-01-07 23:00	2558808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2012-01-07 23:00	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2012-10-06 15:09	3649185	----a-w-	c:\windows\system32\nvcoproc.bin
2014-03-04 09:44 . 2014-04-09 07:27	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 07:27	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 07:27	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 07:27	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 07:27	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 07:27	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 07:27	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 07:27	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 07:27	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 07:27	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 07:27	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-05-29 1754816]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"puush"="c:\program files (x86)\puush\puush.exe" [2013-09-29 567880]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"Spotify"="c:\users\user\AppData\Roaming\Spotify\spotify.exe" [2014-05-15 6170168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-02-22 3019376]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-01-07 4942336]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-31 3888648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\program files (x86)\brother\controlcenter3\brctrcensrv.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R2 Mikogo-Service;Mikogo-Service;c:\users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe;c:\users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe [x]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 21:29]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 17:21]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 17:21]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 13:24]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 13:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-31 09:36	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-REGETDI - c:\users\user\AppData\Roaming\install\SysMain.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Win32 Update - c:\users\user\Documents\DCSCMIN\IMDCSC.exe
Wow6432Node-HKLM-Run-MicroUpdate - c:\users\Public\Documents\MSDCSC\msdcsc.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{IG2C70I7-O1T4-1I30-8K40-2178DUXG84ID} - c:\users\user\AppData\Roaming\install\SysMain.exe
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-MTA:SA 1.3 - c:\program files (x86)\Rockstar Games\GTA San Andreas\Uninstall.exe
AddRemove-New Great Effects 1.6 Uninstall - c:\users\user\Desktop\NGE_Uninstall.exe
AddRemove-XFastUsb - c:\program files (x86)\XFastUsb\Uninstall.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{5221D5D2-DCDA-E277-6C6A-8842C55305F7} - c:\progra~3\INSTAL~2\{449BF~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2406318905-1240849825-252203313-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:8b,4c,44,e8,1d,7b,86,a6,23,0f,2e,27,f5,4e,3a,85,cb,64,f9,91,52,
   ba,be,ac,87,15,7f,6b,e2,ca,b1,da,5c,97,db,38,a3,33,c7,98,b6,b2,73,7e,8f,1e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_USERS\S-1-5-21-2406318905-1240849825-252203313-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAwgqKlVb7PEy+6OsXbJQdJwAAAAACAAAAAAAQZgAAAAEAACAAAACftB1p9mMqFawwpI3I5MxTvGA4OPxR9FoK7GoO0xgGxgAAAAAOgAAAAAIAACAAAACE95yuSuTkDu81bLzzKih27WEbqrEJ84s5WsC5iDJ8ThAAAACFFo/uc67YGQIXK/JvNFYtQAAAABCoq110ORYttr/0Ah4eS5qmwP59eLpAcy+Im98KCNfNkKht1qYOwcveuMIebQxwz/fLl0DYYCwtqoMmuGKBMp8="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAwPDHhSVYRUW7/D2THn5sdwAAAAACAAAAAAAQZgAAAAEAACAAAAAtPUBBVPzDMyr7wGeSbLjEbt+7d1/nkvNNSU1HL9lDaAAAAAAOgAAAAAIAACAAAAAo0tnlbRUZP7fgWmvMve5KL852gQn1IqdTRF6ccIDr1yAAAABJPxdw0TcXxxcrBpb+NiDI3Pi8/5jNNfjQb8TXR2+pc0AAAAAq6VQwG0LeL690NMbUBncW72w1kI+YkTC4z6/gn5SzoClahL2TIVBly/cQUbusko4IWqhWpSACCtZccPZWGAvT"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAwgqKlVb7PEy+6OsXbJQdJwAAAAACAAAAAAAQZgAAAAEAACAAAAA14nTAZQC+XYA7kDHugVMSdYqRVVD9DOWx9K5VfVEJdAAAAAAOgAAAAAIAACAAAACaWjuNQqjxGq4t17OvkXGmUAgmXeaBZ/1cMcc3TxIZIBAAAABQryP3QpOTVDSo1rEgcYdTQAAAANE6tR7LyONkDb273E1yU0YjHVb5LcuzrYmnBCrPqaG8Zknxm2v20iD/t3dPTfsV0wwacU1Qk7dx8RyR8/C1Uyo="
.
[HKEY_USERS\S-1-5-21-2406318905-1240849825-252203313-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):60,ac,43,d4,83,32,d1,08
"DeltaClock"=hex(b):a2,47,73,ff,ff,ff,ff,ff
"LastNtpServer"="time-a.nist.gov"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-02  08:21:57
ComboFix-quarantined-files.txt  2014-06-02 06:21
.
Vor Suchlauf: 17 Verzeichnis(se), 28.011.679.744 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 43.604.459.520 Bytes frei
.
- - End Of File - - 810A1309605DDEE5DA39799B0843BCCE
A36C5E4F47E84449FF07ED3517B43A31

deeprybka · 02.06.2014, 07:26

OK, gut gemacht. Weitere Anweisungen folgen....

Stan_ · 02.06.2014, 07:41

Ich bedanke mich schon mal für die bisherige Hilfe.
Weitere Infos: Der Prozess der UserLayoutOne.exe war nach dem Neustart nicht mehr vorhanden, in CCleaner unter Autostart ebenfalls nicht. Ich denke Combofix hat das jetzt erledigt.

Ich warte natürlich noch auf weitere Anweisungen und werde am System nichts verändern.

deeprybka · 02.06.2014, 07:45

Zitat:

Zitat von Stan_

Ich warte natürlich noch auf weitere Anweisungen und werde am System nichts verändern.

Das wäre prima!

Zitat:

Zitat von Stan_

Ich denke Combofix hat das jetzt erledigt.

Ja, deswegen haben wir es auch verwendet. Du hast/hattest auf Deinem PC aber noch ganz andere Malware laufen. Bekommen wir aber schon hin...

deeprybka · 02.06.2014, 07:56

Weiter geht's so....

Schritt 1

Malwarebytes Antimalware

Download-Link
Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

Bitte starte FRST erneut und drücke auf Scan.

Stan_ · 02.06.2014, 08:29

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.06.2014
Suchlauf-Zeit: 09:04:22
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.02.03
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: user

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 478232
Verstrichene Zeit: 21 Min, 34 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.2, In Quarantäne, [54bbea6a2d4e33032696c1df0df58a76], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 3
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[65aa8acabac16fc7b119bda3a95b926e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Gut: (0), Schlecht: (1),Ersetzt,[42cdb79d6c0f3bfb9fecf368dd2749b7]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Gut: (0), Schlecht: (1),Ersetzt,[3bd4e76dbebdaf87f19c62f9c73d3ac6]

Ordner: 7
PUP.Optional.PriceGong.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [ac63f262afcc3600c385b8c7669c3dc3], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 

Dateien: 13
PUP.Optional.Spigot.A, C:\ProgramData\YTD Video Downloader\ytd_installer.exe, In Quarantäne, [d837ec6887f4d5613a459c8aaa5641bf], 
Backdoor.Agent.DC, C:\Windows\SysWOW64\DCSCMIN\IMDCSC.exe, In Quarantäne, [3cd394c0572439fdbf669de1bb489868], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\manifest.json, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\pg_background.html, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\html_comp.js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\pg_page_injected_script.js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\pg_tab_wrapper.js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.html, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins\npPriceGong_CH.dll, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_128.png, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_16.png, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_48.png, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Malware Schutz etc. war wegen Combofix deaktiviert, wieder aktiviert.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by user (administrator) on STANS-PC on 02-06-2014 09:29:57
Running from C:\Users\user\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
() C:\Program Files (x86)\puush\puush.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-08] (FNet Co., Ltd.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-31] (AVAST Software)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files (x86)\brother\controlcenter3\brctrcensrv.exe, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-29] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB4A034104DDECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4CA0C149-4213-4B04-B3CA-76141F79093B} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6EC98539-C975-41B0-8D84-967EBD599058} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {A31EAB68-FEA5-4C79-903F-9CB11BCA86E9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2015C8D4-8534-48DB-B5FB-5C76291F080C} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\staged [2014-05-25]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-10]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-06]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR HKLM-x32\...\Chrome\Extension: [neibkbfmjpkenkbjpajgfkedjaehefnc] - C:\ProgramData\DownloadnSave\neibkbfmjpkenkbjpajgfkedjaehefnc.crx []
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 Mikogo-Service; C:\Users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-01-08] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-08] (FNet Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 09:01 - 2014-06-02 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 09:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 09:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 08:59 - 2014-06-02 09:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 08:32 - 2014-06-02 08:32 - 00001208 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-02 08:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 08:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 08:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 08:03 - 2014-06-02 08:22 - 00000000 ____D () C:\Qoobox
2014-06-02 08:03 - 2014-06-02 08:20 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-02 08:00 - 2014-06-02 08:01 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-01 21:14 - 2014-06-02 09:29 - 00020532 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-01 21:14 - 2014-06-01 21:15 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-01 21:13 - 2014-06-02 09:29 - 00000000 ____D () C:\FRST
2014-06-01 21:11 - 2014-06-01 21:11 - 02067456 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 19:33 - 2014-06-01 19:33 - 23681945 _____ () C:\Users\user\Desktop\UserLayoutOne.rar
2014-06-01 18:42 - 2014-06-01 18:42 - 00001208 _____ () C:\Windows\collectionCache.bnk
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-31 11:40 - 2014-05-31 11:43 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 12:07 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-27 13:48 - 2014-06-01 17:13 - 583307911 _____ () C:\Windows\MEMORY.DMP
2014-05-27 12:49 - 2014-06-02 08:16 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-05-25 00:01 - 2014-05-25 00:01 - 81471565 _____ () C:\Users\user\Desktop\UserLayoutOne.DMP
2014-05-24 03:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32_backup_wti.dll
2014-05-24 03:11 - 2011-07-05 04:00 - 01857536 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame_backup_wti.dll
2014-05-24 03:11 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr_backup_wti.dll
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-23 20:09 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 20:09 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\Google
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-20 21:17 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-20 21:17 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-20 21:17 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-20 21:17 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-20 21:16 - 2014-05-20 21:17 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-18 02:45 - 2014-05-18 02:35 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:43 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\Google
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 13:08 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-05-17 12:01 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 12:01 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 12:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 12:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 23:46 - 2014-06-01 19:14 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-05-15 23:46 - 2014-05-19 00:37 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-15 13:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:03 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:03 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:03 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:03 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:03 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:03 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:03 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-12 16:04 - 2014-05-12 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 16:02 - 2014-05-03 22:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 16:02 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-06 16:02 - 2013-10-09 00:20 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010
2014-05-06 16:02 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-06 16:02 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-04 12:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-04 12:18 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-04 12:18 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-05-04 12:18 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-04 12:18 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-04 12:11 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-04 12:11 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001

==================== One Month Modified Files and Folders =======

2014-06-02 09:30 - 2014-06-01 21:14 - 00020532 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-02 09:30 - 2012-01-08 00:36 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-02 09:29 - 2014-06-01 21:13 - 00000000 ____D () C:\FRST
2014-06-02 09:29 - 2012-01-16 14:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-06-02 09:28 - 2012-06-14 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 09:27 - 2014-02-25 16:22 - 00000000 ___HD () C:\ProgramData\YTD Video Downloader
2014-06-02 09:27 - 2013-06-28 23:08 - 00000000 ____D () C:\Windows\SysWOW64\DCSCMIN
2014-06-02 09:04 - 2014-06-02 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 09:00 - 2014-06-02 08:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 08:44 - 2012-01-16 15:24 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job
2014-06-02 08:36 - 2012-01-08 00:38 - 01758778 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 08:34 - 2012-06-03 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-06-02 08:34 - 2012-03-05 19:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 08:32 - 2014-06-02 08:32 - 00001208 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-02 08:30 - 2012-10-06 23:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-02 08:30 - 2012-03-02 21:25 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 08:30 - 2009-07-14 06:51 - 00150358 _____ () C:\Windows\setupact.log
2014-06-02 08:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-02 08:28 - 2013-04-24 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-02 08:28 - 2012-03-05 19:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 08:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 08:26 - 2012-01-12 14:38 - 01782054 _____ () C:\Windows\PFRO.log
2014-06-02 08:26 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA
2014-06-02 08:22 - 2014-06-02 08:03 - 00000000 ____D () C:\Qoobox
2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-02 08:21 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-06-02 08:20 - 2014-06-02 08:03 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 08:19 - 2009-07-14 04:34 - 00000312 _____ () C:\Windows\system.ini
2014-06-02 08:16 - 2014-05-27 12:49 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-06-02 08:16 - 2013-05-16 12:45 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 08:16 - 2012-01-20 20:51 - 00000000 __SHD () C:\Users\user\Documents\MSDCSC
2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-02 08:01 - 2014-06-02 08:00 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-02 07:23 - 2012-06-03 19:57 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-06-01 23:44 - 2012-01-16 15:24 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job
2014-06-01 21:15 - 2014-06-01 21:14 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-01 21:11 - 2014-06-01 21:11 - 02067456 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 19:58 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 19:58 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 19:55 - 2014-04-29 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\WTablet
2014-06-01 19:33 - 2014-06-01 19:33 - 23681945 _____ () C:\Users\user\Desktop\UserLayoutOne.rar
2014-06-01 19:14 - 2014-05-15 23:46 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-06-01 18:50 - 2014-04-25 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-01 18:42 - 2014-06-01 18:42 - 00001208 _____ () C:\Windows\collectionCache.bnk
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-06-01 17:57 - 2013-10-07 20:57 - 00000000 ___RD () C:\Users\user\Desktop\GTA Mods
2014-06-01 17:54 - 2012-02-24 17:38 - 00000000 ___RD () C:\Users\user\Desktop\Stuff
2014-06-01 17:14 - 2013-06-07 21:53 - 00000000 ____D () C:\Windows\Minidump
2014-06-01 17:13 - 2014-05-27 13:48 - 583307911 _____ () C:\Windows\MEMORY.DMP
2014-06-01 17:02 - 2013-08-08 14:19 - 00000000 ____D () C:\Users\user\Documents\GTA San Andreas User Files
2014-05-31 20:08 - 2013-01-04 19:42 - 00000000 ____D () C:\Users\user\AppData\Local\Mato_Technologies
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 16:02 - 2012-10-28 23:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-05-31 12:22 - 2012-02-26 00:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-05-31 12:07 - 2014-05-31 11:36 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:43 - 2014-05-31 11:40 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-31 11:36 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-31 11:36 - 2012-10-06 23:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-31 11:36 - 2012-10-06 23:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-31 11:31 - 2012-10-06 23:10 - 00000000 ___HD () C:\ProgramData\AVAST Software
2014-05-31 11:30 - 2012-10-06 23:10 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-31 11:27 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-05-31 10:08 - 2012-01-19 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-05-30 01:40 - 2012-01-26 14:48 - 88247296 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-29 16:56 - 2013-09-11 22:23 - 00000000 ____D () C:\Users\user\AppData\Local\fabi.me
2014-05-29 13:22 - 2013-09-25 16:27 - 00000000 ____D () C:\Users\user\Documents\Bewerbungszeug
2014-05-27 14:05 - 2012-02-24 17:59 - 00000000 ___HD () C:\ProgramData\MTA San Andreas All
2014-05-26 21:40 - 2013-04-11 13:37 - 00014336 ___SH () C:\Users\user\AppData\Roaming\Thumbs.db
2014-05-26 21:00 - 2013-03-01 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 21:00 - 2012-01-16 14:09 - 00000000 ___HD () C:\ProgramData\Skype
2014-05-25 00:01 - 2014-05-25 00:01 - 81471565 _____ () C:\Users\user\Desktop\UserLayoutOne.DMP
2014-05-24 03:12 - 2013-04-25 22:33 - 00925184 _____ () C:\Windows\expstart.exe
2014-05-24 03:11 - 2013-04-25 22:40 - 01566616 _____ () C:\Windows\UTP.exe
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-22 22:48 - 2013-01-04 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client
2014-05-20 21:17 - 2014-05-20 21:16 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-20 21:17 - 2012-01-30 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-19 15:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-19 00:37 - 2014-05-15 23:46 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-18 02:35 - 2014-05-18 02:45 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-18 00:12 - 2012-09-28 22:47 - 00000000 ___RD () C:\Users\user\Desktop\GFX Stuff
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 21:56 - 2013-10-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-05-17 18:56 - 2013-08-21 20:33 - 00000000 ____D () C:\Users\user\minecraft
2014-05-17 13:20 - 2012-01-08 00:37 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 13:14 - 2013-10-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 11:58 - 2013-08-15 13:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 11:56 - 2009-10-14 07:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-05-14 14:38 - 2012-06-16 17:28 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 23:29 - 2012-01-16 14:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 16:04 - 2014-05-12 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 07:26 - 2014-06-02 09:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 09:01 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 09:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:26 - 2013-12-22 21:43 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-05-07 13:29 - 2012-03-05 19:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 13:29 - 2012-03-05 19:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 06:40 - 2014-05-17 12:01 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-17 12:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-17 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-17 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:39 - 2012-01-16 15:24 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA
2014-05-05 23:39 - 2012-01-16 15:24 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core
2014-05-04 12:25 - 2012-10-06 17:11 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-04 12:13 - 2014-04-07 01:46 - 00000000 ____D () C:\Users\user\AppData\Local\NVIDIA Corporation
2014-05-03 22:07 - 2013-06-21 13:36 - 00001421 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-03 22:04 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 22:04 - 2012-01-11 20:25 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 22:04 - 2012-01-11 20:25 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001

ZeroAccess:
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}\@

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2012-01-16 15:08] - [2011-02-25 07:30] - 2616320 ____A (Microsoft Corporation) 697651F303443F98F7EC76D4DCAE6789

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 13:58

==================== End Of Log ============================

--- --- ---

Stan_ · 02.06.2014, 08:36

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.06.2014
Suchlauf-Zeit: 09:04:22
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.02.03
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: user

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 478232
Verstrichene Zeit: 21 Min, 34 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.2, In Quarantäne, [54bbea6a2d4e33032696c1df0df58a76], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 3
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[65aa8acabac16fc7b119bda3a95b926e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Gut: (0), Schlecht: (1),Ersetzt,[42cdb79d6c0f3bfb9fecf368dd2749b7]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Gut: (0), Schlecht: (1),Ersetzt,[3bd4e76dbebdaf87f19c62f9c73d3ac6]

Ordner: 7
PUP.Optional.PriceGong.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [ac63f262afcc3600c385b8c7669c3dc3], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 

Dateien: 13
PUP.Optional.Spigot.A, C:\ProgramData\YTD Video Downloader\ytd_installer.exe, In Quarantäne, [d837ec6887f4d5613a459c8aaa5641bf], 
Backdoor.Agent.DC, C:\Windows\SysWOW64\DCSCMIN\IMDCSC.exe, In Quarantäne, [3cd394c0572439fdbf669de1bb489868], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\manifest.json, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\pg_background.html, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\html_comp.js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\pg_page_injected_script.js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\pg_tab_wrapper.js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.html, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.js, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins\npPriceGong_CH.dll, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_128.png, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_16.png, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 
PUP.Optional.PriceGong.A, C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_48.png, In Quarantäne, [ad623e16e6952d09c2868af5b34f0cf4], 

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by user (administrator) on STANS-PC on 02-06-2014 09:34:57
Running from C:\Users\user\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
() C:\Program Files (x86)\puush\puush.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-22] (VIA)
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-08] (FNet Co., Ltd.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-31] (AVAST Software)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files (x86)\brother\controlcenter3\brctrcensrv.exe, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-09-29] ()
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2406318905-1240849825-252203313-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-15] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB4A034104DDECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4CA0C149-4213-4B04-B3CA-76141F79093B} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6EC98539-C975-41B0-8D84-967EBD599058} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {A31EAB68-FEA5-4C79-903F-9CB11BCA86E9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2015C8D4-8534-48DB-B5FB-5C76291F080C} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\staged [2014-05-25]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-10]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4102exwr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-06]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR HKLM-x32\...\Chrome\Extension: [neibkbfmjpkenkbjpajgfkedjaehefnc] - C:\ProgramData\DownloadnSave\neibkbfmjpkenkbjpajgfkedjaehefnc.crx []
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\user\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 Mikogo-Service; C:\Users\user\AppData\Roaming\Mikogo\Mikogo-Service.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-01-08] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-08] (FNet Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 09:01 - 2014-06-02 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 09:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 09:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 08:59 - 2014-06-02 09:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 08:32 - 2014-06-02 08:32 - 00001208 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-02 08:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 08:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 08:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 08:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 08:03 - 2014-06-02 08:22 - 00000000 ____D () C:\Qoobox
2014-06-02 08:03 - 2014-06-02 08:20 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-02 08:00 - 2014-06-02 08:01 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-01 21:14 - 2014-06-02 09:34 - 00020372 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-01 21:14 - 2014-06-01 21:15 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-01 21:13 - 2014-06-02 09:34 - 00000000 ____D () C:\FRST
2014-06-01 21:11 - 2014-06-01 21:11 - 02067456 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 19:33 - 2014-06-01 19:33 - 23681945 _____ () C:\Users\user\Desktop\UserLayoutOne.rar
2014-06-01 18:42 - 2014-06-01 18:42 - 00001208 _____ () C:\Windows\collectionCache.bnk
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-31 11:40 - 2014-05-31 11:43 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 12:07 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-27 13:48 - 2014-06-01 17:13 - 583307911 _____ () C:\Windows\MEMORY.DMP
2014-05-27 12:49 - 2014-06-02 08:16 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-05-25 00:01 - 2014-05-25 00:01 - 81471565 _____ () C:\Users\user\Desktop\UserLayoutOne.DMP
2014-05-24 03:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32_backup_wti.dll
2014-05-24 03:11 - 2011-07-05 04:00 - 01857536 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame_backup_wti.dll
2014-05-24 03:11 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr_backup_wti.dll
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-23 20:09 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 20:09 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\Google
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-20 21:17 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-20 21:17 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-20 21:17 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-20 21:17 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-20 21:16 - 2014-05-20 21:17 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-18 02:45 - 2014-05-18 02:35 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:43 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\Google
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 13:08 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-05-17 12:01 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 12:01 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 12:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 12:01 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 12:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 23:46 - 2014-06-01 19:14 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-05-15 23:46 - 2014-05-19 00:37 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-15 13:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:03 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:03 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:03 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:03 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:03 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:03 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:03 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:03 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:03 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:03 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:03 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:03 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-12 16:04 - 2014-05-12 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 16:02 - 2014-05-03 22:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 16:02 - 2013-12-14 02:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-06 16:02 - 2013-10-09 00:20 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010
2014-05-06 16:02 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-06 16:02 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-04 12:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-04 12:18 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-04 12:18 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-04 12:18 - 2014-03-04 16:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-05-04 12:18 - 2013-11-28 15:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-04 12:18 - 2013-11-28 15:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-04 12:11 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-04 12:11 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001

==================== One Month Modified Files and Folders =======

2014-06-02 09:35 - 2014-06-01 21:14 - 00020372 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-02 09:35 - 2012-01-08 00:36 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-02 09:34 - 2014-06-01 21:13 - 00000000 ____D () C:\FRST
2014-06-02 09:34 - 2012-03-05 19:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 09:29 - 2012-01-16 14:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-06-02 09:28 - 2012-06-14 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 09:27 - 2014-02-25 16:22 - 00000000 ___HD () C:\ProgramData\YTD Video Downloader
2014-06-02 09:27 - 2013-06-28 23:08 - 00000000 ____D () C:\Windows\SysWOW64\DCSCMIN
2014-06-02 09:04 - 2014-06-02 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 09:01 - 2014-06-02 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 09:01 - 2014-06-02 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 09:00 - 2014-06-02 08:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 08:44 - 2012-01-16 15:24 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA.job
2014-06-02 08:36 - 2012-01-08 00:38 - 01775259 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 08:34 - 2012-06-03 19:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-06-02 08:32 - 2014-06-02 08:32 - 00001208 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-02 08:30 - 2012-10-06 23:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-02 08:30 - 2012-03-02 21:25 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 08:30 - 2009-07-14 06:51 - 00150358 _____ () C:\Windows\setupact.log
2014-06-02 08:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-02 08:28 - 2013-04-24 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-02 08:28 - 2012-03-05 19:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 08:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 08:26 - 2012-01-12 14:38 - 01782054 _____ () C:\Windows\PFRO.log
2014-06-02 08:26 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA
2014-06-02 08:22 - 2014-06-02 08:03 - 00000000 ____D () C:\Qoobox
2014-06-02 08:21 - 2014-06-02 08:21 - 00049703 _____ () C:\ComboFix.txt
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 08:21 - 2014-06-02 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-02 08:21 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.006
2014-06-02 08:20 - 2014-06-02 08:03 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 08:19 - 2009-07-14 04:34 - 00000312 _____ () C:\Windows\system.ini
2014-06-02 08:16 - 2014-05-27 12:49 - 00000000 ____D () C:\Users\Public\Documents\MSDCSC
2014-06-02 08:16 - 2013-05-16 12:45 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 08:16 - 2012-01-20 20:51 - 00000000 __SHD () C:\Users\user\Documents\MSDCSC
2014-06-02 08:01 - 2014-06-02 08:01 - 05203398 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-02 08:01 - 2014-06-02 08:00 - 05203398 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-02 07:23 - 2012-06-03 19:57 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-06-01 23:44 - 2012-01-16 15:24 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core.job
2014-06-01 21:15 - 2014-06-01 21:14 - 00040504 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-01 21:11 - 2014-06-01 21:11 - 02067456 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-06-01 19:59 - 2014-06-01 19:59 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 19:59 - 2014-06-01 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 19:58 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 19:58 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 19:55 - 2014-04-29 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\WTablet
2014-06-01 19:33 - 2014-06-01 19:33 - 23681945 _____ () C:\Users\user\Desktop\UserLayoutOne.rar
2014-06-01 19:14 - 2014-05-15 23:46 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2010
2014-06-01 18:50 - 2014-04-25 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-01 18:42 - 2014-06-01 18:42 - 00001208 _____ () C:\Windows\collectionCache.bnk
2014-06-01 18:07 - 2014-06-01 18:07 - 00002928 _____ () C:\Windows\System32\Tasks\{44DD2D46-375A-499B-8A4E-B6B9A604D303}
2014-06-01 17:57 - 2013-10-07 20:57 - 00000000 ___RD () C:\Users\user\Desktop\GTA Mods
2014-06-01 17:54 - 2012-02-24 17:38 - 00000000 ___RD () C:\Users\user\Desktop\Stuff
2014-06-01 17:14 - 2013-06-07 21:53 - 00000000 ____D () C:\Windows\Minidump
2014-06-01 17:13 - 2014-05-27 13:48 - 583307911 _____ () C:\Windows\MEMORY.DMP
2014-06-01 17:02 - 2013-08-08 14:19 - 00000000 ____D () C:\Users\user\Documents\GTA San Andreas User Files
2014-05-31 20:08 - 2013-01-04 19:42 - 00000000 ____D () C:\Users\user\AppData\Local\Mato_Technologies
2014-05-31 19:22 - 2014-05-31 19:22 - 00003132 _____ () C:\Windows\System32\Tasks\{D6D44D57-77E6-4CEB-9E24-C0BFC2337A46}
2014-05-31 16:02 - 2012-10-28 23:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-05-31 12:22 - 2012-02-26 00:07 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-05-31 12:07 - 2014-05-31 11:36 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-31 12:07 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-31 11:49 - 2014-05-31 11:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-05-31 11:43 - 2014-05-31 11:40 - 00000000 ____D () C:\AdwCleaner
2014-05-31 11:36 - 2014-05-31 11:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-31 11:36 - 2014-05-31 11:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-31 11:36 - 2013-03-10 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-31 11:36 - 2012-10-06 23:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401530828817
2014-05-31 11:36 - 2012-10-06 23:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-31 11:36 - 2012-10-06 23:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-31 11:36 - 2012-10-06 23:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-31 11:31 - 2012-10-06 23:10 - 00000000 ___HD () C:\ProgramData\AVAST Software
2014-05-31 11:30 - 2012-10-06 23:10 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-31 11:27 - 2012-09-11 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-05-31 10:08 - 2012-01-19 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-05-30 01:40 - 2012-01-26 14:48 - 88247296 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-05-29 17:31 - 2014-05-29 17:31 - 00000000 _____ () C:\dfu.log
2014-05-29 16:56 - 2013-09-11 22:23 - 00000000 ____D () C:\Users\user\AppData\Local\fabi.me
2014-05-29 13:22 - 2013-09-25 16:27 - 00000000 ____D () C:\Users\user\Documents\Bewerbungszeug
2014-05-27 14:05 - 2012-02-24 17:59 - 00000000 ___HD () C:\ProgramData\MTA San Andreas All
2014-05-26 21:40 - 2013-04-11 13:37 - 00014336 ___SH () C:\Users\user\AppData\Roaming\Thumbs.db
2014-05-26 21:00 - 2013-03-01 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 21:00 - 2012-01-16 14:09 - 00000000 ___HD () C:\ProgramData\Skype
2014-05-25 00:01 - 2014-05-25 00:01 - 81471565 _____ () C:\Users\user\Desktop\UserLayoutOne.DMP
2014-05-24 03:12 - 2013-04-25 22:33 - 00925184 _____ () C:\Windows\expstart.exe
2014-05-24 03:11 - 2013-04-25 22:40 - 01566616 _____ () C:\Windows\UTP.exe
2014-05-24 02:24 - 2014-05-24 02:24 - 00000000 ____D () C:\Users\user\AppData\Local\mfbot.de
2014-05-23 20:09 - 2014-05-23 20:09 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.007
2014-05-23 19:29 - 2014-05-23 19:29 - 00558464 _____ () C:\Windows\Minidump\052314-41823-01.dmp
2014-05-23 19:20 - 2014-05-23 19:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.005
2014-05-22 22:48 - 2013-01-04 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client
2014-05-20 21:17 - 2014-05-20 21:16 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-20 21:17 - 2012-01-30 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-19 15:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-19 00:37 - 2014-05-15 23:46 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-05-18 02:35 - 2014-05-18 02:45 - 00000000 ____D () C:\images_gui
2014-05-18 01:43 - 2014-05-18 01:43 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.004
2014-05-18 01:42 - 2014-05-18 01:42 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.003
2014-05-18 00:12 - 2012-09-28 22:47 - 00000000 ___RD () C:\Users\user\Desktop\GFX Stuff
2014-05-17 23:03 - 2014-05-17 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft Corporation
2014-05-17 21:56 - 2013-10-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-05-17 18:56 - 2013-08-21 20:33 - 00000000 ____D () C:\Users\user\minecraft
2014-05-17 13:20 - 2012-01-08 00:37 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 13:14 - 2013-10-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 11:58 - 2013-08-15 13:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 11:56 - 2009-10-14 07:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-05-14 14:38 - 2012-06-16 17:28 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-05-13 23:29 - 2014-05-13 23:29 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 23:29 - 2012-06-14 22:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 23:29 - 2012-01-16 14:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 16:04 - 2014-05-12 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 07:26 - 2014-06-02 09:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 09:01 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 09:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:26 - 2013-12-22 21:43 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-05-07 13:29 - 2012-03-05 19:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 13:29 - 2012-03-05 19:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 16:02 - 2014-05-06 16:02 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator
2014-05-06 06:40 - 2014-05-17 12:01 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-17 12:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-17 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-17 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-17 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:39 - 2012-01-16 15:24 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000UA
2014-05-05 23:39 - 2012-01-16 15:24 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2406318905-1240849825-252203313-1000Core
2014-05-04 12:25 - 2012-10-06 17:11 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ___HD () C:\ProgramData\NVIDIA Corporation
2014-05-04 12:25 - 2012-01-08 01:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-04 12:13 - 2014-04-07 01:46 - 00000000 ____D () C:\Users\user\AppData\Local\NVIDIA Corporation
2014-05-03 22:07 - 2013-06-21 13:36 - 00001421 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-03 22:04 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 22:04 - 2012-01-11 20:25 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 22:04 - 2012-01-11 20:25 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.002
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-03 10:20 - 2014-05-03 10:20 - 00000000 ____D () C:\Users\TEMP.IIS APPPOOL.001

ZeroAccess:
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}
C:\Users\user\AppData\Local\{d07a4bff-1acc-ef4b-5437-0786ab909512}\@

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2012-01-16 15:08] - [2011-02-25 07:30] - 2616320 ____A (Microsoft Corporation) 697651F303443F98F7EC76D4DCAE6789

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 13:58

==================== End Of Log ============================

--- --- ---

deeprybka · 02.06.2014, 08:41

Warum zweimal gepostet?

Weitere Anweisungen folgen vermutlich am Nachmittag...

Stan_ · 02.06.2014, 08:43

Tut mir leid, ich hab zuerst nicht bemerkt, dass der Beitrag schon die zweite Seite gebildet hat. Dachte erst er wäre nicht gespeichert worden.

Alles klar, bis später.

deeprybka · 02.06.2014, 12:15

Kein Problem...

Wir machen so weiter....
(Dauert etwas der Scan...

)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

02.06.2014, 07:26	#7
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) OK, gut gemacht. Weitere Anweisungen folgen.... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

02.06.2014, 08:41	#13
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware) Warum zweimal gepostet? Weitere Anweisungen folgen vermutlich am Nachmittag... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)

Plagegeister aller Art und deren Bekämpfung: UserLayoutOne.exe öffnet Werbung im Browser (Spamware, Adware)