http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach

Chris_B · 02.08.2014, 14:32

Hallo,
Heute als ich meinen PC gestartet und Google Chrome geöffnet habe hat sich der Link im Titel mehrmals geöffnet.Selbst nach dem schliesen der Browsers hat sich die Seite immer wieder aufgerufen und ich musste Chrome mit dem Taskmanager beenden. Habe auch schon mehrere Posts darüber gelesen und möchte nun selbst das Problem lösen. Kann mir wer behilflich sein ?

Gruß Chris

cosinus · 02.08.2014, 14:34

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Chris_B · 02.08.2014, 14:44

Also Malwarebytes und Avast haben nichts gefunden.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Christopher (administrator) on CHRISTOPHERPC on 02-08-2014 15:40:56
Running from C:\Users\Christopher\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\frameworks\Steam.exe
(Skillbrains) C:\Users\Christopher\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\tobedeleted\nsg6552.tmp
(TeamSpeak Systems GmbH) C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-07] (AVAST Software)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Google Update] => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-23] (Google Inc.)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\frameworks\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4270640 2013-03-24] ()
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Spotify Web Helper] => C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [LightShot] => C:\Users\Christopher\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\MountPoints2: {16da359a-93dd-11e2-be65-806e6f6e6963} - "D:\autorun.exe" 
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-23] (Google Inc.)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\frameworks\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4270640 2013-03-24] ()
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightShot] => C:\Users\Christopher\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {16da359a-93dd-11e2-be65-806e6f6e6963} - "D:\autorun.exe" 
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=b4e415f5000000000000bc5ff45e1428
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2AC03DE4EC27CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {0ED15134-3AE5-47E3-808D-58C741DCD7C4} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b4e415f5000000000000bc5ff45e1428&r=281
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP4ABCC842-0995-4078-8FA5-03332193FE77&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0ED15134-3AE5-47E3-808D-58C741DCD7C4} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b4e415f5000000000000bc5ff45e1428&r=281
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-02]
FF Extension: Telekom YouTube Turbo - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default\Extensions\info@maltegoetz.de.xpi [2013-04-17]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-04-26]
FF Extension: adblockingfiltersetp - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default\Extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi [2013-04-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-07]

Chrome: 
=======
CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=b4e415f5000000000000bc5ff45e1428
CHR StartupUrls: "https://www.facebook.com/", "hxxp://www.youtube.com/", "hxxp://www.twitch.tv/directory/game/League%20of%20Legends", "hxxp://orteil.dashnet.org/cookieclicker/"
CHR Plugin: (Shockwave Flash) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\Christopher\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-09-15]
CHR Extension: (Google Docs) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-23]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-23]
CHR Extension: (Auto Copy) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg [2013-06-06]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-23]
CHR Extension: (Adblock Plus) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-23]
CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-23]
CHR Extension: (AdBlock) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-22]
CHR Extension: (avast! Online Security) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-08]
CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-07] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [345984 2014-06-30] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-05-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-28] ()
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
R3 GameKB; C:\Windows\system32\drivers\GameKB.sys [31232 2013-10-15] ( )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-02] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 15:40 - 2014-08-02 15:41 - 00000000 ____D () C:\FRST
2014-08-02 15:40 - 2014-08-02 15:40 - 00021685 _____ () C:\Users\Christopher\Downloads\FRST.txt
2014-08-02 15:39 - 2014-08-02 15:39 - 02094080 _____ (Farbar) C:\Users\Christopher\Downloads\FRST64.exe
2014-08-02 01:53 - 2014-08-02 01:53 - 00000000 ____D () C:\Users\Christopher\Downloads\Xenon
2014-08-02 01:50 - 2014-08-02 01:50 - 08956432 _____ () C:\Users\Christopher\Downloads\XenonBuild19.zip
2014-07-30 04:36 - 2014-07-30 04:36 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-07-30 04:36 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-07-30 04:34 - 2014-07-30 04:34 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-30 04:33 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-30 04:33 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00835032 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-07-29 17:32 - 2014-07-29 17:32 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-29 17:31 - 2014-07-29 17:31 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christopher\Downloads\SkypeSetup.exe
2014-07-29 16:34 - 2014-07-25 15:50 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-07-29 16:34 - 2014-07-25 15:50 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-07-28 01:28 - 2014-07-28 01:28 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-28 01:28 - 2014-07-28 01:28 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-26 03:03 - 2014-07-26 03:03 - 00000000 ____D () C:\Users\Christopher\Documents\Lightshot
2014-07-26 03:02 - 2014-08-02 15:41 - 00000428 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001.job
2014-07-26 03:02 - 2014-08-02 04:38 - 00000428 _____ () C:\WINDOWS\Tasks\update-sys.job
2014-07-26 03:02 - 2014-07-26 03:02 - 00003298 _____ () C:\WINDOWS\System32\Tasks\update-sys
2014-07-26 03:02 - 2014-07-26 03:02 - 00003288 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001
2014-07-26 03:02 - 2014-07-26 03:02 - 00000448 _____ () C:\Users\Christopher\AppData\Local\UserProducts.xml
2014-07-26 03:02 - 2014-07-26 03:02 - 00000003 _____ () C:\Users\Christopher\AppData\Local\updater.log
2014-07-26 03:02 - 2014-07-26 03:02 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-07-26 03:02 - 2014-07-26 03:02 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skillbrains
2014-07-26 03:02 - 2014-07-26 03:02 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-07-26 02:54 - 2014-07-26 02:54 - 02273984 _____ (Skillbrains ) C:\Users\Christopher\Downloads\setup-lightshot.exe
2014-07-24 20:24 - 2014-07-26 07:03 - 00000099 _____ () C:\Users\Christopher\Desktop\aswdad.txt
2014-07-23 17:28 - 2014-08-02 15:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 17:28 - 2014-07-23 17:28 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-23 17:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-23 17:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-23 17:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-23 17:26 - 2014-07-23 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 20:21 - 2014-07-18 21:07 - 510321876 _____ () C:\Users\Christopher\Downloads\YGOPro DevPro.zip
2014-07-16 15:45 - 2014-07-16 15:45 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-10 14:11 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 14:11 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 14:11 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 14:11 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 14:11 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 14:11 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 14:11 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 14:11 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 14:11 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 14:11 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 14:11 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 14:11 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 14:11 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 14:11 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 14:11 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 14:10 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 14:10 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 14:10 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 14:10 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 14:10 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 14:10 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 14:10 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 14:10 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 14:10 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 14:10 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 14:10 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 14:10 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 14:10 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 14:10 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 14:10 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 14:10 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 14:10 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 14:10 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 14:10 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 14:10 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 14:10 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 14:10 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 14:10 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 14:10 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 14:10 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 14:10 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 14:10 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 14:10 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 14:10 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 14:10 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 14:10 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 14:10 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 14:10 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 14:10 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 14:10 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 14:10 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 14:10 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 14:10 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 14:10 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 14:07 - 2014-07-10 14:07 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 19:28 - 2014-07-08 19:28 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 15:41 - 2014-08-02 15:40 - 00000000 ____D () C:\FRST
2014-08-02 15:41 - 2014-07-26 03:02 - 00000428 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001.job
2014-08-02 15:40 - 2014-08-02 15:40 - 00021685 _____ () C:\Users\Christopher\Downloads\FRST.txt
2014-08-02 15:39 - 2014-08-02 15:39 - 02094080 _____ (Farbar) C:\Users\Christopher\Downloads\FRST64.exe
2014-08-02 15:33 - 2013-09-05 00:34 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype
2014-08-02 15:29 - 2014-05-16 20:02 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9A5BFAE3-A6BE-4A4C-AA6E-CC59D359ADE6}
2014-08-02 15:28 - 2013-03-24 13:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-02 15:26 - 2014-07-23 17:28 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 15:05 - 2013-09-01 20:27 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-02 14:55 - 2013-03-23 19:57 - 00001172 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001UA.job
2014-08-02 14:55 - 2013-03-23 19:34 - 00000000 ___RD () C:\Users\Christopher\Documents\Christopher Brunner
2014-08-02 14:52 - 2013-03-23 19:49 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client
2014-08-02 14:46 - 2013-08-28 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-02 14:46 - 2013-04-17 21:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-02 14:40 - 2013-03-23 19:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2160789074-2075475238-2303539151-1001
2014-08-02 14:34 - 2014-05-09 16:04 - 00000000 __RDO () C:\Users\Christopher\OneDrive
2014-08-02 14:34 - 2013-09-01 20:27 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 05:09 - 2013-08-06 18:41 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Spotify
2014-08-02 05:07 - 2014-05-09 15:23 - 01738995 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-02 04:38 - 2014-07-26 03:02 - 00000428 _____ () C:\WINDOWS\Tasks\update-sys.job
2014-08-02 03:17 - 2013-03-23 22:57 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\.minecraft
2014-08-02 01:53 - 2014-08-02 01:53 - 00000000 ____D () C:\Users\Christopher\Downloads\Xenon
2014-08-02 01:50 - 2014-08-02 01:50 - 08956432 _____ () C:\Users\Christopher\Downloads\XenonBuild19.zip
2014-08-01 23:52 - 2014-05-10 15:58 - 00741376 ___SH () C:\Users\Christopher\Desktop\Thumbs.db
2014-08-01 23:52 - 2013-09-09 13:45 - 00446779 ____H () C:\Users\Christopher\Desktop\Browse.plb
2014-08-01 23:52 - 2013-09-09 13:16 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\PhotoLine
2014-08-01 18:54 - 2013-03-23 19:57 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001Core.job
2014-08-01 11:45 - 2014-05-01 16:22 - 00000224 _____ () C:\Users\Christopher\Desktop\One Piece.txt
2014-07-30 04:36 - 2014-07-30 04:36 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-07-30 04:36 - 2014-05-09 15:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-30 04:36 - 2014-05-09 15:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 04:36 - 2014-02-08 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-30 04:36 - 2013-08-22 16:46 - 00298636 _____ () C:\WINDOWS\setupact.log
2014-07-30 04:34 - 2014-07-30 04:34 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-30 04:34 - 2014-05-09 15:23 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-29 23:05 - 2013-08-06 18:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Spotify
2014-07-29 17:32 - 2014-07-29 17:32 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-29 17:32 - 2013-09-05 00:34 - 00000000 ____D () C:\ProgramData\Skype
2014-07-29 17:31 - 2014-07-29 17:31 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christopher\Downloads\SkypeSetup.exe
2014-07-29 16:34 - 2014-02-08 01:13 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation
2014-07-28 15:30 - 2014-01-07 22:37 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-28 01:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-28 01:28 - 2014-07-28 01:28 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-28 01:28 - 2014-07-28 01:28 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-28 01:28 - 2014-01-07 22:38 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-28 01:28 - 2014-01-07 22:37 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00426848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1406503708562
2014-07-28 01:28 - 2014-01-07 22:37 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-28 01:28 - 2014-01-07 22:37 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-26 15:47 - 2013-03-24 11:49 - 00000000 ____D () C:\Users\Christopher\AppData\Local\PMB Files
2014-07-26 07:03 - 2014-07-24 20:24 - 00000099 _____ () C:\Users\Christopher\Desktop\aswdad.txt
2014-07-26 03:03 - 2014-07-26 03:03 - 00000000 ____D () C:\Users\Christopher\Documents\Lightshot
2014-07-26 03:02 - 2014-07-26 03:02 - 00003298 _____ () C:\WINDOWS\System32\Tasks\update-sys
2014-07-26 03:02 - 2014-07-26 03:02 - 00003288 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001
2014-07-26 03:02 - 2014-07-26 03:02 - 00000448 _____ () C:\Users\Christopher\AppData\Local\UserProducts.xml
2014-07-26 03:02 - 2014-07-26 03:02 - 00000003 _____ () C:\Users\Christopher\AppData\Local\updater.log
2014-07-26 03:02 - 2014-07-26 03:02 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-07-26 03:02 - 2014-07-26 03:02 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skillbrains
2014-07-26 03:02 - 2014-07-26 03:02 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-07-26 02:54 - 2014-07-26 02:54 - 02273984 _____ (Skillbrains ) C:\Users\Christopher\Downloads\setup-lightshot.exe
2014-07-25 15:50 - 2014-07-29 16:34 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-07-25 15:50 - 2014-07-29 16:34 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-07-25 15:50 - 2014-02-08 01:08 - 01283136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-07-25 15:50 - 2014-02-08 01:08 - 01126480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-07-25 00:17 - 2013-06-21 19:56 - 00000000 ____D () C:\ProgramData\Origin
2014-07-24 23:28 - 2013-06-21 19:56 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-24 19:04 - 2013-06-21 19:58 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-23 22:10 - 2014-03-18 11:40 - 00000000 ____D () C:\WINDOWS\SKB
2014-07-23 22:10 - 2014-03-18 03:50 - 00025930 _____ () C:\WINDOWS\PFRO.log
2014-07-23 22:10 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-23 22:09 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-23 17:28 - 2014-07-23 17:28 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-23 17:26 - 2014-07-23 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-19 22:15 - 2013-11-28 20:28 - 00000000 ____D () C:\Users\Christopher\AppData\Local\ArmA 2 OA
2014-07-18 21:07 - 2014-07-18 20:21 - 510321876 _____ () C:\Users\Christopher\Downloads\YGOPro DevPro.zip
2014-07-16 15:45 - 2014-07-16 15:45 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 13:56 - 2013-03-23 19:46 - 00000000 ____D () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client
2014-07-13 05:47 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Christopher
2014-07-12 21:22 - 2014-05-04 02:23 - 00000000 ____D () C:\Users\Christopher\Downloads\authlib
2014-07-11 15:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 14:20 - 2013-08-22 16:44 - 00366528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 14:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 14:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 14:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 17:31 - 2013-07-14 02:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 17:31 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 17:30 - 2013-03-24 22:17 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 17:29 - 2014-03-18 11:40 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 14:07 - 2014-07-10 14:07 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 19:28 - 2014-07-08 19:28 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 19:28 - 2013-03-24 13:57 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Christopher\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Christopher\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Christopher\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Christopher\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Christopher\AppData\Local\Temp\nvStInst.exe
C:\Users\Christopher\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christopher\AppData\Local\Temp\YgoUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-27 03:51

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Christopher at 2014-08-02 15:42:08
Running from C:\Users\Christopher\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version:  - )
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version:  - )
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoHotkey 1.1.09.04 (HKLM\...\AutoHotkey) (Version: 1.1.09.04 - Lexikos)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BlueStacks Notification Center (HKLM-x32\...\{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lightshot-5.1.4.6 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.6 - Skillbrains)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoLine 17.5.5.0 (HKLM\...\PhotoLine_is1) (Version: 17.5.5.0 - Computerinsel GmbH)
Pid  (HKLM-x32\...\Steam App 218740) (Version:  - Might and Delight)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Recorder for Spotify Version 2.0 (HKLM-x32\...\{0C442480-E6A6-4931-8C86-074B9D83A893}_is1) (Version: 2.0 - Manuel)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27252 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

10-07-2014 15:26:57 Windows Update
19-07-2014 15:13:49 Geplanter Prüfpunkt
27-07-2014 23:25:46 avast! antivirus system restore point
29-07-2014 14:34:10 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {338AC061-0229-46D6-9278-BA2375D5E9DF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {384506E5-536D-411F-AAC6-4918A7C1D7CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-28] (AVAST Software)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87B99961-0DAA-41CE-A3B5-C006E78B9837} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {882FB7BB-3A52-47F7-B028-835E3B250EC5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001UA => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {8AF2272E-1AE6-4B30-87ED-FC556825A94D} - System32\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA35CE69-1595-4954-A034-0F20C6A5C6D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {B06559E1-AAB3-437E-9C28-A63A414BEB1E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {BA572663-13D4-4035-9822-A02F4E8EAC86} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CB7349E5-B17C-4339-9A93-46B4B7CD88D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-01] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4C797E2-4C9B-4D04-B1F1-A8D37C7F6E62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-01] (Google Inc.)
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF8E29A8-E8F2-4194-9F70-64231AAC5E71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001Core => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001Core.job => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001UA.job => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2013-08-23 18:22 - 2014-05-25 15:11 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-05-09 15:23 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00173568 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 01080832 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00833024 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2012-10-29 12:08 - 2014-06-25 14:16 - 00102344 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2012-10-29 12:08 - 2014-06-25 14:16 - 00108488 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00030208 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00233984 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2012-10-29 12:08 - 2014-07-15 13:56 - 00563656 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-10 15:20 - 2014-07-15 13:56 - 00579016 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00159232 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-07-23 14:27 - 2014-07-22 20:02 - 02794496 _____ () C:\Program Files\AVAST Software\Avast\defs\14072201\algo.dll
2014-08-01 19:49 - 2014-08-01 19:49 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080101\algo.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-21 22:57 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\frameworks\libavcodec-55.dll
2014-05-21 22:57 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\frameworks\libavformat-55.dll
2014-01-08 15:09 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\frameworks\libavresample-1.dll
2014-04-23 13:09 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\frameworks\libavutil-53.dll
2013-03-12 18:10 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\frameworks\SDL2.dll
2014-05-21 22:57 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\frameworks\video.dll
2014-05-21 22:57 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\frameworks\libswscale-2.dll
2013-03-15 18:29 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\frameworks\bin\chromehtml.DLL
2013-03-14 22:19 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\frameworks\bin\libcef.dll
2014-01-07 22:37 - 2014-01-07 22:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-28 16:56 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Christopher\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKCU\...\StartupApproved\Run: => "Pando Media Booster"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 02:35:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 36.0.1985.125 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 213c

Startzeit: 01cfae4e40c8e9ed

Endzeit: 4294967295

Anwendungspfad: C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe

Berichts-ID: 84e131af-1a41-11e4-beac-bc5ff45e1428

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/01/2014 05:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (08/01/2014 05:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (08/01/2014 05:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2014 06:05:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1078

Error: (07/31/2014 06:05:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1078

Error: (07/31/2014 06:05:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2014 06:24:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110

Error: (07/31/2014 06:24:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110

Error: (07/31/2014 06:24:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/02/2014 03:23:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CBCOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AEDC87DD-76FF-4156-9E27-8E15AF9B17D4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/01/2014 09:35:32 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CBCOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AEDC87DD-76FF-4156-9E27-8E15AF9B17D4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/01/2014 08:04:34 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CBCOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AEDC87DD-76FF-4156-9E27-8E15AF9B17D4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/01/2014 06:52:31 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CBCOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AEDC87DD-76FF-4156-9E27-8E15AF9B17D4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/01/2014 05:10:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (08/01/2014 04:37:50 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CBCOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AEDC87DD-76FF-4156-9E27-8E15AF9B17D4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/01/2014 02:06:52 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CBCOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AEDC87DD-76FF-4156-9E27-8E15AF9B17D4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/31/2014 07:19:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/31/2014 06:05:23 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/31/2014 06:24:58 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (08/02/2014 02:35:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.125213c01cfae4e40c8e9ed4294967295C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe84e131af-1a41-11e4-beac-bc5ff45e1428

Error: (08/01/2014 05:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (08/01/2014 05:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (08/01/2014 05:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2014 06:05:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1078

Error: (07/31/2014 06:05:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1078

Error: (07/31/2014 06:05:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2014 06:24:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110

Error: (07/31/2014 06:24:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110

Error: (07/31/2014 06:24:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 8087.06 MB
Available physical RAM: 5465.37 MB
Total Pagefile: 9671.06 MB
Available Pagefile: 7091.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:629.36 GB) NTFS
Drive d: (EEARTH) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7D316182)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 02.08.2014, 14:47

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Chris_B · 02.08.2014, 15:27

Code:

ATTFilter

# AdwCleaner v3.302 - Bericht erstellt am 02/08/2014 um 16:03:14
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Christopher - CHRISTOPHERPC
# Gestartet von : C:\Users\Christopher\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Skillbrains
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Users\Christopher\AppData\Local\Skillbrains

***** [ Tasks ] *****

Task Gelöscht : update-sys

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\SkillBrains
Schlüssel Gelöscht : HKLM\Software\SkillBrains
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=b4e415f5000000000000bc5ff45e1428
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [2830 octets] - [02/08/2014 16:01:12]
AdwCleaner[S0].txt - [2503 octets] - [02/08/2014 16:03:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2563 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Christopher on 02.08.2014 at 16:12:18,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ED15134-3AE5-47E3-808D-58C741DCD7C4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\fxvtcbak.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.08.2014 at 16:18:54,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Christopher (administrator) on CHRISTOPHERPC on 02-08-2014 16:23:16
Running from C:\Users\Christopher\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamSpeak Systems GmbH) C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\frameworks\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Google Update] => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-23] (Google Inc.)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\frameworks\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4270640 2013-03-24] ()
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Spotify Web Helper] => C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [LightShot] => C:\Users\Christopher\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2160789074-2075475238-2303539151-1001\...\MountPoints2: {16da359a-93dd-11e2-be65-806e6f6e6963} - "D:\autorun.exe" 
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2AC03DE4EC27CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP4ABCC842-0995-4078-8FA5-03332193FE77&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Telekom YouTube Turbo - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default\Extensions\info@maltegoetz.de.xpi [2013-04-17]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-04-26]
FF Extension: adblockingfiltersetp - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\fxvtcbak.default\Extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi [2013-04-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-07]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "https://www.facebook.com/",
			"hxxp://www.youtube.com/",
			"hxxp://www.twitch.tv/directory/game/League%20of%20Legends",
			"hxxp://orteil.dashnet.org/cookieclicker/"
CHR Plugin: (Shockwave Flash) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christopher\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\Christopher\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-09-15]
CHR Extension: (Google Docs) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-23]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-23]
CHR Extension: (Auto Copy) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg [2013-06-06]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-23]
CHR Extension: (Adblock Plus) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-23]
CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-23]
CHR Extension: (AdBlock) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-22]
CHR Extension: (avast! Online Security) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-08]
CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-28] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [345984 2014-06-30] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-05-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-28] ()
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
R3 GameKB; C:\Windows\system32\drivers\GameKB.sys [31232 2013-10-15] ( )
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-02] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 16:12 - 2014-08-02 16:12 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-02 16:10 - 2014-08-02 16:10 - 01016261 _____ (Thisisu) C:\Users\Christopher\Desktop\JRT.exe
2014-08-02 16:01 - 2014-08-02 16:03 - 00000000 ____D () C:\AdwCleaner
2014-08-02 16:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-02 15:58 - 2014-08-02 15:58 - 01361309 _____ () C:\Users\Christopher\Desktop\adwcleaner_3.302.exe
2014-08-02 15:40 - 2014-08-02 16:23 - 00019406 _____ () C:\Users\Christopher\Desktop\FRST.txt
2014-08-02 15:40 - 2014-08-02 16:23 - 00000000 ____D () C:\FRST
2014-08-02 15:39 - 2014-08-02 15:39 - 02094080 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe
2014-08-02 01:53 - 2014-08-02 01:53 - 00000000 ____D () C:\Users\Christopher\Downloads\Xenon
2014-08-02 01:50 - 2014-08-02 01:50 - 08956432 _____ () C:\Users\Christopher\Downloads\XenonBuild19.zip
2014-07-30 04:36 - 2014-07-30 04:36 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-07-30 04:36 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-07-30 04:34 - 2014-07-30 04:34 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-30 04:33 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-30 04:33 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00835032 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-07-30 04:33 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-07-29 17:32 - 2014-07-29 17:32 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-29 17:31 - 2014-07-29 17:31 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christopher\Downloads\SkypeSetup.exe
2014-07-29 16:34 - 2014-07-25 15:50 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-07-29 16:34 - 2014-07-25 15:50 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-07-28 01:28 - 2014-07-28 01:28 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-28 01:28 - 2014-07-28 01:28 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-26 03:03 - 2014-07-26 03:03 - 00000000 ____D () C:\Users\Christopher\Documents\Lightshot
2014-07-26 03:02 - 2014-08-02 15:41 - 00000428 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001.job
2014-07-26 03:02 - 2014-07-26 03:02 - 00003288 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001
2014-07-26 03:02 - 2014-07-26 03:02 - 00000448 _____ () C:\Users\Christopher\AppData\Local\UserProducts.xml
2014-07-26 03:02 - 2014-07-26 03:02 - 00000003 _____ () C:\Users\Christopher\AppData\Local\updater.log
2014-07-26 03:02 - 2014-07-26 03:02 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-07-26 02:54 - 2014-07-26 02:54 - 02273984 _____ (Skillbrains ) C:\Users\Christopher\Downloads\setup-lightshot.exe
2014-07-24 20:24 - 2014-08-02 16:00 - 00000215 _____ () C:\Users\Christopher\Desktop\aswdad.txt
2014-07-23 17:28 - 2014-08-02 15:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 17:28 - 2014-07-23 17:28 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-23 17:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-23 17:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-23 17:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-23 17:26 - 2014-07-23 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 20:21 - 2014-07-18 21:07 - 510321876 _____ () C:\Users\Christopher\Downloads\YGOPro DevPro.zip
2014-07-16 15:45 - 2014-07-16 15:45 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-10 14:11 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 14:11 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 14:11 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 14:11 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 14:11 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 14:11 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 14:11 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 14:11 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 14:11 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 14:11 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 14:11 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 14:11 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 14:11 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 14:11 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 14:11 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 14:10 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 14:10 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 14:10 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 14:10 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 14:10 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 14:10 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 14:10 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 14:10 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 14:10 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 14:10 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 14:10 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 14:10 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 14:10 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 14:10 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 14:10 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 14:10 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 14:10 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 14:10 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 14:10 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 14:10 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 14:10 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 14:10 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 14:10 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 14:10 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 14:10 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 14:10 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 14:10 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 14:10 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 14:10 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 14:10 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 14:10 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 14:10 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 14:10 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 14:10 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 14:10 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 14:10 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 14:10 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 14:10 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 14:10 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 14:07 - 2014-07-10 14:07 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 19:28 - 2014-07-08 19:28 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 16:23 - 2014-08-02 15:40 - 00019406 _____ () C:\Users\Christopher\Desktop\FRST.txt
2014-08-02 16:23 - 2014-08-02 15:40 - 00000000 ____D () C:\FRST
2014-08-02 16:23 - 2014-05-09 15:23 - 01760251 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-02 16:20 - 2013-03-23 19:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2160789074-2075475238-2303539151-1001
2014-08-02 16:12 - 2014-08-02 16:12 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-02 16:10 - 2014-08-02 16:10 - 01016261 _____ (Thisisu) C:\Users\Christopher\Desktop\JRT.exe
2014-08-02 16:09 - 2014-05-09 16:04 - 00000000 __RDO () C:\Users\Christopher\OneDrive
2014-08-02 16:09 - 2013-09-05 00:34 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype
2014-08-02 16:09 - 2013-04-17 21:46 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Mozilla
2014-08-02 16:08 - 2013-09-01 20:27 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 16:08 - 2013-03-23 19:49 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client
2014-08-02 16:06 - 2014-05-09 15:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-02 16:06 - 2014-03-18 03:50 - 00064934 _____ () C:\WINDOWS\PFRO.log
2014-08-02 16:06 - 2013-08-28 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-02 16:06 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-02 16:06 - 2013-04-17 21:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-02 16:05 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-02 16:04 - 2013-09-01 20:27 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 16:03 - 2014-08-02 16:01 - 00000000 ____D () C:\AdwCleaner
2014-08-02 16:00 - 2014-07-24 20:24 - 00000215 _____ () C:\Users\Christopher\Desktop\aswdad.txt
2014-08-02 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-02 15:58 - 2014-08-02 15:58 - 01361309 _____ () C:\Users\Christopher\Desktop\adwcleaner_3.302.exe
2014-08-02 15:54 - 2013-03-23 19:57 - 00001172 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001UA.job
2014-08-02 15:46 - 2014-05-16 20:02 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9A5BFAE3-A6BE-4A4C-AA6E-CC59D359ADE6}
2014-08-02 15:41 - 2014-07-26 03:02 - 00000428 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001.job
2014-08-02 15:39 - 2014-08-02 15:39 - 02094080 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe
2014-08-02 15:28 - 2013-03-24 13:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-02 15:26 - 2014-07-23 17:28 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 14:55 - 2013-03-23 19:34 - 00000000 ___RD () C:\Users\Christopher\Documents\Christopher Brunner
2014-08-02 05:09 - 2013-08-06 18:41 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Spotify
2014-08-02 03:17 - 2013-03-23 22:57 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\.minecraft
2014-08-02 01:53 - 2014-08-02 01:53 - 00000000 ____D () C:\Users\Christopher\Downloads\Xenon
2014-08-02 01:50 - 2014-08-02 01:50 - 08956432 _____ () C:\Users\Christopher\Downloads\XenonBuild19.zip
2014-08-01 23:52 - 2014-05-10 15:58 - 00741376 ___SH () C:\Users\Christopher\Desktop\Thumbs.db
2014-08-01 23:52 - 2013-09-09 13:45 - 00446779 ____H () C:\Users\Christopher\Desktop\Browse.plb
2014-08-01 23:52 - 2013-09-09 13:16 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\PhotoLine
2014-08-01 18:54 - 2013-03-23 19:57 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001Core.job
2014-08-01 11:45 - 2014-05-01 16:22 - 00000224 _____ () C:\Users\Christopher\Desktop\One Piece.txt
2014-07-30 04:36 - 2014-07-30 04:36 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-07-30 04:36 - 2014-05-09 15:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 04:36 - 2014-02-08 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-30 04:36 - 2013-08-22 16:46 - 00298636 _____ () C:\WINDOWS\setupact.log
2014-07-30 04:34 - 2014-07-30 04:34 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-30 04:34 - 2014-05-09 15:23 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-29 23:05 - 2013-08-06 18:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Spotify
2014-07-29 17:32 - 2014-07-29 17:32 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skype
2014-07-29 17:32 - 2014-07-29 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-29 17:32 - 2013-09-05 00:34 - 00000000 ____D () C:\ProgramData\Skype
2014-07-29 17:31 - 2014-07-29 17:31 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christopher\Downloads\SkypeSetup.exe
2014-07-29 16:34 - 2014-02-08 01:13 - 00000000 ____D () C:\Users\Christopher\AppData\Local\NVIDIA Corporation
2014-07-28 15:30 - 2014-01-07 22:37 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-28 01:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-28 01:28 - 2014-07-28 01:28 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-28 01:28 - 2014-07-28 01:28 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-28 01:28 - 2014-01-07 22:38 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-28 01:28 - 2014-01-07 22:37 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-28 01:28 - 2014-01-07 22:37 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-28 01:28 - 2014-01-07 22:37 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-26 15:47 - 2013-03-24 11:49 - 00000000 ____D () C:\Users\Christopher\AppData\Local\PMB Files
2014-07-26 03:03 - 2014-07-26 03:03 - 00000000 ____D () C:\Users\Christopher\Documents\Lightshot
2014-07-26 03:02 - 2014-07-26 03:02 - 00003288 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001
2014-07-26 03:02 - 2014-07-26 03:02 - 00000448 _____ () C:\Users\Christopher\AppData\Local\UserProducts.xml
2014-07-26 03:02 - 2014-07-26 03:02 - 00000003 _____ () C:\Users\Christopher\AppData\Local\updater.log
2014-07-26 03:02 - 2014-07-26 03:02 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-07-26 02:54 - 2014-07-26 02:54 - 02273984 _____ (Skillbrains ) C:\Users\Christopher\Downloads\setup-lightshot.exe
2014-07-25 15:50 - 2014-07-29 16:34 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-07-25 15:50 - 2014-07-29 16:34 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-07-25 15:50 - 2014-02-08 01:08 - 01283136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-07-25 15:50 - 2014-02-08 01:08 - 01126480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-07-25 00:17 - 2013-06-21 19:56 - 00000000 ____D () C:\ProgramData\Origin
2014-07-24 23:28 - 2013-06-21 19:56 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-24 19:04 - 2013-06-21 19:58 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-23 22:10 - 2014-03-18 11:40 - 00000000 ____D () C:\WINDOWS\SKB
2014-07-23 17:28 - 2014-07-23 17:28 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 17:28 - 2014-07-23 17:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-23 17:26 - 2014-07-23 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-19 22:15 - 2013-11-28 20:28 - 00000000 ____D () C:\Users\Christopher\AppData\Local\ArmA 2 OA
2014-07-18 21:07 - 2014-07-18 20:21 - 510321876 _____ () C:\Users\Christopher\Downloads\YGOPro DevPro.zip
2014-07-16 15:45 - 2014-07-16 15:45 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 13:56 - 2013-03-23 19:46 - 00000000 ____D () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client
2014-07-13 05:47 - 2014-05-09 15:32 - 00000000 ____D () C:\Users\Christopher
2014-07-12 21:22 - 2014-05-04 02:23 - 00000000 ____D () C:\Users\Christopher\Downloads\authlib
2014-07-11 15:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 14:20 - 2013-08-22 16:44 - 00366528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 14:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 14:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 14:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 17:31 - 2013-07-14 02:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 17:31 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 17:30 - 2013-03-24 22:17 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 17:29 - 2014-03-18 11:40 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 14:07 - 2014-07-10 14:07 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 19:28 - 2014-07-08 19:28 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 19:28 - 2013-03-24 13:57 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Christopher\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Christopher\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Christopher\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Christopher\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Christopher\AppData\Local\Temp\nvStInst.exe
C:\Users\Christopher\AppData\Local\Temp\Quarantine.exe
C:\Users\Christopher\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christopher\AppData\Local\Temp\YgoUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-27 03:51

==================== End Of Log ============================

--- --- ---

--- --- ---

Es wurde keine Addition.txt erstellt.

cosinus · 02.08.2014, 16:48

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

Chris_B · 02.08.2014, 16:54

Tschuldigung habe nicht bemerkt das der haken bei Addition.txt drausen war

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Christopher at 2014-08-02 17:53:25
Running from C:\Users\Christopher\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version:  - )
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version:  - )
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoHotkey 1.1.09.04 (HKLM\...\AutoHotkey) (Version: 1.1.09.04 - Lexikos)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BlueStacks Notification Center (HKLM-x32\...\{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoLine 17.5.5.0 (HKLM\...\PhotoLine_is1) (Version: 17.5.5.0 - Computerinsel GmbH)
Pid  (HKLM-x32\...\Steam App 218740) (Version:  - Might and Delight)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Recorder for Spotify Version 2.0 (HKLM-x32\...\{0C442480-E6A6-4931-8C86-074B9D83A893}_is1) (Version: 2.0 - Manuel)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27252 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2160789074-2075475238-2303539151-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Christopher\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

10-07-2014 15:26:57 Windows Update
19-07-2014 15:13:49 Geplanter Prüfpunkt
27-07-2014 23:25:46 avast! antivirus system restore point
29-07-2014 14:34:10 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32D7A1A4-0C5C-4A1F-B204-AEBAAF435F4F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {384506E5-536D-411F-AAC6-4918A7C1D7CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-28] (AVAST Software)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87B99961-0DAA-41CE-A3B5-C006E78B9837} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {882FB7BB-3A52-47F7-B028-835E3B250EC5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001UA => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {8AF2272E-1AE6-4B30-87ED-FC556825A94D} - System32\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA35CE69-1595-4954-A034-0F20C6A5C6D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {BA572663-13D4-4035-9822-A02F4E8EAC86} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CB7349E5-B17C-4339-9A93-46B4B7CD88D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-01] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4C797E2-4C9B-4D04-B1F1-A8D37C7F6E62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-01] (Google Inc.)
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF8E29A8-E8F2-4194-9F70-64231AAC5E71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001Core => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001Core.job => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2160789074-2075475238-2303539151-1001UA.job => C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2160789074-2075475238-2303539151-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2014-05-09 15:23 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-23 18:22 - 2014-05-25 15:11 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-04-26 15:24 - 2014-04-26 15:24 - 00173568 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 01080832 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00833024 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2012-10-29 12:08 - 2014-06-25 14:16 - 00102344 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2012-10-29 12:08 - 2014-06-25 14:16 - 00108488 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00030208 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00233984 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2012-10-29 12:08 - 2014-07-15 13:56 - 00563656 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-10 15:20 - 2014-07-15 13:56 - 00579016 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-04-26 15:24 - 2014-04-26 15:24 - 00159232 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-28 01:28 - 2014-07-28 01:28 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-01 19:49 - 2014-08-01 19:49 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080101\algo.dll
2014-08-02 16:07 - 2014-08-02 16:07 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080201\algo.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-21 22:57 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\frameworks\libavcodec-55.dll
2014-05-21 22:57 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\frameworks\libavformat-55.dll
2014-01-08 15:09 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\frameworks\libavresample-1.dll
2014-04-23 13:09 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\frameworks\libavutil-53.dll
2013-03-12 18:10 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\frameworks\SDL2.dll
2014-05-21 22:57 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\frameworks\video.dll
2014-05-21 22:57 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\frameworks\libswscale-2.dll
2013-03-15 18:29 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\frameworks\bin\chromehtml.DLL
2013-03-14 22:19 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\frameworks\bin\libcef.dll
2014-07-28 01:28 - 2014-07-28 01:28 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-28 16:56 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Christopher\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKCU\...\StartupApproved\Run: => "Pando Media Booster"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/02/2014 05:34:15 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 05:33:45 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 05:33:15 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 04:26:56 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 04:26:26 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 04:25:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 04:24:39 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 04:24:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 04:23:39 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/02/2014 04:23:09 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTOPHERPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 8087.06 MB
Available physical RAM: 6121.32 MB
Total Pagefile: 9559.06 MB
Available Pagefile: 7333.96 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:629.26 GB) NTFS
Drive d: (EEARTH) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7D316182)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 02.08.2014, 16:55

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Chris_B · 02.08.2014, 20:05

So hier erst nur der MBAM scan, der ESET folgt dauert aber noch.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 02.08.2014
Scan Time: 18:01:16
Logfile: 123.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.08.02.03
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Christopher

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318573
Time Elapsed: 17 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

So hat jetzt echt lang gedauert tut mir leid :/

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=695f5627b19cf548ade91b1dfd5965f7
# engine=19470
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-02 06:39:16
# local_time=2014-08-02 08:39:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 16395 17881326 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 451578 11388277 0 0
# scanned=330785
# found=3
# cleaned=0
# scan_time=9149
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir"
sh=B20B0BD8E5CDD280C5DC922FFD896DF50D208CB7 ft=1 fh=59ddf8c2c6946d84 vn="Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat"

cosinus · 03.08.2014, 20:47

Zitat:

C:\Program Files (x86)\Cheat Engine 6.3

Das Zeugs ist bekannt und auch so gewollt?

Chris_B · 03.08.2014, 21:26

Ja ist ein Cheat tool für Borderlands 2

EDIT: Bzw für andere Spiele auch doch ich habe es nur für Borderlands 2 benutzt.

cosinus · 03.08.2014, 21:36

Dann isses ok

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Chris_B · 03.08.2014, 21:45

Ist das Problem damit gelöst und mein PC Viren/Trojaner usw frei? ( ich weis das du das nicht garantieren kannst aber wars das? )
Muss ich mir keine Gedanken machen wegen Keyloggern oder das Accounts gehackt werden?!

cosinus · 03.08.2014, 21:51

ESET und MBAM haben ja sonst nichts mehr gefunden...

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Chris_B · 03.08.2014, 21:55

Ok dann bedanke ich mich vielmals für die unkomplizierte Hilfe

02.08.2014, 16:48	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ --> http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach

http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach

Plagegeister aller Art und deren Bekämpfung: http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach