Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe

Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe


Log-Analyse und Auswertung: Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.08.2014, 11:04   #1
seeker1997
 
Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe - Standard

Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe


Ich habe den oben genannten und weitere Viren mithilfe von 'Windows Defender' und 'Malewarebytes Anti-Maleware' auf meinem Pc gefunden. Es öffnen sich mehrere Java Downloads, die aber nicht ausgeführt werden können weil ich Java Downloads deaktiviert habe. Ich habe bereits versucht, die Viren alleinständig zu entfernen aber bisher ohne Erfolg bei dem Trojaner Zbot.gen. Ich habe hier ebenfalls die Logfiles vom Virusscan notiert, da ich nicht weiß wie man die Logfiles der einzelnen Viren mit dem Programm aufschreibt.

defogger:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:56 on 18/08/2014 (Kilian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Kilian (administrator) on KILIAN-IPOD on 18-08-2014 10:59:13
Running from C:\Users\Kilian\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Emsi Software GmbH) C:\Program Files (x86)\a-squared Free\a2service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Emsi Software GmbH) C:\Program Files (x86)\a-squared Free\a2free.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
() C:\League of Legends\RADS\system\rads_user_kernel.exe
() C:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe
() C:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\LolClient.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
() C:\Program Files (x86)\Opera\23.0.1522.75\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Meskisift Corporatien) C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe
(Meskisift Corporatien) C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Meskisift Corporatien) C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Meskisift Corporatien) C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe
(Farbar) C:\Users\Kilian\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-22] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4243868721-543226389-1580479791-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4243868721-543226389-1580479791-1002\...\Run: [Lyrabaodciqu] => C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [306919 2014-05-11] (Meskisift Corporatien)
HKU\S-1-5-21-4243868721-543226389-1580479791-1002\...\MountPoints2: {e4b8b083-4ce2-11e3-be6a-806e6f6e6963} - "E:\AutoRunCD.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2free; C:\Program Files (x86)\a-squared Free\a2service.exe [1858144 2009-10-01] (Emsi Software GmbH) [File not signed]
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-22] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-04-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-05-28] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-22] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-22] (Intel Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R1 MpKsl8d562ac8; C:\Windows\system32\MpEngineStore\MpKsl8d562ac8.sys [45352 2014-08-17] (Microsoft Corporation)
R1 MpKsladfc4267; C:\Windows\system32\MpEngineStore\MpKsladfc4267.sys [45352 2014-08-17] (Microsoft Corporation)
S1 rrgcbszm; C:\Windows\system32\drivers\rrgcbszm.sys [55104 2014-08-18] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 10:59 - 2014-08-18 10:59 - 00018000 _____ () C:\Users\Kilian\Desktop\FRST.txt
2014-08-18 10:59 - 2014-08-18 10:59 - 00000000 ____D () C:\FRST
2014-08-18 10:57 - 2014-08-18 10:57 - 02101760 _____ (Farbar) C:\Users\Kilian\Downloads\FRST64.exe
2014-08-18 10:57 - 2014-08-18 10:57 - 02101760 _____ (Farbar) C:\Users\Kilian\Desktop\FRST64 (1).exe
2014-08-18 10:56 - 2014-08-18 10:56 - 00000474 _____ () C:\Users\Kilian\Desktop\defogger_disable.log
2014-08-18 10:56 - 2014-08-18 10:56 - 00000000 _____ () C:\Users\Kilian\defogger_reenable
2014-08-18 10:55 - 2014-08-18 10:55 - 00050477 _____ () C:\Users\Kilian\Desktop\Defogger.exe
2014-08-18 00:07 - 2014-08-18 00:07 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rrgcbszm.sys
2014-08-17 23:58 - 2014-08-17 23:59 - 00301592 _____ () C:\Windows\Minidump\081714-52890-01.dmp
2014-08-17 23:47 - 2014-08-17 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free
2014-08-17 23:46 - 2014-08-17 23:47 - 00000000 ____D () C:\Program Files (x86)\a-squared Free
2014-08-17 23:46 - 2014-08-17 23:46 - 00000000 ____D () C:\Users\Kilian\Documents\a-squared Free
2014-08-17 23:45 - 2014-08-17 23:46 - 83704128 _____ (Emsi Software GmbH ) C:\Users\Kilian\Downloads\a2FreeSetup27.exe
2014-08-17 23:45 - 2014-08-17 23:46 - 19745792 _____ (Emsi Software GmbH ) C:\Users\Kilian\Downloads\a2FreeSetup27 (1).exe.opdownload
2014-08-17 00:37 - 2014-08-17 00:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 00:37 - 2014-08-17 00:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 00:33 - 2014-08-17 23:30 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-08-17 00:29 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 00:28 - 2014-08-17 00:28 - 30517960 _____ (Microsoft Corporation) C:\Users\Kilian\Downloads\Windows-KB890830-x64-V5.15.exe
2014-08-16 23:59 - 2014-08-18 10:00 - 00000830 _____ () C:\Windows\Tasks\Security Center Update - 722109875.job
2014-08-16 23:59 - 2014-08-17 23:40 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-16 23:59 - 2014-08-16 23:59 - 00003804 _____ () C:\Windows\System32\Tasks\Security Center Update - 722109875
2014-08-16 23:59 - 2014-08-16 23:59 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Cuyfzy
2014-08-16 12:13 - 2014-08-17 00:25 - 00000000 ____D () C:\Users\Kilian\AppData\Local\GameSpy
2014-08-16 12:12 - 2014-08-16 12:12 - 00000094 _____ () C:\Users\Kilian\AppData\Local\fusioncache.dat
2014-08-15 18:05 - 2014-08-15 18:19 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Ubisoft Game Launcher
2014-08-15 18:04 - 2014-08-15 18:04 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-08-15 18:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-08-15 18:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-08-15 18:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-08-15 18:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-08-15 18:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-08-15 18:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-08-15 18:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-08-15 18:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-08-15 18:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-08-15 18:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-08-15 18:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-08-15 18:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-08-15 18:03 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-08-15 18:03 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-08-15 18:03 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-08-15 18:03 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-08-15 18:03 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-08-15 18:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-08-15 18:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-08-15 18:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-08-15 18:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-08-15 18:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-08-15 18:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-08-15 18:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-08-15 18:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-08-15 18:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-08-15 18:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-08-15 18:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-08-15 18:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-08-15 18:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-08-15 18:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-08-15 18:03 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-08-15 18:03 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-08-15 18:03 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-08-15 18:03 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-08-15 18:03 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-08-15 18:03 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-08-15 18:03 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-08-15 18:03 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-08-15 18:03 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-08-15 18:03 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-08-15 18:03 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-08-15 18:03 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-08-15 18:03 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-08-15 18:03 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-08-15 18:03 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-08-15 18:03 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-08-15 18:03 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-08-15 18:03 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-08-15 18:03 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-08-15 18:03 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-08-15 18:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-08-15 18:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-08-15 18:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-08-15 18:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-08-15 18:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-08-15 18:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-08-15 18:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-08-15 18:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-08-15 18:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-08-15 18:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-08-15 18:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-08-15 18:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-08-15 18:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-08-15 18:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-08-15 18:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-08-15 18:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-08-15 18:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-08-15 18:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-08-15 18:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-08-15 18:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-08-15 18:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-08-15 18:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-08-15 18:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-08-15 18:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-08-15 18:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-08-15 18:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-08-15 18:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-08-15 18:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-08-15 18:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-08-15 18:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-08-15 18:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-08-15 18:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-08-15 18:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-08-15 18:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-08-15 18:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-08-15 18:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-08-15 18:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-08-15 18:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-08-15 18:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-08-15 18:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-08-15 18:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-08-15 18:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-08-15 18:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-08-15 18:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-08-15 18:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-08-15 18:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-08-15 18:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-08-15 17:39 - 2014-08-17 00:13 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-08-15 16:17 - 2014-08-15 16:17 - 00005620 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 __RHD () C:\Users\Kilian\AppData\Roaming\SecuROM
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 ____D () C:\Users\Kilian\Documents\My Games
2014-08-15 16:15 - 2014-08-15 16:15 - 00669184 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-08-15 16:14 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-08-15 16:14 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-08-15 16:14 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-08-15 15:59 - 2014-08-15 15:59 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-08-07 23:00 - 2014-08-07 23:10 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Apple Computer
2014-08-07 23:00 - 2014-08-07 23:00 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Apple Computer
2014-08-07 23:00 - 2014-08-07 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-07 23:00 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-07 22:59 - 2014-08-07 23:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 22:59 - 2014-08-07 23:00 - 00000000 ____D () C:\Program Files\iTunes
2014-08-07 22:59 - 2014-08-07 23:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-07 22:59 - 2014-08-07 22:59 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Apple
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-07 22:58 - 2014-08-07 22:59 - 00000000 ____D () C:\ProgramData\Apple
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-07 22:57 - 2014-08-07 22:58 - 113492816 _____ (Apple Inc.) C:\Users\Kilian\Downloads\iTunes64Setup.exe
2014-08-07 22:56 - 2014-08-07 22:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-01 01:38 - 2014-08-17 00:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 01:38 - 2014-08-01 01:38 - 00000000 ____D () C:\ProgramData\Sun
2014-07-26 15:19 - 2014-07-26 15:19 - 00349440 _____ () C:\Windows\Minidump\072614-40265-01.dmp
2014-07-21 18:08 - 2014-07-21 18:08 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 10:59 - 2014-08-18 10:59 - 00018000 _____ () C:\Users\Kilian\Desktop\FRST.txt
2014-08-18 10:59 - 2014-08-18 10:59 - 00000000 ____D () C:\FRST
2014-08-18 10:58 - 2014-03-30 22:44 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Skype
2014-08-18 10:57 - 2014-08-18 10:57 - 02101760 _____ (Farbar) C:\Users\Kilian\Downloads\FRST64.exe
2014-08-18 10:57 - 2014-08-18 10:57 - 02101760 _____ (Farbar) C:\Users\Kilian\Desktop\FRST64 (1).exe
2014-08-18 10:56 - 2014-08-18 10:56 - 00000474 _____ () C:\Users\Kilian\Desktop\defogger_disable.log
2014-08-18 10:56 - 2014-08-18 10:56 - 00000000 _____ () C:\Users\Kilian\defogger_reenable
2014-08-18 10:56 - 2014-03-31 00:31 - 00000000 ____D () C:\Users\Kilian
2014-08-18 10:55 - 2014-08-18 10:55 - 00050477 _____ () C:\Users\Kilian\Desktop\Defogger.exe
2014-08-18 10:51 - 2013-11-14 06:27 - 01005034 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 10:00 - 2014-08-16 23:59 - 00000830 _____ () C:\Windows\Tasks\Security Center Update - 722109875.job
2014-08-18 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-18 02:36 - 2014-04-01 14:29 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4243868721-543226389-1580479791-1002
2014-08-18 00:07 - 2014-08-18 00:07 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rrgcbszm.sys
2014-08-18 00:06 - 2014-03-31 00:32 - 00000062 _____ () C:\Users\Kilian\AppData\Roaming\sp_data.sys
2014-08-18 00:05 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 00:02 - 2012-08-02 15:24 - 01566820 _____ () C:\Windows\PFRO.log
2014-08-17 23:59 - 2014-08-17 23:58 - 00301592 _____ () C:\Windows\Minidump\081714-52890-01.dmp
2014-08-17 23:58 - 2014-04-06 02:50 - 756383071 _____ () C:\Windows\MEMORY.DMP
2014-08-17 23:58 - 2014-04-06 02:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-17 23:58 - 2013-11-14 06:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-17 23:47 - 2014-08-17 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free
2014-08-17 23:47 - 2014-08-17 23:46 - 00000000 ____D () C:\Program Files (x86)\a-squared Free
2014-08-17 23:46 - 2014-08-17 23:46 - 00000000 ____D () C:\Users\Kilian\Documents\a-squared Free
2014-08-17 23:46 - 2014-08-17 23:45 - 83704128 _____ (Emsi Software GmbH ) C:\Users\Kilian\Downloads\a2FreeSetup27.exe
2014-08-17 23:46 - 2014-08-17 23:45 - 19745792 _____ (Emsi Software GmbH ) C:\Users\Kilian\Downloads\a2FreeSetup27 (1).exe.opdownload
2014-08-17 23:46 - 2013-11-14 06:41 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-08-17 23:46 - 2013-11-14 06:41 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-08-17 23:40 - 2014-08-16 23:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-17 23:33 - 2012-08-03 01:02 - 01775488 _____ () C:\Windows\system32\perfh007.dat
2014-08-17 23:33 - 2012-08-03 01:02 - 00499794 _____ () C:\Windows\system32\perfc007.dat
2014-08-17 23:33 - 2012-07-26 09:28 - 00005636 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 23:30 - 2014-08-17 00:33 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-08-17 23:24 - 2013-04-26 01:06 - 00306312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 00:47 - 2014-05-29 14:38 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-08-17 00:45 - 2014-03-30 23:44 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\.minecraft
2014-08-17 00:38 - 2014-08-01 01:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-17 00:37 - 2014-08-17 00:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 00:37 - 2014-08-17 00:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 00:28 - 2014-08-17 00:28 - 30517960 _____ (Microsoft Corporation) C:\Users\Kilian\Downloads\Windows-KB890830-x64-V5.15.exe
2014-08-17 00:25 - 2014-08-16 12:13 - 00000000 ____D () C:\Users\Kilian\AppData\Local\GameSpy
2014-08-17 00:13 - 2014-08-15 17:39 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-08-17 00:08 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-16 23:59 - 2014-08-16 23:59 - 00003804 _____ () C:\Windows\System32\Tasks\Security Center Update - 722109875
2014-08-16 23:59 - 2014-08-16 23:59 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Cuyfzy
2014-08-16 19:40 - 2014-04-10 20:06 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\TS3Client
2014-08-16 12:13 - 2014-03-31 00:32 - 00000000 ____D () C:\Users\Kilian\AppData\Local\VirtualStore
2014-08-16 12:12 - 2014-08-16 12:12 - 00000094 _____ () C:\Users\Kilian\AppData\Local\fusioncache.dat
2014-08-15 18:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-15 18:19 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Ubisoft Game Launcher
2014-08-15 18:04 - 2014-08-15 18:04 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-08-15 18:03 - 2013-04-26 01:16 - 00064261 _____ () C:\Windows\DirectX.log
2014-08-15 17:39 - 2013-11-14 06:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-15 16:17 - 2014-08-15 16:17 - 00005620 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-15 16:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 __RHD () C:\Users\Kilian\AppData\Roaming\SecuROM
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 ____D () C:\Users\Kilian\Documents\My Games
2014-08-15 16:15 - 2014-08-15 16:15 - 00669184 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-08-15 16:14 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-15 15:59 - 2014-08-15 15:59 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-08-12 17:08 - 2014-06-03 15:58 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1396219179
2014-08-12 17:08 - 2014-03-31 00:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-09 00:13 - 2014-03-30 22:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-07 23:10 - 2014-08-07 23:00 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Apple Computer
2014-08-07 23:00 - 2014-08-07 23:00 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Apple Computer
2014-08-07 23:00 - 2014-08-07 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-07 23:00 - 2014-08-07 22:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 23:00 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-07 23:00 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-07 22:59 - 2014-08-07 22:59 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Apple
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-07 22:59 - 2014-08-07 22:58 - 00000000 ____D () C:\ProgramData\Apple
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-07 22:58 - 2014-08-07 22:57 - 113492816 _____ (Apple Inc.) C:\Users\Kilian\Downloads\iTunes64Setup.exe
2014-08-07 22:56 - 2014-08-07 22:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-07 22:56 - 2012-07-26 09:21 - 00037937 _____ () C:\Windows\setupact.log
2014-08-01 05:18 - 2014-03-30 22:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-01 01:38 - 2014-08-01 01:38 - 00000000 ____D () C:\ProgramData\Sun
2014-07-31 23:41 - 2014-08-17 00:29 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-26 15:19 - 2014-07-26 15:19 - 00349440 _____ () C:\Windows\Minidump\072614-40265-01.dmp
2014-07-24 18:22 - 2014-07-17 14:42 - 00075776 _____ () C:\Users\Kilian\AppData\Local\file__0.localstorage
2014-07-24 03:53 - 2014-03-30 22:47 - 00000000 ____D () C:\Users\Kilian\Downloads\authlib
2014-07-21 18:08 - 2014-07-21 18:08 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Kilian\AppData\Local\Temp\2DHT.dll
C:\Users\Kilian\AppData\Local\Temp\5z8S.dll
C:\Users\Kilian\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Kilian\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Kilian\AppData\Local\Temp\EVpo.dll
C:\Users\Kilian\AppData\Local\Temp\FXyp.dll
C:\Users\Kilian\AppData\Local\Temp\itutquy9.dll
C:\Users\Kilian\AppData\Local\Temp\jline_git-Bukkit-0_0_0-904-g9277096-b953jnks.dll
C:\Users\Kilian\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Kilian\AppData\Local\Temp\On3Y.dll
C:\Users\Kilian\AppData\Local\Temp\scka7rp_.dll
C:\Users\Kilian\AppData\Local\Temp\tmpE15E.exe
C:\Users\Kilian\AppData\Local\Temp\u74M.dll
C:\Users\Kilian\AppData\Local\Temp\ubi2C79.tmp.exe
C:\Users\Kilian\AppData\Local\Temp\UNFA.dll
C:\Users\Kilian\AppData\Local\Temp\UpdateFlashPlayer_0126b25e.exe
C:\Users\Kilian\AppData\Local\Temp\xakb-rup.dll
C:\Users\Kilian\AppData\Local\Temp\z4Cl.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 03:00

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Kilian at 2014-08-18 10:59:59
Running from C:\Users\Kilian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
a-squared Free 4.5 (HKLM-x32\...\a-squared Free_is1) (Version: 4.5 - Emsi Software GmbH)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.0 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0029 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Führerschein Trainer 2014 (HKLM-x32\...\{707F7ABB-9598-455D-8128-0BE02AFC4B72}) (Version: 1.00.0000 - Franzis Verlag GmbH)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version: - Gameforge 4D GmbH)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA Control Panel 311.54 (Version: 311.54 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.54 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0325 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21224 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

31-07-2014 23:37:36 Installed Java 7 Update 65
07-08-2014 20:59:08 Installed iTunes
15-08-2014 13:58:11 Microsoft Visual C++ 2005 Redistributable wird installiert
16-08-2014 22:13:10 Entfernt Far Cry 3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2DE6CA68-BA5D-4A5D-8C18-7119245C1FBD} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {5382CA1A-5E06-48FB-8469-49B46F4165D3} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-05-28] (AsusTek)
Task: {5FF92002-5B04-4EF1-BE9C-46177E7422D6} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {7672BF9A-C67F-472C-9648-245F7E2B9A92} - System32\Tasks\{00E5A9ED-579D-4FEF-9AC5-2601D0BD618B} => c:\program files (x86)\opera\launcher.exe [2014-08-08] (Opera Software)
Task: {83A618B0-EAE1-45C4-8DEC-535B10148639} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-03-26] (ASUSTek Computer Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A806BCCD-2692-4E26-9A31-4E2C6226DE65} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {B2E56BE9-5FF7-42F5-8EDE-33F905579F33} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {B544D9FF-0C13-498C-8179-96933CFEF605} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.)
Task: {B545B3DD-7AC1-4288-B3B0-03B8445E59BD} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-04-29] (ASUS)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D10A4E4C-CF1C-4CA5-BE18-30BA54DDDEB2} - System32\Tasks\Security Center Update - 722109875 => C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [2014-05-11] (Meskisift Corporatien)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED1D7FD8-7BBD-424B-BA6C-766FA4519D45} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.)
Task: {F3E0881C-50B6-4413-BD25-52DA4210A142} - System32\Tasks\Opera scheduled Autoupdate 1396219179 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: C:\Windows\Tasks\Security Center Update - 722109875.job => C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-04-29 18:03 - 2013-04-29 18:03 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-04-26 10:38 - 2013-01-02 08:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-04-01 19:57 - 2012-05-29 11:47 - 01300376 _____ () C:\League of Legends\RADS\system\rads_user_kernel.exe
2014-04-01 19:57 - 2014-08-15 13:28 - 05534200 _____ () C:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe
2014-04-04 17:23 - 2014-04-04 17:23 - 00074752 _____ () C:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\LolClient.exe
2014-08-12 17:08 - 2014-08-12 17:08 - 01401464 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\opera_crashreporter.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-14 06:23 - 2013-05-31 15:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-04-04 16:40 - 2014-08-15 13:28 - 01635832 _____ () C:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\RiotLauncher.dll
2014-08-12 17:08 - 2014-08-12 17:08 - 00880248 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\libglesv2.dll
2014-08-12 17:08 - 2014-08-12 17:08 - 00135800 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\libegl.dll
2014-08-12 17:08 - 2014-08-12 17:08 - 00957048 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\rrgcbszm.sys:changelist

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2014 00:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piutfas.exe, Version: 0.192.57148.50208, Zeitstempel: 0x53d75949
Name des fehlerhaften Moduls: igd10iumd32.dll, Version: 9.18.10.3186, Zeitstempel: 0x51969093
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0045f3e7
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xpiutfas.exe0
Pfad der fehlerhaften Anwendung: piutfas.exe1
Pfad des fehlerhaften Moduls: piutfas.exe2
Berichtskennung: piutfas.exe3
Vollständiger Name des fehlerhaften Pakets: piutfas.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: piutfas.exe5

Error: (08/18/2014 00:20:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piutfas.exe, Version: 0.192.57148.50208, Zeitstempel: 0x53d75949
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xb30
Startzeit der fehlerhaften Anwendung: 0xpiutfas.exe0
Pfad der fehlerhaften Anwendung: piutfas.exe1
Pfad des fehlerhaften Moduls: piutfas.exe2
Berichtskennung: piutfas.exe3
Vollständiger Name des fehlerhaften Pakets: piutfas.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: piutfas.exe5

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/17/2014 00:45:26 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (08/17/2014 00:39:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433, Zeitstempel: 0x50763312
Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.16522, Zeitstempel: 0x51131a75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000102296
ID des fehlerhaften Prozesses: 0xa84
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (08/17/2014 00:37:53 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (08/17/2014 00:36:47 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (08/17/2014 00:36:43 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".


System errors:
=============
Error: (08/18/2014 00:05:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎17.‎08.‎2014 um 23:58:53 unerwartet heruntergefahren.

Error: (08/17/2014 00:40:01 AM) (Source: DCOM) (EventID: 10010) (User: KILIAN-IPOD)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/17/2014 00:08:05 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}

Error: (08/17/2014 00:08:04 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}

Error: (08/09/2014 00:13:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1

Error: (08/04/2014 04:59:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎08.‎2014 um 02:38:39 unerwartet heruntergefahren.

Error: (08/02/2014 08:20:24 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841156544

Error: (08/02/2014 08:20:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎08.‎2014 um 13:50:37 unerwartet heruntergefahren.

Error: (08/01/2014 06:30:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎08.‎2014 um 17:56:39 unerwartet heruntergefahren.

Error: (08/01/2014 06:30:08 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841156544


Microsoft Office Sessions:
=========================
Error: (08/18/2014 00:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: piutfas.exe0.192.57148.5020853d75949igd10iumd32.dll9.18.10.318651969093c00000050045f3e7198401cfba6c79b9b6c2C:\Users\Kilian\AppData\Roaming\Cuyfzy\piut fas.exeC:\Windows\system32\igd10iumd32.dllb9db31dd-2660-11e4-be9b-bcee7b0f4222

Error: (08/18/2014 00:20:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: piutfas.exe0.192.57148.5020853d75949unknown0.0.0.000000000c000000500000000b3001cfba693bc49524C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exeunknown bb3e9345-265c-11e4-be9b-bcee7b0f4222

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (08/17/2014 00:45:26 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (08/17/2014 00:39:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1643350763312twinui.dll6.2.9200.1652251131a75c00000050000000000102296a8401cfb9a0a0e9c0acC:\Windows\Explorer.EXEC:\Windows\System3 2\twinui.dll1ed4eeb5-2596-11e4-be98-bcee7b0f4222

Error: (08/17/2014 00:37:53 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (08/17/2014 00:36:47 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (08/17/2014 00:36:43 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 42%
Total physical RAM: 8075.4 MB
Available physical RAM: 4672.37 MB
Total Pagefile: 16267.4 MB
Available Pagefile: 12778.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:103.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.34 GB) (Free:258.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 568814A2)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-18 11:13:39
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003d WDC_WD5000LPVX-80V0TT0 rev.01.01A01 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Kilian\AppData\Local\Temp\uxdcapod.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                 fffff9600011e300 7 bytes [C0, 85, 1B, 01, 00, F2, 9B]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                                                             fffff9600011e308 5 bytes [01, A8, E4, FF, 00]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                000007fdaf511532 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                000007fdaf51153a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                              000007fdaf51165a 4 bytes [51, AF, FD, 07]
.text    C:\Windows\system32\DptfPolicyLpmService.exe[1256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                 000007fdb530177a 4 bytes [30, B5, FD, 07]
.text    C:\Windows\system32\DptfPolicyLpmService.exe[1256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                 000007fdb5301782 4 bytes [30, B5, FD, 07]
.text    C:\Program Files\Windows Defender\MsMpEng.exe[2156] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                                                                                000007fdb530177a 4 bytes [30, B5, FD, 07]
.text    C:\Program Files\Windows Defender\MsMpEng.exe[2156] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                                                                                000007fdb5301782 4 bytes [30, B5, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3132] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                 000007fdaf511532 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3132] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                 000007fdaf51153a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3132] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                               000007fdaf51165a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                        000007fdaf511532 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                        000007fdaf51153a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                      000007fdaf51165a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4376] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                         000007fdaf511532 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4376] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                         000007fdaf51153a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4376] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                       000007fdaf51165a 4 bytes [51, AF, FD, 07]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [588:612]                                                                                                                                                                         fffff960008765e8
Thread   C:\Windows\Explorer.EXE [3192:5040]                                                                                                                                                                             0000000004084e50
---- Processes - GMER 2.1 ----

Process  C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe (*** suspicious ***) @ C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [11928] (Meskisift Visaal Studie 2010/Meskisift Corporatien)(2014-05-11 09:29:34)  0000000000400000
Process  C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe (*** suspicious ***) @ C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [9880] (Meskisift Visaal Studie 2010/Meskisift Corporatien)(2014-05-11 09:29:34)   0000000000400000
Process  C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe (*** suspicious ***) @ C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [3500] (Meskisift Visaal Studie 2010/Meskisift Corporatien)(2014-05-11 09:29:34)   0000000000400000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                           unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---


Virusscan Log alt (Virus meistenteils gelöscht):
Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18.08.2014
Scan Time: 11:21:09
Logfile: Virusscan Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.18.02
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Kilian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331188
Time Elapsed: 8 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, 3888, , [ac5ee0e844371d199a3b8d0f7b86a25e]
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, 1512, , [ac5ee0e844371d199a3b8d0f7b86a25e]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Zbot.gen, HKU\S-1-5-21-4243868721-543226389-1580479791-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Lyrabaodciqu, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, , [ac5ee0e844371d199a3b8d0f7b86a25e]
Trojan.Zbot.gen, HKU\S-1-5-21-4243868721-543226389-1580479791-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Lyrabaodciqu, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, , [ac5ee0e844371d199a3b8d0f7b86a25e]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 19
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, , [ac5ee0e844371d199a3b8d0f7b86a25e],
Trojan.FakeMS.ED, C:\ProgramData\Windows Genuine Advantage\{2AB3678A-0341-4A9C-9918-BF749A3F4BD5}\api-ms-win-system-tpmcompc-l1-1-0.dll, , [8c7e1fa9dd9e7fb7201ce3b90af72fd1],
Trojan.FakeMS.ED, C:\ProgramData\Windows Genuine Advantage\{4B562230-42D4-4899-B0F9-3A5DA334AD98}\mmsys62.dll, , [ef1bb810bdbe68ce1726cbd1728f03fd],
Trojan.FakeMS.ED, C:\ProgramData\Windows Genuine Advantage\{56D2EFB8-6F60-434E-8657-6EADC8B03BDC}\api-ms-win-system-ipsecsnp-l1-1-0.dll, , [25e5fcccaecdef473a02acf0ba470bf5],
Trojan.Ransom.ED, C:\ProgramData\Windows Genuine Advantage\{5861C5A0-7EB0-4E81-B5E2-0C3EB6F7728E}\msiexec.exe, , [b8525276cdaefd396ecb3479c63be31d],
Spyware.Zbot.ED, C:\ProgramData\Windows Genuine Advantage\{5D425C4E-D979-4FC2-A4A2-07EADC609ADE}\msiexec.exe, , [e02adfe9691244f2ee8fdbd0f50c01ff],
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\z4Cl.dll, , [53b768602259e254e05d1785b64b05fb],
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\2DHT.dll, , [060426a2a0dbcf67d06dafed0af733cd],
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\EVpo.dll, , [878330987803ec4a2b12574539c8639d],
Trojan.Ransom.ED, C:\Users\Kilian\AppData\Local\Temp\tmpE15E.exe, , [bc4edeea314a90a6af8a921b58a9926e],
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\u74M.dll, , [f713a721e09b1a1cec512676b74a58a8],
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\UNFA.dll, , [1eecbb0d047795a1b4887428aa5751af],
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Local\Temp\UpdateFlashPlayer_0126b25e.exe, , [3dcd9335e4975adc22b30993de2341bf],
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\5z8S.dll, , [43c76662fa812313a894415b54ad31cf],
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\On3Y.dll, , [74963296e596aa8c2c11cad281808080],
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\FXyp.dll, , [7f8b7f4917648da9a29b09939d6415eb],
PUP.Optional.Bandoo, C:\Users\Kilian\Downloads\iLividSetup-r484-n-bc (1).exe, , [39d1c701b9c2c6709c930015c53ce020],
PUP.Optional.Bandoo, C:\Users\Kilian\Downloads\iLividSetup-r484-n-bc.exe, , [ae5c10b89eddbf7738f7ab6a9d6421df],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 722109875.job, , [e7231eaae893072f3226d739897b53ad],

Physical Sectors: 0
(No malicious items detected)


(end)
Virusscan Log neu:
Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18.08.2014
Scan Time: 11:37:53
Logfile: Virusscan Log neu.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.18.03
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Kilian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332041
Time Elapsed: 6 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, 3888, Delete-on-Reboot, [5ab13890403bc274c21cfd9f5aa7e31d]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Zbot.gen, HKU\S-1-5-21-4243868721-543226389-1580479791-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Lyrabaodciqu, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, Quarantined, [5ab13890403bc274c21cfd9f5aa7e31d]
Trojan.Zbot.gen, HKU\S-1-5-21-4243868721-543226389-1580479791-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Lyrabaodciqu, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, Quarantined, [5ab13890403bc274c21cfd9f5aa7e31d]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, Delete-on-Reboot, [5ab13890403bc274c21cfd9f5aa7e31d],

Physical Sectors: 0
(No malicious items detected)


(end)
Danke im Vorraus für die Hilfe!
Entschuldigen Sie, wenn ich die Logs falsch eingebracht habe, ich habe so etwas noch nie vorher gemacht.
Ich lasse jetzt meinen Pc neustarten um die bereinigung von Malewarebytes zu vervollständigen.
Geändert von seeker1997 (18.08.2014 um 11:13 Uhr) Grund: Die letzten beiden Sätze hinzugefügt.

Alt 18.08.2014, 11:34   #2
M-K-D-B
/// TB-Ausbilder
 
Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe - Standard

Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe





Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Alt 18.08.2014, 12:03   #3
seeker1997
 
Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe - Standard

Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe


Hallo Matthias,
hier sind erneut die Logfiles + combofix.

defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:56 on 18/08/2014 (Kilian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Kilian (administrator) on KILIAN-IPOD on 18-08-2014 10:59:13
Running from C:\Users\Kilian\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Emsi Software GmbH) C:\Program Files (x86)\a-squared Free\a2service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Emsi Software GmbH) C:\Program Files (x86)\a-squared Free\a2free.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
() C:\League of Legends\RADS\system\rads_user_kernel.exe
() C:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe
() C:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\LolClient.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
() C:\Program Files (x86)\Opera\23.0.1522.75\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Meskisift Corporatien) C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe
(Meskisift Corporatien) C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Meskisift Corporatien) C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Meskisift Corporatien) C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe
(Farbar) C:\Users\Kilian\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-22] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4243868721-543226389-1580479791-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4243868721-543226389-1580479791-1002\...\Run: [Lyrabaodciqu] => C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [306919 2014-05-11] (Meskisift Corporatien)
HKU\S-1-5-21-4243868721-543226389-1580479791-1002\...\MountPoints2: {e4b8b083-4ce2-11e3-be6a-806e6f6e6963} - "E:\AutoRunCD.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2free; C:\Program Files (x86)\a-squared Free\a2service.exe [1858144 2009-10-01] (Emsi Software GmbH) [File not signed]
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-22] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-04-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-05-28] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-22] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-22] (Intel Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R1 MpKsl8d562ac8; C:\Windows\system32\MpEngineStore\MpKsl8d562ac8.sys [45352 2014-08-17] (Microsoft Corporation)
R1 MpKsladfc4267; C:\Windows\system32\MpEngineStore\MpKsladfc4267.sys [45352 2014-08-17] (Microsoft Corporation)
S1 rrgcbszm; C:\Windows\system32\drivers\rrgcbszm.sys [55104 2014-08-18] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 10:59 - 2014-08-18 10:59 - 00018000 _____ () C:\Users\Kilian\Desktop\FRST.txt
2014-08-18 10:59 - 2014-08-18 10:59 - 00000000 ____D () C:\FRST
2014-08-18 10:57 - 2014-08-18 10:57 - 02101760 _____ (Farbar) C:\Users\Kilian\Downloads\FRST64.exe
2014-08-18 10:57 - 2014-08-18 10:57 - 02101760 _____ (Farbar) C:\Users\Kilian\Desktop\FRST64 (1).exe
2014-08-18 10:56 - 2014-08-18 10:56 - 00000474 _____ () C:\Users\Kilian\Desktop\defogger_disable.log
2014-08-18 10:56 - 2014-08-18 10:56 - 00000000 _____ () C:\Users\Kilian\defogger_reenable
2014-08-18 10:55 - 2014-08-18 10:55 - 00050477 _____ () C:\Users\Kilian\Desktop\Defogger.exe
2014-08-18 00:07 - 2014-08-18 00:07 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rrgcbszm.sys
2014-08-17 23:58 - 2014-08-17 23:59 - 00301592 _____ () C:\Windows\Minidump\081714-52890-01.dmp
2014-08-17 23:47 - 2014-08-17 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free
2014-08-17 23:46 - 2014-08-17 23:47 - 00000000 ____D () C:\Program Files (x86)\a-squared Free
2014-08-17 23:46 - 2014-08-17 23:46 - 00000000 ____D () C:\Users\Kilian\Documents\a-squared Free
2014-08-17 23:45 - 2014-08-17 23:46 - 83704128 _____ (Emsi Software GmbH ) C:\Users\Kilian\Downloads\a2FreeSetup27.exe
2014-08-17 23:45 - 2014-08-17 23:46 - 19745792 _____ (Emsi Software GmbH ) C:\Users\Kilian\Downloads\a2FreeSetup27 (1).exe.opdownload
2014-08-17 00:37 - 2014-08-17 00:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 00:37 - 2014-08-17 00:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 00:33 - 2014-08-17 23:30 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-08-17 00:29 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 00:28 - 2014-08-17 00:28 - 30517960 _____ (Microsoft Corporation) C:\Users\Kilian\Downloads\Windows-KB890830-x64-V5.15.exe
2014-08-16 23:59 - 2014-08-18 10:00 - 00000830 _____ () C:\Windows\Tasks\Security Center Update - 722109875.job
2014-08-16 23:59 - 2014-08-17 23:40 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-16 23:59 - 2014-08-16 23:59 - 00003804 _____ () C:\Windows\System32\Tasks\Security Center Update - 722109875
2014-08-16 23:59 - 2014-08-16 23:59 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Cuyfzy
2014-08-16 12:13 - 2014-08-17 00:25 - 00000000 ____D () C:\Users\Kilian\AppData\Local\GameSpy
2014-08-16 12:12 - 2014-08-16 12:12 - 00000094 _____ () C:\Users\Kilian\AppData\Local\fusioncache.dat
2014-08-15 18:05 - 2014-08-15 18:19 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Ubisoft Game Launcher
2014-08-15 18:04 - 2014-08-15 18:04 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-08-15 18:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-08-15 18:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-08-15 18:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-08-15 18:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-08-15 18:03 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-08-15 18:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-08-15 18:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-08-15 18:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-08-15 18:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-08-15 18:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-08-15 18:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-08-15 18:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-08-15 18:03 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-08-15 18:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-08-15 18:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-08-15 18:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-08-15 18:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-08-15 18:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-08-15 18:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-08-15 18:03 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-08-15 18:03 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-08-15 18:03 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-08-15 18:03 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-08-15 18:03 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-08-15 18:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-08-15 18:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-08-15 18:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-08-15 18:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-08-15 18:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-08-15 18:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-08-15 18:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-08-15 18:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-08-15 18:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-08-15 18:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-08-15 18:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-08-15 18:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-08-15 18:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-08-15 18:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-08-15 18:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-08-15 18:03 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-08-15 18:03 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-08-15 18:03 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-08-15 18:03 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-08-15 18:03 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-08-15 18:03 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-08-15 18:03 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-08-15 18:03 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-08-15 18:03 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-08-15 18:03 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-08-15 18:03 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-08-15 18:03 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-08-15 18:03 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-08-15 18:03 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-08-15 18:03 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-08-15 18:03 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-08-15 18:03 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-08-15 18:03 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-08-15 18:03 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-08-15 18:03 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-08-15 18:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-08-15 18:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-08-15 18:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-08-15 18:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-08-15 18:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-08-15 18:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-08-15 18:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-08-15 18:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-08-15 18:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-08-15 18:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-08-15 18:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-08-15 18:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-08-15 18:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-08-15 18:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-08-15 18:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-08-15 18:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-08-15 18:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-08-15 18:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-08-15 18:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-08-15 18:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-08-15 18:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-08-15 18:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-08-15 18:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-08-15 18:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-08-15 18:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-08-15 18:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-08-15 18:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-08-15 18:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-08-15 18:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-08-15 18:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-08-15 18:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-08-15 18:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-08-15 18:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-08-15 18:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-08-15 18:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-08-15 18:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-08-15 18:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-08-15 18:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-08-15 18:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-08-15 18:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-08-15 18:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-08-15 18:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-08-15 18:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-08-15 18:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-08-15 18:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-08-15 18:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-08-15 18:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-08-15 17:39 - 2014-08-17 00:13 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-08-15 16:17 - 2014-08-15 16:17 - 00005620 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 __RHD () C:\Users\Kilian\AppData\Roaming\SecuROM
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 ____D () C:\Users\Kilian\Documents\My Games
2014-08-15 16:15 - 2014-08-15 16:15 - 00669184 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-08-15 16:14 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-08-15 16:14 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-08-15 16:14 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-08-15 16:14 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-08-15 16:14 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-08-15 15:59 - 2014-08-15 15:59 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-08-07 23:00 - 2014-08-07 23:10 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Apple Computer
2014-08-07 23:00 - 2014-08-07 23:00 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Apple Computer
2014-08-07 23:00 - 2014-08-07 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-07 23:00 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-07 22:59 - 2014-08-07 23:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 22:59 - 2014-08-07 23:00 - 00000000 ____D () C:\Program Files\iTunes
2014-08-07 22:59 - 2014-08-07 23:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-07 22:59 - 2014-08-07 22:59 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Apple
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-07 22:58 - 2014-08-07 22:59 - 00000000 ____D () C:\ProgramData\Apple
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-07 22:57 - 2014-08-07 22:58 - 113492816 _____ (Apple Inc.) C:\Users\Kilian\Downloads\iTunes64Setup.exe
2014-08-07 22:56 - 2014-08-07 22:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-01 01:38 - 2014-08-17 00:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 01:38 - 2014-08-01 01:38 - 00000000 ____D () C:\ProgramData\Sun
2014-07-26 15:19 - 2014-07-26 15:19 - 00349440 _____ () C:\Windows\Minidump\072614-40265-01.dmp
2014-07-21 18:08 - 2014-07-21 18:08 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 10:59 - 2014-08-18 10:59 - 00018000 _____ () C:\Users\Kilian\Desktop\FRST.txt
2014-08-18 10:59 - 2014-08-18 10:59 - 00000000 ____D () C:\FRST
2014-08-18 10:58 - 2014-03-30 22:44 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Skype
2014-08-18 10:57 - 2014-08-18 10:57 - 02101760 _____ (Farbar) C:\Users\Kilian\Downloads\FRST64.exe
2014-08-18 10:57 - 2014-08-18 10:57 - 02101760 _____ (Farbar) C:\Users\Kilian\Desktop\FRST64 (1).exe
2014-08-18 10:56 - 2014-08-18 10:56 - 00000474 _____ () C:\Users\Kilian\Desktop\defogger_disable.log
2014-08-18 10:56 - 2014-08-18 10:56 - 00000000 _____ () C:\Users\Kilian\defogger_reenable
2014-08-18 10:56 - 2014-03-31 00:31 - 00000000 ____D () C:\Users\Kilian
2014-08-18 10:55 - 2014-08-18 10:55 - 00050477 _____ () C:\Users\Kilian\Desktop\Defogger.exe
2014-08-18 10:51 - 2013-11-14 06:27 - 01005034 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 10:00 - 2014-08-16 23:59 - 00000830 _____ () C:\Windows\Tasks\Security Center Update - 722109875.job
2014-08-18 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-18 02:36 - 2014-04-01 14:29 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4243868721-543226389-1580479791-1002
2014-08-18 00:07 - 2014-08-18 00:07 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rrgcbszm.sys
2014-08-18 00:06 - 2014-03-31 00:32 - 00000062 _____ () C:\Users\Kilian\AppData\Roaming\sp_data.sys
2014-08-18 00:05 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 00:02 - 2012-08-02 15:24 - 01566820 _____ () C:\Windows\PFRO.log
2014-08-17 23:59 - 2014-08-17 23:58 - 00301592 _____ () C:\Windows\Minidump\081714-52890-01.dmp
2014-08-17 23:58 - 2014-04-06 02:50 - 756383071 _____ () C:\Windows\MEMORY.DMP
2014-08-17 23:58 - 2014-04-06 02:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-17 23:58 - 2013-11-14 06:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-17 23:47 - 2014-08-17 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free
2014-08-17 23:47 - 2014-08-17 23:46 - 00000000 ____D () C:\Program Files (x86)\a-squared Free
2014-08-17 23:46 - 2014-08-17 23:46 - 00000000 ____D () C:\Users\Kilian\Documents\a-squared Free
2014-08-17 23:46 - 2014-08-17 23:45 - 83704128 _____ (Emsi Software GmbH ) C:\Users\Kilian\Downloads\a2FreeSetup27.exe
2014-08-17 23:46 - 2014-08-17 23:45 - 19745792 _____ (Emsi Software GmbH ) C:\Users\Kilian\Downloads\a2FreeSetup27 (1).exe.opdownload
2014-08-17 23:46 - 2013-11-14 06:41 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-08-17 23:46 - 2013-11-14 06:41 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-08-17 23:40 - 2014-08-16 23:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-17 23:33 - 2012-08-03 01:02 - 01775488 _____ () C:\Windows\system32\perfh007.dat
2014-08-17 23:33 - 2012-08-03 01:02 - 00499794 _____ () C:\Windows\system32\perfc007.dat
2014-08-17 23:33 - 2012-07-26 09:28 - 00005636 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 23:30 - 2014-08-17 00:33 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-08-17 23:24 - 2013-04-26 01:06 - 00306312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 00:47 - 2014-05-29 14:38 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-08-17 00:45 - 2014-03-30 23:44 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\.minecraft
2014-08-17 00:38 - 2014-08-01 01:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-17 00:37 - 2014-08-17 00:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 00:37 - 2014-08-17 00:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 00:37 - 2014-08-17 00:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 00:28 - 2014-08-17 00:28 - 30517960 _____ (Microsoft Corporation) C:\Users\Kilian\Downloads\Windows-KB890830-x64-V5.15.exe
2014-08-17 00:25 - 2014-08-16 12:13 - 00000000 ____D () C:\Users\Kilian\AppData\Local\GameSpy
2014-08-17 00:13 - 2014-08-15 17:39 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-08-17 00:08 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-16 23:59 - 2014-08-16 23:59 - 00003804 _____ () C:\Windows\System32\Tasks\Security Center Update - 722109875
2014-08-16 23:59 - 2014-08-16 23:59 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Cuyfzy
2014-08-16 19:40 - 2014-04-10 20:06 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\TS3Client
2014-08-16 12:13 - 2014-03-31 00:32 - 00000000 ____D () C:\Users\Kilian\AppData\Local\VirtualStore
2014-08-16 12:12 - 2014-08-16 12:12 - 00000094 _____ () C:\Users\Kilian\AppData\Local\fusioncache.dat
2014-08-15 18:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-15 18:19 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Ubisoft Game Launcher
2014-08-15 18:04 - 2014-08-15 18:04 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-08-15 18:03 - 2013-04-26 01:16 - 00064261 _____ () C:\Windows\DirectX.log
2014-08-15 17:39 - 2013-11-14 06:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-15 16:17 - 2014-08-15 16:17 - 00005620 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-15 16:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 __RHD () C:\Users\Kilian\AppData\Roaming\SecuROM
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
2014-08-15 16:16 - 2014-08-15 16:16 - 00000000 ____D () C:\Users\Kilian\Documents\My Games
2014-08-15 16:15 - 2014-08-15 16:15 - 00669184 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-08-15 16:14 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-15 15:59 - 2014-08-15 15:59 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-08-12 17:08 - 2014-06-03 15:58 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1396219179
2014-08-12 17:08 - 2014-03-31 00:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-09 00:13 - 2014-03-30 22:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-07 23:10 - 2014-08-07 23:00 - 00000000 ____D () C:\Users\Kilian\AppData\Roaming\Apple Computer
2014-08-07 23:00 - 2014-08-07 23:00 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Apple Computer
2014-08-07 23:00 - 2014-08-07 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-07 23:00 - 2014-08-07 22:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 23:00 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-07 23:00 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-07 22:59 - 2014-08-07 22:59 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Users\Kilian\AppData\Local\Apple
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 22:59 - 2014-08-07 22:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-07 22:59 - 2014-08-07 22:58 - 00000000 ____D () C:\ProgramData\Apple
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-07 22:58 - 2014-08-07 22:58 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-07 22:58 - 2014-08-07 22:57 - 113492816 _____ (Apple Inc.) C:\Users\Kilian\Downloads\iTunes64Setup.exe
2014-08-07 22:56 - 2014-08-07 22:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-07 22:56 - 2012-07-26 09:21 - 00037937 _____ () C:\Windows\setupact.log
2014-08-01 05:18 - 2014-03-30 22:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-01 01:38 - 2014-08-01 01:38 - 00000000 ____D () C:\ProgramData\Sun
2014-07-31 23:41 - 2014-08-17 00:29 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-26 15:19 - 2014-07-26 15:19 - 00349440 _____ () C:\Windows\Minidump\072614-40265-01.dmp
2014-07-24 18:22 - 2014-07-17 14:42 - 00075776 _____ () C:\Users\Kilian\AppData\Local\file__0.localstorage
2014-07-24 03:53 - 2014-03-30 22:47 - 00000000 ____D () C:\Users\Kilian\Downloads\authlib
2014-07-21 18:08 - 2014-07-21 18:08 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Kilian\AppData\Local\Temp\2DHT.dll
C:\Users\Kilian\AppData\Local\Temp\5z8S.dll
C:\Users\Kilian\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Kilian\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Kilian\AppData\Local\Temp\EVpo.dll
C:\Users\Kilian\AppData\Local\Temp\FXyp.dll
C:\Users\Kilian\AppData\Local\Temp\itutquy9.dll
C:\Users\Kilian\AppData\Local\Temp\jline_git-Bukkit-0_0_0-904-g9277096-b953jnks.dll
C:\Users\Kilian\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Kilian\AppData\Local\Temp\On3Y.dll
C:\Users\Kilian\AppData\Local\Temp\scka7rp_.dll
C:\Users\Kilian\AppData\Local\Temp\tmpE15E.exe
C:\Users\Kilian\AppData\Local\Temp\u74M.dll
C:\Users\Kilian\AppData\Local\Temp\ubi2C79.tmp.exe
C:\Users\Kilian\AppData\Local\Temp\UNFA.dll
C:\Users\Kilian\AppData\Local\Temp\UpdateFlashPlayer_0126b25e.exe
C:\Users\Kilian\AppData\Local\Temp\xakb-rup.dll
C:\Users\Kilian\AppData\Local\Temp\z4Cl.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 03:00

==================== End Of Log ============================
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Kilian at 2014-08-18 10:59:59
Running from C:\Users\Kilian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
a-squared Free 4.5 (HKLM-x32\...\a-squared Free_is1) (Version: 4.5 - Emsi Software GmbH)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.0 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0029 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Führerschein Trainer 2014 (HKLM-x32\...\{707F7ABB-9598-455D-8128-0BE02AFC4B72}) (Version: 1.00.0000 - Franzis Verlag GmbH)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA Control Panel 311.54 (Version: 311.54 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.54 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0325 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21224 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-07-2014 23:37:36 Installed Java 7 Update 65
07-08-2014 20:59:08 Installed iTunes
15-08-2014 13:58:11 Microsoft Visual C++ 2005 Redistributable wird installiert
16-08-2014 22:13:10 Entfernt Far Cry 3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2DE6CA68-BA5D-4A5D-8C18-7119245C1FBD} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {5382CA1A-5E06-48FB-8469-49B46F4165D3} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-05-28] (AsusTek)
Task: {5FF92002-5B04-4EF1-BE9C-46177E7422D6} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {7672BF9A-C67F-472C-9648-245F7E2B9A92} - System32\Tasks\{00E5A9ED-579D-4FEF-9AC5-2601D0BD618B} => c:\program files (x86)\opera\launcher.exe [2014-08-08] (Opera Software)
Task: {83A618B0-EAE1-45C4-8DEC-535B10148639} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-03-26] (ASUSTek Computer Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A806BCCD-2692-4E26-9A31-4E2C6226DE65} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {B2E56BE9-5FF7-42F5-8EDE-33F905579F33} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {B544D9FF-0C13-498C-8179-96933CFEF605} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.)
Task: {B545B3DD-7AC1-4288-B3B0-03B8445E59BD} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-04-29] (ASUS)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D10A4E4C-CF1C-4CA5-BE18-30BA54DDDEB2} - System32\Tasks\Security Center Update - 722109875 => C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [2014-05-11] (Meskisift Corporatien)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED1D7FD8-7BBD-424B-BA6C-766FA4519D45} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.)
Task: {F3E0881C-50B6-4413-BD25-52DA4210A142} - System32\Tasks\Opera scheduled Autoupdate 1396219179 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: C:\Windows\Tasks\Security Center Update - 722109875.job => C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-04-29 18:03 - 2013-04-29 18:03 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-04-26 10:38 - 2013-01-02 08:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-04-01 19:57 - 2012-05-29 11:47 - 01300376 _____ () C:\League of Legends\RADS\system\rads_user_kernel.exe
2014-04-01 19:57 - 2014-08-15 13:28 - 05534200 _____ () C:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe
2014-04-04 17:23 - 2014-04-04 17:23 - 00074752 _____ () C:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\LolClient.exe
2014-08-12 17:08 - 2014-08-12 17:08 - 01401464 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\opera_crashreporter.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-14 06:23 - 2013-05-31 15:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-04-04 16:40 - 2014-08-15 13:28 - 01635832 _____ () C:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\RiotLauncher.dll
2014-08-12 17:08 - 2014-08-12 17:08 - 00880248 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\libglesv2.dll
2014-08-12 17:08 - 2014-08-12 17:08 - 00135800 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\libegl.dll
2014-08-12 17:08 - 2014-08-12 17:08 - 00957048 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\rrgcbszm.sys:changelist

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2014 00:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piutfas.exe, Version: 0.192.57148.50208, Zeitstempel: 0x53d75949
Name des fehlerhaften Moduls: igd10iumd32.dll, Version: 9.18.10.3186, Zeitstempel: 0x51969093
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0045f3e7
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xpiutfas.exe0
Pfad der fehlerhaften Anwendung: piutfas.exe1
Pfad des fehlerhaften Moduls: piutfas.exe2
Berichtskennung: piutfas.exe3
Vollständiger Name des fehlerhaften Pakets: piutfas.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: piutfas.exe5

Error: (08/18/2014 00:20:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piutfas.exe, Version: 0.192.57148.50208, Zeitstempel: 0x53d75949
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xb30
Startzeit der fehlerhaften Anwendung: 0xpiutfas.exe0
Pfad der fehlerhaften Anwendung: piutfas.exe1
Pfad des fehlerhaften Moduls: piutfas.exe2
Berichtskennung: piutfas.exe3
Vollständiger Name des fehlerhaften Pakets: piutfas.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: piutfas.exe5

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/17/2014 00:45:26 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (08/17/2014 00:39:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433, Zeitstempel: 0x50763312
Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.16522, Zeitstempel: 0x51131a75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000102296
ID des fehlerhaften Prozesses: 0xa84
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (08/17/2014 00:37:53 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (08/17/2014 00:36:47 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (08/17/2014 00:36:43 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".


System errors:
=============
Error: (08/18/2014 00:05:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎17.‎08.‎2014 um 23:58:53 unerwartet heruntergefahren.

Error: (08/17/2014 00:40:01 AM) (Source: DCOM) (EventID: 10010) (User: KILIAN-IPOD)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/17/2014 00:08:05 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}

Error: (08/17/2014 00:08:04 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}

Error: (08/09/2014 00:13:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (08/04/2014 04:59:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎08.‎2014 um 02:38:39 unerwartet heruntergefahren.

Error: (08/02/2014 08:20:24 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841156544

Error: (08/02/2014 08:20:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎08.‎2014 um 13:50:37 unerwartet heruntergefahren.

Error: (08/01/2014 06:30:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎08.‎2014 um 17:56:39 unerwartet heruntergefahren.

Error: (08/01/2014 06:30:08 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841156544


Microsoft Office Sessions:
=========================
Error: (08/18/2014 00:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: piutfas.exe0.192.57148.5020853d75949igd10iumd32.dll9.18.10.318651969093c00000050045f3e7198401cfba6c79b9b6c2C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exeC:\Windows\system32\igd10iumd32.dllb9db31dd-2660-11e4-be9b-bcee7b0f4222

Error: (08/18/2014 00:20:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: piutfas.exe0.192.57148.5020853d75949unknown0.0.0.000000000c000000500000000b3001cfba693bc49524C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exeunknownbb3e9345-265c-11e4-be9b-bcee7b0f4222

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (08/17/2014 11:33:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (08/17/2014 00:45:26 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (08/17/2014 00:39:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1643350763312twinui.dll6.2.9200.1652251131a75c00000050000000000102296a8401cfb9a0a0e9c0acC:\Windows\Explorer.EXEC:\Windows\System32\twinui.dll1ed4eeb5-2596-11e4-be98-bcee7b0f4222

Error: (08/17/2014 00:37:53 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (08/17/2014 00:36:47 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (08/17/2014 00:36:43 AM) (Source: MsiInstaller) (EventID: 1002) (User: KILIAN-IPOD)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 42%
Total physical RAM: 8075.4 MB
Available physical RAM: 4672.37 MB
Total Pagefile: 16267.4 MB
Available Pagefile: 12778.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:103.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.34 GB) (Free:258.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 568814A2)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-18 11:13:39
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003d WDC_WD5000LPVX-80V0TT0 rev.01.01A01 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Kilian\AppData\Local\Temp\uxdcapod.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                 fffff9600011e300 7 bytes [C0, 85, 1B, 01, 00, F2, 9B]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                                                             fffff9600011e308 5 bytes [01, A8, E4, FF, 00]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                000007fdaf511532 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                000007fdaf51153a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                              000007fdaf51165a 4 bytes [51, AF, FD, 07]
.text    C:\Windows\system32\DptfPolicyLpmService.exe[1256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                 000007fdb530177a 4 bytes [30, B5, FD, 07]
.text    C:\Windows\system32\DptfPolicyLpmService.exe[1256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                 000007fdb5301782 4 bytes [30, B5, FD, 07]
.text    C:\Program Files\Windows Defender\MsMpEng.exe[2156] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                                                                                000007fdb530177a 4 bytes [30, B5, FD, 07]
.text    C:\Program Files\Windows Defender\MsMpEng.exe[2156] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                                                                                000007fdb5301782 4 bytes [30, B5, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3132] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                 000007fdaf511532 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3132] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                 000007fdaf51153a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3132] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                               000007fdaf51165a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                        000007fdaf511532 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                        000007fdaf51153a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4320] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                      000007fdaf51165a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4376] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                         000007fdaf511532 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4376] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                         000007fdaf51153a 4 bytes [51, AF, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4376] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                       000007fdaf51165a 4 bytes [51, AF, FD, 07]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [588:612]                                                                                                                                                                         fffff960008765e8
Thread   C:\Windows\Explorer.EXE [3192:5040]                                                                                                                                                                             0000000004084e50
---- Processes - GMER 2.1 ----

Process  C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe (*** suspicious ***) @ C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [11928] (Meskisift Visaal Studie 2010/Meskisift Corporatien)(2014-05-11 09:29:34)  0000000000400000
Process  C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe (*** suspicious ***) @ C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [9880] (Meskisift Visaal Studie 2010/Meskisift Corporatien)(2014-05-11 09:29:34)   0000000000400000
Process  C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe (*** suspicious ***) @ C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe [3500] (Meskisift Visaal Studie 2010/Meskisift Corporatien)(2014-05-11 09:29:34)   0000000000400000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                           unknown MBR code

---- EOF - GMER 2.1 ----
Virusscan alt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 18.08.2014
Scan Time: 11:21:09
Logfile: Virusscan Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.18.02
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Kilian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331188
Time Elapsed: 8 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, 3888, , [ac5ee0e844371d199a3b8d0f7b86a25e]
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, 1512, , [ac5ee0e844371d199a3b8d0f7b86a25e]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Zbot.gen, HKU\S-1-5-21-4243868721-543226389-1580479791-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Lyrabaodciqu, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, , [ac5ee0e844371d199a3b8d0f7b86a25e]
Trojan.Zbot.gen, HKU\S-1-5-21-4243868721-543226389-1580479791-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Lyrabaodciqu, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, , [ac5ee0e844371d199a3b8d0f7b86a25e]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 19
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, , [ac5ee0e844371d199a3b8d0f7b86a25e], 
Trojan.FakeMS.ED, C:\ProgramData\Windows Genuine Advantage\{2AB3678A-0341-4A9C-9918-BF749A3F4BD5}\api-ms-win-system-tpmcompc-l1-1-0.dll, , [8c7e1fa9dd9e7fb7201ce3b90af72fd1], 
Trojan.FakeMS.ED, C:\ProgramData\Windows Genuine Advantage\{4B562230-42D4-4899-B0F9-3A5DA334AD98}\mmsys62.dll, , [ef1bb810bdbe68ce1726cbd1728f03fd], 
Trojan.FakeMS.ED, C:\ProgramData\Windows Genuine Advantage\{56D2EFB8-6F60-434E-8657-6EADC8B03BDC}\api-ms-win-system-ipsecsnp-l1-1-0.dll, , [25e5fcccaecdef473a02acf0ba470bf5], 
Trojan.Ransom.ED, C:\ProgramData\Windows Genuine Advantage\{5861C5A0-7EB0-4E81-B5E2-0C3EB6F7728E}\msiexec.exe, , [b8525276cdaefd396ecb3479c63be31d], 
Spyware.Zbot.ED, C:\ProgramData\Windows Genuine Advantage\{5D425C4E-D979-4FC2-A4A2-07EADC609ADE}\msiexec.exe, , [e02adfe9691244f2ee8fdbd0f50c01ff], 
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\z4Cl.dll, , [53b768602259e254e05d1785b64b05fb], 
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\2DHT.dll, , [060426a2a0dbcf67d06dafed0af733cd], 
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\EVpo.dll, , [878330987803ec4a2b12574539c8639d], 
Trojan.Ransom.ED, C:\Users\Kilian\AppData\Local\Temp\tmpE15E.exe, , [bc4edeea314a90a6af8a921b58a9926e], 
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\u74M.dll, , [f713a721e09b1a1cec512676b74a58a8], 
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\UNFA.dll, , [1eecbb0d047795a1b4887428aa5751af], 
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Local\Temp\UpdateFlashPlayer_0126b25e.exe, , [3dcd9335e4975adc22b30993de2341bf], 
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\5z8S.dll, , [43c76662fa812313a894415b54ad31cf], 
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\On3Y.dll, , [74963296e596aa8c2c11cad281808080], 
Trojan.FakeMS.ED, C:\Users\Kilian\AppData\Local\Temp\FXyp.dll, , [7f8b7f4917648da9a29b09939d6415eb], 
PUP.Optional.Bandoo, C:\Users\Kilian\Downloads\iLividSetup-r484-n-bc (1).exe, , [39d1c701b9c2c6709c930015c53ce020], 
PUP.Optional.Bandoo, C:\Users\Kilian\Downloads\iLividSetup-r484-n-bc.exe, , [ae5c10b89eddbf7738f7ab6a9d6421df], 
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 722109875.job, , [e7231eaae893072f3226d739897b53ad], 

Physical Sectors: 0
(No malicious items detected)


(end)
Virusscan neu:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 18.08.2014
Scan Time: 11:37:53
Logfile: Virusscan Log neu.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.18.03
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Kilian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332041
Time Elapsed: 6 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, 3888, Delete-on-Reboot, [5ab13890403bc274c21cfd9f5aa7e31d]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Zbot.gen, HKU\S-1-5-21-4243868721-543226389-1580479791-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Lyrabaodciqu, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, Quarantined, [5ab13890403bc274c21cfd9f5aa7e31d]
Trojan.Zbot.gen, HKU\S-1-5-21-4243868721-543226389-1580479791-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Lyrabaodciqu, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, Quarantined, [5ab13890403bc274c21cfd9f5aa7e31d]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Zbot.gen, C:\Users\Kilian\AppData\Roaming\Cuyfzy\piutfas.exe, Delete-on-Reboot, [5ab13890403bc274c21cfd9f5aa7e31d], 

Physical Sectors: 0
(No malicious items detected)


(end)
ComboFix:
Code:
ATTFilter
ComboFix 14-08-17.01 - Kilian 18.08.2014  12:52:19.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8075.6736 [GMT 2:00]
ausgeführt von:: c:\users\Kilian\Desktop\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\programdata\SetStretch.VBS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-18 bis 2014-08-18  ))))))))))))))))))))))))))))))
.
.
2014-08-18 10:16 . 2014-08-18 10:16	62	----a-w-	c:\users\Kilian\AppData\Roaming\sp_data.sys
2014-08-18 09:20 . 2014-08-18 10:16	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 09:19 . 2014-08-18 09:19	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-18 09:19 . 2014-08-18 09:19	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-18 09:19 . 2014-05-12 05:26	64216	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-18 09:19 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 09:19 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-18 08:59 . 2014-08-18 09:00	--------	d-----w-	C:\FRST
2014-08-18 08:40 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{70EF439F-DA20-43EC-9B20-ABC0E4BC4979}\mpengine.dll
2014-08-17 21:46 . 2014-08-17 21:47	--------	d-----w-	c:\program files (x86)\a-squared Free
2014-08-16 22:37 . 2014-08-16 22:37	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-08-16 22:37 . 2014-08-16 22:37	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 22:37 . 2014-08-16 22:37	--------	d-----w-	c:\program files (x86)\Java
2014-08-16 22:33 . 2014-08-18 09:16	--------	d-----w-	c:\windows\system32\MpEngineStore
2014-08-16 22:29 . 2014-07-31 21:41	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-08-16 21:59 . 2014-08-18 10:14	--------	d-----w-	c:\users\Kilian\AppData\Roaming\Cuyfzy
2014-08-16 10:13 . 2014-08-16 22:25	--------	d-----w-	c:\users\Kilian\AppData\Local\GameSpy
2014-08-16 10:12 . 2014-08-16 22:24	--------	d-----w-	c:\users\Kilian\AppData\Local\ApplicationHistory
2014-08-15 16:05 . 2014-08-15 16:19	--------	d-----w-	c:\users\Kilian\AppData\Local\Ubisoft Game Launcher
2014-08-15 16:02 . 2007-04-04 16:55	403304	----a-w-	c:\windows\system32\xactengine2_7.dll
2014-08-15 15:39 . 2014-08-16 22:13	--------	d-----w-	c:\program files (x86)\Ubisoft
2014-08-15 14:16 . 2014-08-15 14:16	--------	d-----w-	c:\windows\SysWow64\URTTEMP
2014-08-15 14:16 . 2014-08-15 14:16	--------	d--h--r-	c:\users\Kilian\AppData\Roaming\SecuROM
2014-08-15 14:15 . 2014-08-15 14:15	669184	----a-w-	c:\windows\SysWow64\pbsvc.exe
2014-08-15 13:59 . 2014-08-15 13:59	--------	d-----w-	c:\program files (x86)\Electronic Arts
2014-08-07 21:00 . 2014-08-07 21:00	--------	d-----w-	c:\users\Kilian\AppData\Local\Apple Computer
2014-08-07 21:00 . 2014-08-07 21:10	--------	d-----w-	c:\users\Kilian\AppData\Roaming\Apple Computer
2014-08-07 21:00 . 2014-08-07 21:00	--------	dc----w-	c:\windows\system32\DRVSTORE
2014-08-07 21:00 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2014-08-07 20:59 . 2014-08-07 21:00	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 20:59 . 2014-08-07 21:00	--------	d-----w-	c:\program files\iTunes
2014-08-07 20:59 . 2014-08-07 21:00	--------	d-----w-	c:\program files (x86)\iTunes
2014-08-07 20:59 . 2014-08-07 20:59	--------	d-----w-	c:\programdata\Apple Computer
2014-08-07 20:59 . 2014-08-07 20:59	--------	d-----w-	c:\program files\iPod
2014-08-07 20:59 . 2014-08-07 20:59	--------	d-----w-	c:\users\Kilian\AppData\Local\Apple
2014-08-07 20:59 . 2014-08-07 20:59	--------	d-----w-	c:\program files (x86)\Apple Software Update
2014-08-07 20:58 . 2014-08-07 20:58	--------	d-----w-	c:\program files\Common Files\Apple
2014-08-07 20:58 . 2014-08-07 20:58	--------	d-----w-	c:\program files\Bonjour
2014-08-07 20:58 . 2014-08-07 20:58	--------	d-----w-	c:\program files (x86)\Bonjour
2014-08-07 20:58 . 2014-08-07 20:59	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2014-08-07 20:58 . 2014-08-07 20:59	--------	d-----w-	c:\programdata\Apple
2014-07-31 23:38 . 2014-08-16 22:38	--------	d-----w-	c:\programdata\Oracle
2014-07-21 16:08 . 2014-07-21 16:08	46136	---ha-w-	c:\windows\system32\drivers\Hamdrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-17 12:42 . 2014-07-17 12:42	45056	----a-r-	c:\users\Kilian\AppData\Roaming\Microsoft\Installer\{707F7ABB-9598-455D-8128-0BE02AFC4B72}\fs.exe1_4DA546EAD7094BAC8571A190DC5ADB5D.exe
2014-07-17 12:42 . 2014-07-17 12:42	45056	----a-r-	c:\users\Kilian\AppData\Roaming\Microsoft\Installer\{707F7ABB-9598-455D-8128-0BE02AFC4B72}\fs.exe_4DA546EAD7094BAC8571A190DC5ADB5D.exe
2014-06-10 19:50 . 2014-06-10 19:50	6112864	----a-w-	c:\windows\system32\usbaaplrc.dll
2014-06-10 19:50 . 2014-06-10 19:50	54784	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2013-04-25 3187360]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe" [2012-12-19 3576784]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 a2free;a-squared Free Service;c:\program files (x86)\a-squared Free\a2service.exe;c:\program files (x86)\a-squared Free\a2service.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\P4G\InsOnSrv.exe;c:\program files\ASUS\P4G\InsOnSrv.exe [x]
S2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 DptfPolicyCriticalService;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application;c:\windows\system32\DptfPolicyCriticalService.exe;c:\windows\SYSNATIVE\DptfPolicyCriticalService.exe [x]
S2 DptfPolicyLpmService;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application;c:\windows\system32\DptfPolicyLpmService.exe;c:\windows\SYSNATIVE\DptfPolicyLpmService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-09-27 07:15	1472512	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-09-27 07:15	1472512	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-09-27 07:15	1472512	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-06-03 165848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-03 407512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-30 13550152]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2013-04-22 79376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-08-18  12:59:07
ComboFix-quarantined-files.txt  2014-08-18 10:59
.
Vor Suchlauf: 10 Verzeichnis(se), 111.127.179.264 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 112.985.526.272 Bytes frei
.
- - End Of File - - 4110F05762F41C367E073E780D83B3DD
5FB38429D5D77768867C76DCBDB35194
Vielen Dank für die Hilfe!
__________________
Alt 18.08.2014, 12:05   #4
M-K-D-B
/// TB-Ausbilder
 
Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe - Standard

Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe


Servus,





Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Folder::
c:\users\Kilian\AppData\Roaming\Cuyfzy
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!
Alt 18.08.2014, 14:59   #5
seeker1997
 
Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe - Standard

Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe


Danke für die äußert schnelle Hilfe!
Hier ist die neue CF Logdatei, aber ich konnte meinen von Windows vorinstallierten WindowsDefender nicht ausschalten, falls das überhaupt ein Problem darstellt, ansonsten müssten Sie mir erklären wie ich das schließen kann, denn ich bin ein Neuling was Windows 8 betrifft.

ComboFix:
Code:
ATTFilter
ComboFix 14-08-17.01 - Kilian 18.08.2014  13:21:29.2.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8075.6304 [GMT 2:00]
ausgeführt von:: c:\users\Kilian\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Kilian\Desktop\CFScript.txt
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kilian\AppData\Roaming\Cuyfzy
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-18 bis 2014-08-18  ))))))))))))))))))))))))))))))
.
.
2014-08-18 11:24 . 2014-08-18 11:24	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-08-18 11:24 . 2014-08-18 11:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-18 10:59 . 2014-08-18 11:24	--------	d-----w-	c:\users\Kilian\AppData\Local\temp
2014-08-18 10:16 . 2014-08-18 10:16	62	----a-w-	c:\users\Kilian\AppData\Roaming\sp_data.sys
2014-08-18 09:20 . 2014-08-18 11:04	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 09:19 . 2014-08-18 09:19	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-18 09:19 . 2014-08-18 09:19	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-18 09:19 . 2014-05-12 05:26	64216	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-18 09:19 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 09:19 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-18 08:59 . 2014-08-18 09:00	--------	d-----w-	C:\FRST
2014-08-18 08:40 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{70EF439F-DA20-43EC-9B20-ABC0E4BC4979}\mpengine.dll
2014-08-17 21:46 . 2014-08-17 21:47	--------	d-----w-	c:\program files (x86)\a-squared Free
2014-08-16 22:37 . 2014-08-16 22:37	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-08-16 22:37 . 2014-08-16 22:37	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 22:37 . 2014-08-16 22:37	--------	d-----w-	c:\program files (x86)\Java
2014-08-16 22:33 . 2014-08-18 09:16	--------	d-----w-	c:\windows\system32\MpEngineStore
2014-08-16 22:29 . 2014-07-31 21:41	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-08-16 10:13 . 2014-08-16 22:25	--------	d-----w-	c:\users\Kilian\AppData\Local\GameSpy
2014-08-16 10:12 . 2014-08-16 22:24	--------	d-----w-	c:\users\Kilian\AppData\Local\ApplicationHistory
2014-08-15 16:05 . 2014-08-18 11:17	--------	d-----w-	c:\users\Kilian\AppData\Local\Ubisoft Game Launcher
2014-08-15 16:02 . 2007-04-04 16:55	403304	----a-w-	c:\windows\system32\xactengine2_7.dll
2014-08-15 15:39 . 2014-08-18 11:17	--------	d-----w-	c:\program files (x86)\Ubisoft
2014-08-15 14:16 . 2014-08-15 14:16	--------	d-----w-	c:\windows\SysWow64\URTTEMP
2014-08-15 14:16 . 2014-08-15 14:16	--------	d--h--r-	c:\users\Kilian\AppData\Roaming\SecuROM
2014-08-15 14:15 . 2014-08-15 14:15	669184	----a-w-	c:\windows\SysWow64\pbsvc.exe
2014-08-15 13:59 . 2014-08-15 13:59	--------	d-----w-	c:\program files (x86)\Electronic Arts
2014-08-07 21:00 . 2014-08-07 21:00	--------	d-----w-	c:\users\Kilian\AppData\Local\Apple Computer
2014-08-07 21:00 . 2014-08-07 21:10	--------	d-----w-	c:\users\Kilian\AppData\Roaming\Apple Computer
2014-08-07 21:00 . 2014-08-07 21:00	--------	dc----w-	c:\windows\system32\DRVSTORE
2014-08-07 21:00 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2014-08-07 20:59 . 2014-08-07 21:00	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 20:59 . 2014-08-07 21:00	--------	d-----w-	c:\program files\iTunes
2014-08-07 20:59 . 2014-08-07 21:00	--------	d-----w-	c:\program files (x86)\iTunes
2014-08-07 20:59 . 2014-08-07 20:59	--------	d-----w-	c:\programdata\Apple Computer
2014-08-07 20:59 . 2014-08-07 20:59	--------	d-----w-	c:\program files\iPod
2014-08-07 20:59 . 2014-08-07 20:59	--------	d-----w-	c:\users\Kilian\AppData\Local\Apple
2014-08-07 20:59 . 2014-08-07 20:59	--------	d-----w-	c:\program files (x86)\Apple Software Update
2014-08-07 20:58 . 2014-08-07 20:58	--------	d-----w-	c:\program files\Common Files\Apple
2014-08-07 20:58 . 2014-08-07 20:58	--------	d-----w-	c:\program files\Bonjour
2014-08-07 20:58 . 2014-08-07 20:58	--------	d-----w-	c:\program files (x86)\Bonjour
2014-08-07 20:58 . 2014-08-07 20:59	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2014-08-07 20:58 . 2014-08-07 20:59	--------	d-----w-	c:\programdata\Apple
2014-07-31 23:38 . 2014-08-16 22:38	--------	d-----w-	c:\programdata\Oracle
2014-07-21 16:08 . 2014-07-21 16:08	46136	---ha-w-	c:\windows\system32\drivers\Hamdrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-17 12:42 . 2014-07-17 12:42	45056	----a-r-	c:\users\Kilian\AppData\Roaming\Microsoft\Installer\{707F7ABB-9598-455D-8128-0BE02AFC4B72}\fs.exe1_4DA546EAD7094BAC8571A190DC5ADB5D.exe
2014-07-17 12:42 . 2014-07-17 12:42	45056	----a-r-	c:\users\Kilian\AppData\Roaming\Microsoft\Installer\{707F7ABB-9598-455D-8128-0BE02AFC4B72}\fs.exe_4DA546EAD7094BAC8571A190DC5ADB5D.exe
2014-06-10 19:50 . 2014-06-10 19:50	6112864	----a-w-	c:\windows\system32\usbaaplrc.dll
2014-06-10 19:50 . 2014-06-10 19:50	54784	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2013-04-25 3187360]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe" [2012-12-19 3576784]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 a2free;a-squared Free Service;c:\program files (x86)\a-squared Free\a2service.exe;c:\program files (x86)\a-squared Free\a2service.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\P4G\InsOnSrv.exe;c:\program files\ASUS\P4G\InsOnSrv.exe [x]
S2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 DptfPolicyCriticalService;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application;c:\windows\system32\DptfPolicyCriticalService.exe;c:\windows\SYSNATIVE\DptfPolicyCriticalService.exe [x]
S2 DptfPolicyLpmService;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application;c:\windows\system32\DptfPolicyLpmService.exe;c:\windows\SYSNATIVE\DptfPolicyLpmService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-09-27 07:15	1472512	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-09-27 07:15	1472512	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-09-27 07:15	1472512	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-06-03 165848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-03 407512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-30 13550152]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2013-04-22 79376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-08-18  13:25:42
ComboFix-quarantined-files.txt  2014-08-18 11:25
ComboFix2.txt  2014-08-18 10:59
.
Vor Suchlauf: 14 Verzeichnis(se), 113.160.597.504 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 113.098.842.112 Bytes frei
.
- - End Of File - - 30518026083CAEF60C2CD268B28703FF
5FB38429D5D77768867C76DCBDB35194
Außerdem habe ich im WindowsDefender folgende Viren unter Quarantäne entdeckt:
2x Backdoor:Win32/Vawtrak.F
2xTrojan:Win32/Ropest.F
1xWin32/Zbot
1xTrojanDownloader:Win32/Zemot
und 2xPWS:Win32/Zbot.gen!AP

Anscheinend habe ich keine Viren mehr auf meinem PC da ich selbst alle nach dem selben Verfahren wie beschrieben gelöscht habe (ComboFix). Falls jedoch noch Probleme auftreten werde ich sie kontaktieren. Vielen Dank für die Hilfe!


Alt 19.08.2014, 09:57   #6
M-K-D-B
/// TB-Ausbilder
 
Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe - Standard

Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe


  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
Alt 22.08.2014, 16:39   #7
M-K-D-B
/// TB-Ausbilder
 
Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe - Standard

Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe


Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Antwort

Themen zu Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe
bonjour, explorer, flash player, installation, league of legends, msiexec.exe, performance, programm, pup.optional.bandoo, services.exe, spyware.zbot.ed, svchost.exe, trojan.agent.rvgen, trojan.fakems.ed, trojan.ransom.ed, trojan.zbot.gen, trojaner, windows 8 trojaner zbot.gen, windowsapps


« Win8: Verlinkte Wörter, blinkende Virenwarnungen - das Übliche | Trojaner-Befall nach Installation von Free Youtube to mp3 Converter »


Ähnliche Themen: Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe


  1. C:\Users\name\AppData\Roaming\Microsoft\Windows\Recent\wmpnetwk.dll - nicht gefunden
    Log-Analyse und Auswertung - 14.09.2014 (13)
  2. Windows 8: Verdacht auf Virus, c:\users\*******\appdata\roaming\newnext.me\nenginge.dll
    Log-Analyse und Auswertung - 07.04.2014 (9)
  3. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  4. Windows 7: Virenfund mit AVIRA C:\Users\*****\AppData\Roaming\OpenCandy\0353524FC3A84BC188BDC2A76B84F948\Softonic_chr_p1v3.exe
    Log-Analyse und Auswertung - 16.09.2013 (9)
  5. Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  6. Mit Malwarebytes C:\Users\Zig\AppData\Roaming\Ygowq\irqy.exe (Trojan.ZbotR.Gen) gefunden.
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (6)
  7. Mit Malwarebytes C:\Users\Zig\AppData\Roaming\Ygowq\irqy.exe (Trojan.ZbotR.Gen) gefunden.
    Mülltonne - 07.02.2013 (1)
  8. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  9. Trojan.Zbot in C:\Users\Name\AppData\Roaming\Ixiha\wiez.exe
    Log-Analyse und Auswertung - 05.01.2013 (3)
  10. TR/PSW.zbot.5224 in C:\Users\NAME\AppData\Roaming\Okoku\moik.exe
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (24)
  11. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  12. TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (21)
  13. Trojaner in Datei C:\users\XY\Appdata\Roaming\appconf32.exe
    Log-Analyse und Auswertung - 30.07.2012 (4)
  14. Avira meldet TR/Spy.ZBot.edgy in C:/Users/***/AppData/Roaming/Yguq/xyyk.exe
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  15. TR/Dropper.VB.Gen in C:\Users\Julia\AppData\Roaming... gefunden
    Log-Analyse und Auswertung - 07.07.2012 (2)
  16. TR/Offend.kdv.495935 | C:\Users\****\AppData\Roaming\Microsoft\Windows\Templates\audiodi.exe
    Log-Analyse und Auswertung - 19.02.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe - Ich habe den oben genannten und weitere Viren mithilfe von 'Windows Defender' und 'Malewarebytes Anti-Maleware' auf meinem Pc gefunden. Es öffnen sich mehrere Java Downloads, die aber nicht ausgeführt werden - Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe...
Archiv
Du betrachtest: Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55