Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7, Ständige Pop-Ups in Google Chrome (https://www.trojaner-board.de/150021-windows-7-staendige-pop-ups-google-chrome.html)

Necros 20.02.2014 01:10
Windows 7, Ständige Pop-Ups in Google Chrome
 
Hallo,
Seit ca 3 Wochen habe (wie andere auch) Probleme mit sich ändernde Websites (falsche Seiten werden aufgerufen wenn Links angeklickt werden oder einfach so) und ständigen pop-ups.
Ich habe schon mehrere Programme drüberlaufen lassen, aber das Problem besteht weiterhin.
Bei Chrome wird mir als Extension der UTuberAdBlockeR angezeigt, der seit dem 31.Januar installiert ist (nicht von mir) und den ich nicht entfernen kann.
Hier die Log-Files:
FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Jonas **** (administrator) on JONAS****-PC on 20-02-2014 00:11:15
Running from C:\Users\Jonas ****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamSpeak Systems GmbH) C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\ts3client_win32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2013-01-27] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-01-21] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-01] (Microsoft Corporation)
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1824000 2014-02-11] (Valve Corporation)
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\MountPoints2: {11b758e3-68b2-11e2-9fb8-806e6f6e6963} - E:\Launch.exe
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\MountPoints2: {226e208f-8c7c-11e2-9a7c-00262d69747a} - F:\Launch.exe
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\MountPoints2: {fec8b2cd-9af9-11e2-aac4-00262d69747a} - G:\pushinst.exe
Startup: C:\Users\Jonas ****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360113l316l03h8z1m5t6801y31p
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE520DE520
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jonas ****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: BalancedWorlds.com/WebLauncher - C:\Users\Jonas ****\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: No Name - C:\Users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\Extensions\staged [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome:
=======
CHR Extension: (UTuberAdBlockeR) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-13] ()
R2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [146768 2014-01-18] ()
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-21] ()
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4276136 2013-04-04] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-23] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2009-07-21] (Windows (R) Win 7 DDK provider)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [25088 2009-07-21] (Nuvoton Technology Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 00:11 - 2014-02-20 00:11 - 00014138 _____ () C:\Users\Jonas ****\Downloads\FRST.txt
2014-02-20 00:10 - 2014-02-20 00:11 - 00000000 ____D () C:\FRST
2014-02-20 00:09 - 2014-02-20 00:10 - 02153472 _____ (Farbar) C:\Users\Jonas ****\Downloads\FRST64.exe
2014-02-20 00:08 - 2014-02-20 00:08 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Trojaner
2014-02-20 00:06 - 2014-02-20 00:06 - 00050477 _____ () C:\Users\Jonas ****\Downloads\Defogger.exe
2014-02-20 00:06 - 2014-02-20 00:06 - 00000484 _____ () C:\Users\Jonas ****\Downloads\defogger_disable.log
2014-02-20 00:06 - 2014-02-20 00:06 - 00000000 _____ () C:\Users\Jonas ****\defogger_reenable
2014-02-20 00:03 - 2014-02-20 00:03 - 00342616 _____ () C:\Users\Jonas ****\Downloads\Nicht bestätigt 446113.crdownload
2014-02-18 20:58 - 2014-02-18 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 20:58 - 2014-02-18 20:58 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-18 20:57 - 2014-02-18 20:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-18 20:55 - 2014-02-18 21:55 - 00000000 ____D () C:\Users\Jonas ****\Desktop\mbar
2014-02-18 20:54 - 2014-02-18 20:55 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Jonas ****\Downloads\mbar-1.07.0.1009.exe
2014-02-15 15:15 - 2014-02-15 15:17 - 00016476 _____ () C:\Users\Jonas ****\Desktop\Checka.aip
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-SetupFiles
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-cache
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Brurli Corp
2014-02-15 15:11 - 2014-02-15 15:11 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Caphyon
2014-02-15 15:10 - 2014-02-15 15:11 - 00000000 ____D () C:\ProgramData\regid.2003-04.com.caphyon
2014-02-15 15:10 - 2014-02-15 15:11 - 00000000 ____D () C:\ProgramData\Caphyon
2014-02-15 15:10 - 2014-02-15 15:10 - 00001338 _____ () C:\Users\Public\Desktop\Advanced Installer 10.9.1.lnk
2014-02-15 15:10 - 2014-02-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Caphyon
2014-02-15 15:02 - 2014-02-15 15:02 - 00000000 ____D () C:\Program Files (x86)\Myncos
2014-02-14 10:18 - 2014-02-14 10:18 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Final
2014-02-13 14:04 - 2014-02-19 15:52 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\DayZ
2014-02-13 14:04 - 2014-02-13 16:07 - 00000000 ____D () C:\Users\Jonas ****\Documents\DayZ
2014-02-12 12:15 - 2014-02-15 14:52 - 00000000 ____D () C:\Users\Jonas ****\Desktop\V-Day
2014-01-31 13:19 - 2014-01-31 13:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 13:19 - 2014-01-31 13:19 - 00000000 ____D () C:\ProgramData\fadgadbklejlmilpbompfkilmahdkjje
2014-01-30 08:20 - 2014-01-30 08:20 - 00001565 _____ () C:\Users\Public\Desktop\LastChaosGER.lnk
2014-01-30 08:10 - 2014-01-30 08:10 - 00000118 _____ () C:\Users\Public\Desktop\LastChaos Homepage.url
2014-01-23 01:24 - 2014-01-23 01:34 - 00000000 ____D () C:\Users\Jonas ****\FTBRETROSSP
2014-01-23 01:19 - 2014-01-23 01:35 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\ftblauncher
2014-01-23 01:19 - 2014-01-23 01:19 - 00767467 _____ () C:\Users\Jonas ****\Desktop\launcher^FTB_Launcher.exe
2014-01-22 19:00 - 2014-01-22 19:01 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Moni
2014-01-22 15:08 - 2014-01-22 15:08 - 00291720 _____ () C:\Windows\Minidump\012214-30326-01.dmp
2014-01-22 15:07 - 2014-01-22 15:07 - 393122768 _____ () C:\Windows\MEMORY.DMP
2014-01-21 00:51 - 2014-01-21 00:51 - 00001185 _____ () C:\Users\Jonas ****\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-01-21 00:51 - 2014-01-21 00:51 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-21 00:29 - 2014-02-11 19:26 - 00000000 ____D () C:\AdwCleaner

==================== One Month Modified Files and Folders =======

2014-02-20 00:11 - 2014-02-20 00:11 - 00014138 _____ () C:\Users\Jonas ****\Downloads\FRST.txt
2014-02-20 00:11 - 2014-02-20 00:10 - 00000000 ____D () C:\FRST
2014-02-20 00:10 - 2014-02-20 00:09 - 02153472 _____ (Farbar) C:\Users\Jonas ****\Downloads\FRST64.exe
2014-02-20 00:08 - 2014-02-20 00:08 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Trojaner
2014-02-20 00:06 - 2014-02-20 00:06 - 00050477 _____ () C:\Users\Jonas ****\Downloads\Defogger.exe
2014-02-20 00:06 - 2014-02-20 00:06 - 00000484 _____ () C:\Users\Jonas ****\Downloads\defogger_disable.log
2014-02-20 00:06 - 2014-02-20 00:06 - 00000000 _____ () C:\Users\Jonas ****\defogger_reenable
2014-02-20 00:06 - 2013-01-27 19:57 - 00000000 ____D () C:\Users\Jonas ****
2014-02-20 00:03 - 2014-02-20 00:03 - 00342616 _____ () C:\Users\Jonas ****\Downloads\Nicht bestätigt 446113.crdownload
2014-02-19 23:49 - 2013-01-27 22:30 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 23:47 - 2013-01-29 15:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-19 23:26 - 2013-02-13 23:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 22:39 - 2013-08-18 01:22 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Battle.net
2014-02-19 22:35 - 2013-01-29 21:51 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Skype
2014-02-19 18:40 - 2013-12-29 15:58 - 01348984 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 16:40 - 2013-01-28 18:42 - 00000000 ____D () C:\World of Warcraft
2014-02-19 16:13 - 2013-02-10 03:14 - 00007622 _____ () C:\Users\Jonas ****\AppData\Local\Resmon.ResmonCfg
2014-02-19 16:03 - 2013-02-26 19:57 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Deployment
2014-02-19 15:52 - 2014-02-13 14:04 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\DayZ
2014-02-19 14:29 - 2014-01-15 03:41 - 00004905 _____ () C:\Windows\setupact.log
2014-02-18 21:55 - 2014-02-18 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 21:55 - 2014-02-18 20:55 - 00000000 ____D () C:\Users\Jonas ****\Desktop\mbar
2014-02-18 20:58 - 2014-02-18 20:58 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-18 20:57 - 2014-02-18 20:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-18 20:55 - 2014-02-18 20:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Jonas ****\Downloads\mbar-1.07.0.1009.exe
2014-02-18 17:19 - 2013-01-28 18:43 - 00000000 ____D () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client
2014-02-17 20:59 - 2014-01-18 22:54 - 00000476 ____H () C:\Windows\Tasks\GS.Enabler-S-1824435291.job
2014-02-17 20:59 - 2013-01-27 22:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 20:59 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 20:59 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 20:51 - 2014-01-15 03:40 - 00005482 _____ () C:\Windows\PFRO.log
2014-02-17 20:51 - 2013-10-17 17:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-17 20:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 20:41 - 2014-01-18 22:54 - 00000000 ____D () C:\ProgramData\8f34adb5f3a00093
2014-02-15 15:17 - 2014-02-15 15:15 - 00016476 _____ () C:\Users\Jonas ****\Desktop\Checka.aip
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-SetupFiles
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-cache
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Brurli Corp
2014-02-15 15:11 - 2014-02-15 15:11 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Caphyon
2014-02-15 15:11 - 2014-02-15 15:10 - 00000000 ____D () C:\ProgramData\regid.2003-04.com.caphyon
2014-02-15 15:11 - 2014-02-15 15:10 - 00000000 ____D () C:\ProgramData\Caphyon
2014-02-15 15:10 - 2014-02-15 15:10 - 00001338 _____ () C:\Users\Public\Desktop\Advanced Installer 10.9.1.lnk
2014-02-15 15:10 - 2014-02-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Caphyon
2014-02-15 15:02 - 2014-02-15 15:02 - 00000000 ____D () C:\Program Files (x86)\Myncos
2014-02-15 14:52 - 2014-02-12 12:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\V-Day
2014-02-15 10:38 - 2013-01-27 19:58 - 00000342 _____ () C:\Windows\Tasks\McDefragTask.job
2014-02-14 18:41 - 2013-01-28 04:30 - 00698700 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 18:41 - 2013-01-28 04:30 - 00148944 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 18:41 - 2009-07-14 06:13 - 01618816 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 10:18 - 2014-02-14 10:18 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Final
2014-02-13 20:41 - 2013-09-24 12:54 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Game Dev Tycoon - Steam
2014-02-13 16:07 - 2014-02-13 14:04 - 00000000 ____D () C:\Users\Jonas ****\Documents\DayZ
2014-02-12 18:17 - 2013-08-18 01:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-11 19:26 - 2014-01-21 00:29 - 00000000 ____D () C:\AdwCleaner
2014-02-10 23:14 - 2013-12-04 21:18 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-02-10 20:05 - 2013-04-09 16:56 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\.minecraft
2014-02-05 11:02 - 2013-02-13 23:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 11:01 - 2013-01-29 14:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 11:01 - 2013-01-29 14:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 11:03 - 2013-10-21 00:03 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\NVIDIA
2014-02-04 11:03 - 2013-10-17 17:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-04 11:03 - 2013-02-09 15:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-31 13:19 - 2014-01-31 13:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 13:19 - 2014-01-31 13:19 - 00000000 ____D () C:\ProgramData\fadgadbklejlmilpbompfkilmahdkjje
2014-01-31 13:19 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-31 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-30 08:20 - 2014-01-30 08:20 - 00001565 _____ () C:\Users\Public\Desktop\LastChaosGER.lnk
2014-01-30 08:10 - 2014-01-30 08:10 - 00000118 _____ () C:\Users\Public\Desktop\LastChaos Homepage.url
2014-01-29 09:06 - 2013-02-10 00:38 - 00000288 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2014-01-28 22:30 - 2013-09-10 21:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-28 21:57 - 2013-03-11 08:58 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\PMB Files
2014-01-28 21:57 - 2013-03-11 08:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-01-28 00:11 - 2013-02-02 17:29 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Skyrim
2014-01-23 01:35 - 2014-01-23 01:19 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\ftblauncher
2014-01-23 01:34 - 2014-01-23 01:24 - 00000000 ____D () C:\Users\Jonas ****\FTBRETROSSP
2014-01-23 01:19 - 2014-01-23 01:19 - 00767467 _____ () C:\Users\Jonas ****\Desktop\launcher^FTB_Launcher.exe
2014-01-22 19:01 - 2014-01-22 19:00 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Moni
2014-01-22 15:08 - 2014-01-22 15:08 - 00291720 _____ () C:\Windows\Minidump\012214-30326-01.dmp
2014-01-22 15:08 - 2013-02-11 23:56 - 00000000 ____D () C:\Windows\Minidump
2014-01-22 15:07 - 2014-01-22 15:07 - 393122768 _____ () C:\Windows\MEMORY.DMP
2014-01-21 00:52 - 2013-07-11 12:51 - 00001358 _____ () C:\Users\Jonas ****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-01-21 00:51 - 2014-01-21 00:51 - 00001185 _____ () C:\Users\Jonas ****\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-01-21 00:51 - 2014-01-21 00:51 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-21 00:27 - 2014-01-18 22:53 - 00000000 ____D () C:\ProgramData\InstallMate

Some content of TEMP:
====================
C:\Users\Jonas ****\AppData\Local\Temp\ewynksua.dll
C:\Users\Jonas ****\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Jonas ****\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Jonas ****\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Jonas ****\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Jonas ****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 16:35

==================== End Of Log ============================
Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Jonas **** at 2014-02-20 00:12:32
Running from C:\Users\Jonas ****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x32 Version:  - )
Acer Crystal Eye webcam Ver:1.1.124.1120 (x32 Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (x32 Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (x32 Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (x32 Version: 3.01.0730 - Acer Inc.)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.15.0715 - Acer Incorporated)
Acer Updater (x32 Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (x32 Version: 9.1.0 - Adobe Systems Incorporated)
Advanced Installer 10.9.1 (x32 Version: 10.9.1 - Caphyon)
Amazonia (x32 Version:  - Oberon Media)
Android SDK Tools (x32 Version: 1.16 - Google Inc.)
ANNO 2070 (x32 Version: 1.0.0.0 - Ubisoft)
Assassin's Creed IV Black Flag (x32 Version:  - Ubisoft)
Battle.net (x32 Version:  - Blizzard Entertainment)
Battlefield 3™ (x32 Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.1.7 - EA Digital Illusions CE AB)
Borderlands 2 (x32 Version:  - Gearbox Software)
Broadcom Gigabit NetLink Controller (Version: 12.26.02 - Broadcom Corporation)
Burnout Paradise: The Ultimate Box (x32 Version:  - Criterion Games)
Burnout(TM) Paradise The Ultimate Box (x32 Version: 1.1.0.0 - Electronic Arts)
Call of Duty: Modern Warfare 2 - Multiplayer (x32 Version:  - Infinity Ward)
Canon iP4200 (Version:  - )
CCleaner (Version: 4.09 - Piriform)
Checka (x32 Version: 1.0.0 - Brurli Corp)
Chicken Invaders 2 (x32 Version:  - Oberon Media)
Counter-Strike: Global Offensive (x32 Version:  - Valve)
Counter-Strike: Source (x32 Version:  - Valve)
Cradle of Rome (remove only) (x32 Version:  - )
Crashday (x32 Version: 1 - ATARI)
Crysis 2 Maximum Edition (x32 Version:  - Crytek Studios)
Cube World version 0.0.1 (x32 Version: 0.0.1 - Picroma)
Curse Client (HKCU Version: 5.1.1.792 - Curse)
Dairy Dash (x32 Version:  - Oberon Media)
Dark Souls: Prepare to Die Edition (x32 Version:  - FromSoftware)
DayZ (x32 Version:  - Bohemia Interactive)
Dead Space (x32 Version:  - EA Redwood Shores)
DER HOBBIT  (x32 Version: 1.00.000 - Sierra)
Der Hobbit (x32 Version: 1.00.000 - Sierra) Hidden
Diablo III (x32 Version:  - Blizzard Entertainment)
Die Gilde Gold-Edition (x32 Version: 2.06 - JoWooD Productions Software AG)
Die Schlacht um Mittelerde™ II (x32 Version:  - )
Die Siedler 2 - Die nächste Generation (x32 Version: 1.00.0000 - UBISOFT)
Die Sims™ 3 (x32 Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Late Night (x32 Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (x32 Version: 3.0.38 - Electronic Arts)
Dungeonland (x32 Version:  - )
DUNGEONS Game of the Year edition (x32 Version: 1.3.3.0 - Realmforge Studios GmbH)
Empire Earth II (x32 Version: 1.02 - Sierra)
Empire Earth III (x32 Version: 1.00.0000 - Sierra Entertainment)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
ESO Survey Live version 1.3.0 (x32 Version: 1.3.0 - Immersyve, Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Far Cry 3 (x32 Version: 1.01 - RAF)
Farm Frenzy 2 (x32 Version:  - Oberon Media)
First Class Flurry (x32 Version:  - Oberon Media)
Fraps (remove only) (x32 Version:  - )
Free Studio version 2013 (x32 Version: 6.1.1.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.13.925 (x32 Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Full Mojo Rampage (x32 Version:  - Over the Top Games)
Game Dev Tycoon (x32 Version:  - Greenheart Games)
GameMaker-Studio 1.1 (HKCU Version:  - YoYo Games Ltd.)
Garry's Mod (x32 Version:  - Garry)
God Mode (x32 Version:  - Old School Games)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Granny In Paradise (x32 Version:  - Oberon Media)
GS Supporter 1.80 (x32 Version:  - Verified Publisher) <==== ATTENTION
Gtk# for .Net 2.12.22 (x32 Version: 2.12.22 - Xamarin, Inc.)
Hammerwatch (x32 Version:  - )
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.55 - Conexant Systems)
Hearthstone (x32 Version:  - Blizzard Entertainment)
Heroes of Hellas (x32 Version:  - Oberon Media)
Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0 - Hi-Rez Studios)
Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
Java 7 Update 13 (64-bit) (Version: 7.0.130 - Oracle)
Java 7 Update 17 (x32 Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 13 (64-bit) (Version: 1.7.0.130 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450 - Oracle)
Java(TM) 6 Update 39 (x32 Version: 6.0.390 - Oracle)
Java(TM) SE Development Kit 6 Update 39 (x32 Version: 1.6.0.390 - Oracle)
LastChaosGER (x32 Version: 1.00.000 - Barunsongames CO., LTD.)
Lazarus 1.0.14 (Version: 1.0.14 - Lazarus Team)
League of Legends (x32 Version: 1.3 - Riot Games)
Left 4 Dead 2 (x32 Version:  - Valve)
LEGO® Star Wars™: Die Komplette Saga (x32 Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Magic 2014  (x32 Version:  - Stainless Games)
Magic Online (x32 Version: 3.00.0000 - Wizards of the Coast)
Magicka (x32 Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
ManiaPlanet (x32 Version:  - Nadeo)
Marvel Puzzle Quest: Dark Reign (x32 Version:  - )
Merriam Websters Spell Jam (x32 Version:  - Oberon Media)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Mirror's Edge (x32 Version:  - DICE)
Mozilla Maintenance Service (x32 Version: 24.0a1 - Mozilla)
MSIBuilder (x32 Version: 2.0.25 - Myncos)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
Neverwinter (x32 Version:  - Cryptic Studios)
Nexus Mod Manager (Version: 0.45.7 - Black Tree Gaming)
Nightly 24.0a1 (x86 en-US) (x32 Version: 24.0a1 - Mozilla)
Norton Online Backup (x32 Version: 1.2.0.36 - Symantec)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (x32 Version: 8.80.1001 - Nuvoton Technology Corporation)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
Origin (x32 Version: 9.3.1.4482 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
Populous (x32 Version: 1.0.0.0 - Electronic Arts)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Razer Game Booster (x32 Version: 4.1.59.0 - Razer Inc.)
Realm of the Mad God (x32 Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Rome - Total War - Gold Edition (x32 Version: 1.6 - The Creative Assembly)
Saints Row: The Third (x32 Version:  - Volition)
Security Task Manager 1.8g (x32 Version: 1.8g - Neuber Software)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Smite (x32 Version: 0.1.1970.1 - Hi-Rez Studios)
SPORE™ (x32 Version: 1.00.0000 - Electronic Arts)
Starbound (x32 Version:  - )
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 14.0.6.0 - Synaptics Incorporated)
The Elder Scrolls Online Beta (x32 Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
The Lord of the Rings, The Rise of the Witch-king (x32 Version:  - )
The Mighty Quest For Epic Loot Version 1.213647 (x32 Version: 1.213647 - )
The Ship (x32 Version:  - Outerlight Ltd.)
Titan Quest (x32 Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (x32 Version: 1.00.0000 - Iron Lore)
Tukui Client (x32 Version: 2.2.7 - Tukui)
Tukui Client (x32 Version: 2.4.3 - Tukui)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Welcome Center (x32 Version: 1.00.3008 - Acer Incorporated)
WIDCOMM Bluetooth Software (Version: 6.2.1.800 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 17.0 (Version: 17.0.10381 - WinZip Computing, S.L. )
World of Warcraft Public Test (x32 Version:  - Blizzard Entertainment)
Xamarin Studio 4.2.1 (x32 Version: 4.2.1.1 - Xamarin)
Xamarin Universal Installer (x32 Version: 3.5.0.0 - Xamarin, Inc)
Xamarin.Android (x32 Version: 4.10.01073 - Xamarin)

==================== Restore Points  =========================

11-02-2014 15:34:04 Geplanter Prüfpunkt
15-02-2014 13:59:49 Installed MakeMsi
15-02-2014 14:01:36 Installed MSIBuilder
15-02-2014 14:10:16 Installed Advanced Installer 10.9.1
15-02-2014 14:15:48 Installed Checka

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-17 20:51 - 00275513 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {013C3038-8A02-4174-8A37-A57F24A8E73C} - System32\Tasks\{E5B1A35F-A8F3-45B6-8806-434B514229DA} => C:\Program Files (x86)\Electronic Arts\SPORE\Sporebin\SporeApp.exe [2013-06-11] (Maxis, a division of Electronic Arts Inc.)
Task: {09192B45-44D7-4B1B-9B18-630AC481C89F} - System32\Tasks\{29F839E4-33DF-4109-AAF9-412E1649A26D} => C:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\lotrbfme2ep1.exe
Task: {23171E91-D827-4821-9EC1-045DD617E206} - System32\Tasks\McDefragTask => c:\PROGRA~2\mcafee\mqc\QcConsol.exe
Task: {3AA5CD9D-A790-4251-A4AB-F99E542DCDF6} - System32\Tasks\{712462F2-2B76-487E-AA30-8664F5E0F75D} => C:\Program Files (x86)\JoWooD\Die Gilde Gold-Edition\GildeGold.exe [2003-10-01] ()
Task: {77B0A6DD-E1F4-4288-911A-3C28CFF80787} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {7EFEF390-C001-47DE-958C-C3920CDC4ED9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: {84CE8ECC-A07D-4033-8D63-B3654E39B67A} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {8652A68D-6731-45F0-A9FC-DC0315BC819E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {91C3DCBF-EFB1-4B0F-A29E-0BA72D7E5978} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {AB35E9E2-9796-4303-B786-78E28F1D12EC} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {C7108F67-873A-42F9-9DFF-93C687732692} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {DE99F44E-1B16-4DBF-83AC-146DC8A086BD} - \BrowserDefendert No Task File
Task: {E0E9BA27-4188-4796-A74C-B3173D9A0A2D} - System32\Tasks\GS.Enabler-S-1824435291 => c:\programdata\house of soft\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: {F1CAD3DA-F27C-49F5-AF56-31311D5DDD6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GS.Enabler-S-1824435291.job => c:\programdata\house of soft\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe

==================== Loaded Modules (whitelisted) =============

2013-10-17 17:13 - 2013-09-12 08:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-18 22:54 - 2014-01-18 22:54 - 02759168 _____ () C:\Program Files (x86)\GS Supporter\Assistant_x64.dll
2013-03-14 10:46 - 2013-12-23 20:29 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-18 22:54 - 2014-01-18 22:54 - 03041792 _____ () C:\Program Files (x86)\GS Supporter\Assistant.dll
2014-01-18 22:54 - 2014-01-18 22:54 - 00146768 _____ () C:\Program Files (x86)\GS Supporter\AssistantSvc.dll
2013-01-28 18:44 - 2012-07-30 15:13 - 00025600 _____ () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\imageformats\_old_qgif4.dll
2013-01-28 18:44 - 2012-07-30 15:13 - 00195584 _____ () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\imageformats\_old_qjpeg4.dll
2013-01-28 18:44 - 2013-10-24 16:42 - 00230376 _____ () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2013-01-28 18:44 - 2013-10-24 16:42 - 00237032 _____ () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2013-01-28 18:44 - 2013-10-24 16:42 - 00431080 _____ () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-09 17:01 - 2013-10-24 16:42 - 00555496 _____ () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-01-29 18:55 - 2014-01-23 06:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-29 18:55 - 2014-01-23 06:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-29 18:55 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-29 18:55 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-29 18:55 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-01-29 18:55 - 2014-01-23 06:56 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:E3C56885

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2014 09:54:19 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/17/2014 08:41:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: R2EDZw.exe, Version: 2.7.0.1669, Zeitstempel: 0x52e9c9e8
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00036fa8
ID des fehlerhaften Prozesses: 0x16f8
Startzeit der fehlerhaften Anwendung: 0xR2EDZw.exe0
Pfad der fehlerhaften Anwendung: R2EDZw.exe1
Pfad des fehlerhaften Moduls: R2EDZw.exe2
Berichtskennung: R2EDZw.exe3

Error: (02/16/2014 00:17:06 AM) (Source: Application Hang) (User: )
Description: Programm WoW-64.exe, Version 5.4.2.17688 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1118

Startzeit: 01cf2aa3f6069aa8

Endzeit: 23

Anwendungspfad: C:\World of Warcraft\WoW-64.exe

Berichts-ID: 4480c0fe-9697-11e3-94e1-00262d69747a

Error: (02/12/2014 10:31:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 4.2.0.2718, Zeitstempel: 0x52f5b14e
Name des fehlerhaften Moduls: League of Legends.exe, Version: 4.2.0.2718, Zeitstempel: 0x52f5b14e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00431e00
ID des fehlerhaften Prozesses: 0xbf0
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (02/12/2014 04:34:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: clr.exe, Version: 4.3.3.30826, Zeitstempel: 0x52cd4305
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0xbf8
Startzeit der fehlerhaften Anwendung: 0xclr.exe0
Pfad der fehlerhaften Anwendung: clr.exe1
Pfad des fehlerhaften Moduls: clr.exe2
Berichtskennung: clr.exe3

Error: (02/12/2014 03:17:12 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Volume "ACER (C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)

Error: (02/12/2014 02:36:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/12/2014 02:31:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/11/2014 07:25:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 4.2.0.2718, Zeitstempel: 0x52f5b14e
Name des fehlerhaften Moduls: League of Legends.exe, Version: 4.2.0.2718, Zeitstempel: 0x52f5b14e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00431e00
ID des fehlerhaften Prozesses: 0x1698
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (02/11/2014 04:29:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (02/17/2014 08:52:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/17/2014 08:52:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (02/14/2014 09:14:51 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (02/11/2014 07:29:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2014 07:29:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (02/11/2014 00:42:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/11/2014 00:42:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (02/11/2014 11:42:04 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (02/03/2014 06:46:51 PM) (Source: DCOM) (User: )
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}

Error: (02/03/2014 11:56:41 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 4090.93 MB
Available physical RAM: 2409.95 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 5957.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:584.35 GB) (Free:116.93 GB) NTFS
Drive e: (ROMETWGOLD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 8D938D93)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gmer.txt:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-20 00:54:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\JONASG~1\AppData\Local\Temp\awrcikob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                  fffff800033b5000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592                                                                  fffff800033b5040 1 byte [01]

---- User code sections - GMER 2.1 ----

.text    C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\ts3client_win32.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  00000000761e1465 2 bytes [1E, 76]
.text    C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\ts3client_win32.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000761e14bb 2 bytes [1E, 76]
.text    ...                                                                                                                                * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\AUDIODG.EXE [4092:4308]                                                                                        000000006cf28604
Thread    C:\Windows\system32\AUDIODG.EXE [4092:3204]                                                                                        000000006cf28784
Thread    C:\Windows\system32\AUDIODG.EXE [4092:3852]                                                                                        000000006cf3684c
Thread    C:\Windows\system32\AUDIODG.EXE [4092:4696]                                                                                        000000006cf369b0
Thread    C:\Windows\system32\AUDIODG.EXE [4092:3324]                                                                                        000000006cf40620

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b1fd71                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                    7832
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                    5373
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b1fd71 (not active ControlSet)                                   

---- EOF - GMER 2.1 ----
Ein Kollege mit einem ähnlichen Probleme hatte mir noch das Mbar von Malwarebytes empfohlen, hier die Logs:
mbar-log-2014-02-18 (20-58-18).txt:
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jonas **** :: JONAS****-PC [administrator]

18.02.2014 20:58:18
mbar-log-2014-02-18 (20-58-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 252963
Time elapsed: 55 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
system-log.txt:
Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4289650688, free: 2440183808

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4289650688, free: 2547056640

Downloaded database version: v2014.02.18.07
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
    02/18/2014 20:58:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Mpfp.sys
\SystemRoot\System32\Drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\nuvotonhidgeneric.sys
\SystemRoot\system32\DRIVERS\hidshim.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\CAXHWAZL.sys
\SystemRoot\system32\DRIVERS\CAX_DPV.sys
\SystemRoot\system32\DRIVERS\CAX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c6a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004745050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c6a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c69400, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c6a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004745050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8D938D93

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 24576000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 24578048  Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24782848  Numsec = 1225476784

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Infected file C:\Users\Jonas ****\AppData\Local\Temp\is357113909\38538214_stp\wajam_validate.exe could not be remediated because backup file is not available
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-24578048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished
Malwarebytes Anti-Malware habe ich auch Scannen lassen, allerdings ohne Funde.

Vielen Dank im Voraus für ihre Hilfe :)

schrauber 20.02.2014 09:20
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Necros 20.02.2014 09:51
Danke für die schnelle Antwort, hier das Combofix-Log
Code:
ComboFix 14-02-19.01 - Jonas **** 20.02.2014  9:31.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2160 [GMT 1:00]
ausgeführt von:: c:\users\Jonas ****\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\ESO Survey Live\ESOSurveyLive.exe
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\a_a2.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\a_a2.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\a_a2.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epfflkmclhdfgibcmofagfgpmegidbce\2.7\manifest.json
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje\2.3_0\background.html
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje\2.3_0\content.js
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje\2.3_0\lsdb.js
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje\2.3_0\manifest.json
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje\2.3_0\Nrxbo9Cn.js
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fadgadbklejlmilpbompfkilmahdkjje_0.localstorage-journal
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fadgadbklejlmilpbompfkilmahdkjje_0.localstorage
c:\users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\evhlry@wvjuua-.net
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\evhlry@wvjuua-.net\bootstrap.js
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\evhlry@wvjuua-.net\chrome.manifest
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\evhlry@wvjuua-.net\content\bg.js
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\evhlry@wvjuua-.net\install.rdf
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\gqqzqmroio@rtfya.edu
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\gqqzqmroio@rtfya.edu\bootstrap.js
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\gqqzqmroio@rtfya.edu\chrome.manifest
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\gqqzqmroio@rtfya.edu\content\bg.js
c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\extensions\staged\gqqzqmroio@rtfya.edu\install.rdf
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-01-20 bis 2014-02-20  ))))))))))))))))))))))))))))))
.
.
2014-02-20 08:42 . 2014-02-20 08:42        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-02-19 23:10 . 2014-02-19 23:13        --------        d-----w-        C:\FRST
2014-02-18 19:58 . 2014-02-18 20:55        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-18 19:58 . 2014-02-18 19:58        119000        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-18 19:57 . 2014-02-18 19:57        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-02-15 14:15 . 2014-02-15 14:15        --------        d-----w-        c:\program files (x86)\Brurli Corp
2014-02-15 14:11 . 2014-02-15 14:11        --------        d-----w-        c:\users\Jonas ****\AppData\Roaming\Caphyon
2014-02-15 14:10 . 2014-02-15 14:11        --------        d-----w-        c:\programdata\regid.2003-04.com.caphyon
2014-02-15 14:10 . 2014-02-15 14:10        --------        d-----w-        c:\program files (x86)\Caphyon
2014-02-15 14:10 . 2014-02-15 14:11        --------        d-----w-        c:\programdata\Caphyon
2014-02-15 14:02 . 2014-02-15 14:02        --------        d-----w-        c:\program files (x86)\Myncos
2014-02-13 13:06 . 2014-02-13 13:06        --------        d-----w-        c:\program files (x86)\Common Files\BattlEye
2014-02-13 13:04 . 2014-02-19 14:52        --------        d-----w-        c:\users\Jonas ****\AppData\Local\DayZ
2014-01-31 12:19 . 2014-01-31 12:19        --------        d-----w-        c:\programdata\fadgadbklejlmilpbompfkilmahdkjje
2014-01-23 00:24 . 2014-01-23 00:34        --------        d-----w-        c:\users\Jonas ****\FTBRETROSSP
2014-01-23 00:19 . 2014-01-23 00:35        --------        d-----w-        c:\users\Jonas ****\AppData\Roaming\ftblauncher
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-12 13:30 . 2014-01-15 02:38        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8E75326-60E8-40E8-B093-956635445471}\offreg.dll
2014-02-05 10:01 . 2013-01-29 13:57        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 10:01 . 2013-01-29 13:57        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-05 06:27 . 2014-01-05 06:27        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-01-05 06:27 . 2014-01-05 06:27        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2014-01-05 06:27 . 2014-01-05 06:27        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2014-01-05 06:27 . 2014-01-05 06:27        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2014-01-05 06:27 . 2014-01-05 06:27        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2014-01-05 06:27 . 2014-01-05 06:27        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2014-01-05 06:27 . 2014-01-05 06:27        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2014-01-05 06:27 . 2014-01-05 06:27        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-01-05 06:27 . 2014-01-05 06:27        81408        ----a-w-        c:\windows\system32\icardie.dll
2014-01-05 06:27 . 2014-01-05 06:27        774144        ----a-w-        c:\windows\system32\jscript.dll
2014-01-05 06:27 . 2014-01-05 06:27        77312        ----a-w-        c:\windows\system32\tdc.ocx
2014-01-05 06:27 . 2014-01-05 06:27        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-05 06:27 . 2014-01-05 06:27        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-05 06:27 . 2014-01-05 06:27        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2014-01-05 06:27 . 2014-01-05 06:27        626176        ----a-w-        c:\windows\system32\msfeeds.dll
2014-01-05 06:27 . 2014-01-05 06:27        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2014-01-05 06:27 . 2014-01-05 06:27        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2014-01-05 06:27 . 2014-01-05 06:27        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-01-05 06:27 . 2014-01-05 06:27        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-01-05 06:27 . 2014-01-05 06:27        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2014-01-05 06:27 . 2014-01-05 06:27        548352        ----a-w-        c:\windows\system32\vbscript.dll
2014-01-05 06:27 . 2014-01-05 06:27        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2014-01-05 06:27 . 2014-01-05 06:27        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-01-05 06:27 . 2014-01-05 06:27        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2014-01-05 06:27 . 2014-01-05 06:27        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2014-01-05 06:27 . 2014-01-05 06:27        48128        ----a-w-        c:\windows\system32\imgutil.dll
2014-01-05 06:27 . 2014-01-05 06:27        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-01-05 06:27 . 2014-01-05 06:27        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-01-05 06:27 . 2014-01-05 06:27        413696        ----a-w-        c:\windows\system32\html.iec
2014-01-05 06:27 . 2014-01-05 06:27        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-05 06:27 . 2014-01-05 06:27        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2014-01-05 06:27 . 2014-01-05 06:27        34816        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-05 06:27 . 2014-01-05 06:27        337408        ----a-w-        c:\windows\SysWow64\html.iec
2014-01-05 06:27 . 2014-01-05 06:27        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2014-01-05 06:27 . 2014-01-05 06:27        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2014-01-05 06:27 . 2014-01-05 06:27        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-01-05 06:27 . 2014-01-05 06:27        247808        ----a-w-        c:\windows\system32\msls31.dll
2014-01-05 06:27 . 2014-01-05 06:27        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2014-01-05 06:27 . 2014-01-05 06:27        243200        ----a-w-        c:\windows\system32\webcheck.dll
2014-01-05 06:27 . 2014-01-05 06:27        235520        ----a-w-        c:\windows\system32\url.dll
2014-01-05 06:27 . 2014-01-05 06:27        235008        ----a-w-        c:\windows\system32\elshyph.dll
2014-01-05 06:27 . 2014-01-05 06:27        195584        ----a-w-        c:\windows\system32\msrating.dll
2014-01-05 06:27 . 2014-01-05 06:27        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2014-01-05 06:27 . 2014-01-05 06:27        167424        ----a-w-        c:\windows\system32\iexpress.exe
2014-01-05 06:27 . 2014-01-05 06:27        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2014-01-05 06:27 . 2014-01-05 06:27        147968        ----a-w-        c:\windows\system32\occache.dll
2014-01-05 06:27 . 2014-01-05 06:27        143872        ----a-w-        c:\windows\system32\wextract.exe
2014-01-05 06:27 . 2014-01-05 06:27        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2014-01-05 06:27 . 2014-01-05 06:27        13824        ----a-w-        c:\windows\system32\mshta.exe
2014-01-05 06:27 . 2014-01-05 06:27        135680        ----a-w-        c:\windows\system32\iepeers.dll
2014-01-05 06:27 . 2014-01-05 06:27        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2014-01-05 06:27 . 2014-01-05 06:27        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2014-01-05 06:27 . 2014-01-05 06:27        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2014-01-05 06:27 . 2014-01-05 06:27        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-01-05 06:27 . 2014-01-05 06:27        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-01-05 06:27 . 2014-01-05 06:27        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2014-01-05 06:27 . 2014-01-05 06:27        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2014-01-05 06:27 . 2014-01-05 06:27        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-01-05 06:27 . 2014-01-05 06:27        101376        ----a-w-        c:\windows\system32\inseng.dll
2014-01-05 06:26 . 2014-01-05 06:26        878080        ----a-w-        c:\windows\system32\advapi32.dll
2014-01-05 06:26 . 2014-01-05 06:26        859648        ----a-w-        c:\windows\system32\tdh.dll
2014-01-05 06:26 . 2014-01-05 06:26        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2014-01-05 06:26 . 2014-01-05 06:26        640512        ----a-w-        c:\windows\SysWow64\advapi32.dll
2014-01-05 06:26 . 2014-01-05 06:26        5549504        ----a-w-        c:\windows\system32\ntoskrnl.exe
2014-01-05 06:26 . 2014-01-05 06:26        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2014-01-05 06:26 . 2014-01-05 06:26        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-01-05 06:26 . 2014-01-05 06:26        3969472        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2014-01-05 06:26 . 2014-01-05 06:26        3914176        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2014-01-05 06:26 . 2014-01-05 06:26        362496        ----a-w-        c:\windows\system32\wow64win.dll
2014-01-05 06:26 . 2014-01-05 06:26        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2014-01-05 06:26 . 2014-01-05 06:26        243712        ----a-w-        c:\windows\system32\wow64.dll
2014-01-05 06:26 . 2014-01-05 06:26        2048        ----a-w-        c:\windows\SysWow64\user.exe
2014-01-05 06:26 . 2014-01-05 06:26        1732032        ----a-w-        c:\windows\system32\ntdll.dll
2014-01-05 06:26 . 2014-01-05 06:26        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2014-01-05 06:26 . 2014-01-05 06:26        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2014-01-05 06:26 . 2014-01-05 06:26        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2014-01-05 06:26 . 2014-01-05 06:26        619520        ----a-w-        c:\windows\SysWow64\tdh.dll
2014-01-05 06:26 . 2014-01-05 06:26        1292192        ----a-w-        c:\windows\SysWow64\ntdll.dll
2014-01-05 06:25 . 2014-01-05 06:25        327168        ----a-w-        c:\windows\system32\mswsock.dll
2014-01-05 06:25 . 2014-01-05 06:25        231424        ----a-w-        c:\windows\SysWow64\mswsock.dll
2014-01-05 06:25 . 2014-01-05 06:25        1903552        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2014-01-04 06:12 . 2014-01-04 06:12        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2014-01-04 06:12 . 2014-01-04 06:12        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2014-01-04 06:12 . 2014-01-04 06:12        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-04 06:12 . 2014-01-04 06:12        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2014-01-04 06:12 . 2014-01-04 06:12        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2014-01-04 06:12 . 2014-01-04 06:12        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2014-01-04 06:12 . 2014-01-04 06:12        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2014-01-04 06:12 . 2014-01-04 06:12        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-11 1824000]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-01-20 302961]
.
c:\users\Jonas ****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-2-26 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 e9f32388;GS Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys;c:\windows\SYSNATIVE\DRIVERS\hidshim.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotonhidgeneric.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AWRCIKOB
*Deregistered* - awrcikob
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 17:52        1211672        ----a-w-        c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 10:01]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27 21:30]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27 21:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2013-01-27 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - c:\program files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ESO Survey Live.lnk - c:\program files (x86)\ESO Survey Live\ESOSurveyLive.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - c:\program files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Uplay Install 273 - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe ****\UninstalString2.txt
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files (x86)\Electronic Arts\The Lord of the Rings
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2407130220-617045063-1494062072-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:44,42,99,a0,c4,c7,2e,16,68,6c,53,22,5a,38,0e,19,02,1e,5f,e4,38,ce,da,
  81,03,3b,78,83,89,95,33,89,17,93,cf,3f,c5,46,b5,2f,00,f2,2c,aa,6b,21,41,58,\
"??"=hex:86,fd,76,61,cd,76,64,d0,18,0b,81,20,6c,7d,1b,bc
.
[HKEY_USERS\S-1-5-21-2407130220-617045063-1494062072-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,1f,44,8e,54,3b,00,ab,7e,a3,47,79,e1,5d,5b,df,7c,84,66,d4,2b,
  46,ce,de,df,c2,e1,86,11,36,96,0c,bf,58,11,3e,0d,48,1f,be,27,f8,5d,5f,63,9f,\
"rkeysecu"=hex:c8,88,4a,2e,78,6b,0b,ed,72,16,87,49,31,a4,b7,66
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-20  09:45:56
ComboFix-quarantined-files.txt  2014-02-20 08:45
.
Vor Suchlauf: 29 Verzeichnis(se), 136.365.989.888 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 135.839.436.800 Bytes frei
.
- - End Of File - - B426FD1F9E628A3EA02D8AE1E1088301
5C616939100B85E558DA92B899A0FC36

schrauber 20.02.2014 14:46
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Necros 20.02.2014 21:09
So, hier das Log von Anti-Malware:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jonas **** :: JONAS****-PC [Administrator]

20.02.2014 16:38:37
mbam-log-2014-02-20 (16-38-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 747920
Laufzeit: 3 Stunde(n), 10 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jonas ****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI6RM3FV\agent2[1].exe (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jonas ****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI6RM3FV\FA[1].exe (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Hier der Log vom JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jonas **** on 20.02.2014 at 20:39:47,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2407130220-617045063-1494062072-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jonas ****\AppData\Roaming\dll-files.com"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2014 at 20:50:21,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und das Log von AdwCleaner:

Code:
# AdwCleaner v3.019 - Bericht erstellt am 20/02/2014 um 20:54:34
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Jonas **** - JONAS****-PC
# Gestartet von : C:\Users\Jonas ****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\House Of Soft
Datei Gelöscht : C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage
Datei Gelöscht : C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage-journal

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\caphyon
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\caphyon

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ Datei : C:\Users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\prefs.js ]


-\\ Google Chrome v32.0.1700.102

[ Datei : C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3902 octets] - [21/01/2014 00:29:45]
AdwCleaner[R1].txt - [3763 octets] - [21/01/2014 00:40:44]
AdwCleaner[R2].txt - [1537 octets] - [21/01/2014 03:27:05]
AdwCleaner[R3].txt - [1824 octets] - [11/02/2014 19:02:15]
AdwCleaner[R4].txt - [2470 octets] - [20/02/2014 20:53:37]
AdwCleaner[S0].txt - [3433 octets] - [21/01/2014 00:32:53]
AdwCleaner[S1].txt - [3078 octets] - [21/01/2014 00:44:57]
AdwCleaner[S2].txt - [1454 octets] - [21/01/2014 03:29:10]
AdwCleaner[S3].txt - [1741 octets] - [11/02/2014 19:25:32]
AdwCleaner[S4].txt - [2335 octets] - [20/02/2014 20:54:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2395 octets] ##########
Und die FRST-log noch :

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Jonas **** (administrator) on JONAS****-PC on 20-02-2014 21:05:20
Running from C:\Users\Jonas ****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(TeamSpeak Systems GmbH) C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client\ts3client_win32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2013-01-27] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-01-21] ()
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1822400 2014-02-20] (Valve Corporation)
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\Jonas ****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE520DE520
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jonas ****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: BalancedWorlds.com/WebLauncher - C:\Users\Jonas ****\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: No Name - C:\Users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\Extensions\staged [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-20]
CHR Extension: (YouTube) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-20]
CHR Extension: (Google-Suche) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-20]
CHR Extension: (UTuberAdBlockeR) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-13] ()
S2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [146768 2014-01-18] ()
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-21] ()
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4276136 2013-04-04] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-23] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2009-07-21] (Windows (R) Win 7 DDK provider)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [25088 2009-07-21] (Nuvoton Technology Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 21:04 - 2014-02-20 21:04 - 00000000 ____D () C:\Users\Jonas ****\Downloads\FRST-OlderVersion
2014-02-20 21:03 - 2013-02-26 19:58 - 00000318 _____ () C:\Users\Jonas ****\Desktop\Curse Client.appref-ms
2014-02-20 20:50 - 2014-02-20 20:50 - 00000907 _____ () C:\Users\Jonas ****\Desktop\JRT.txt
2014-02-20 20:39 - 2014-02-20 20:39 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 16:53 - 2014-02-20 16:53 - 01037734 _____ (Thisisu) C:\Users\Jonas ****\Downloads\JRT.exe
2014-02-20 16:53 - 2014-02-20 16:53 - 01037734 _____ (Thisisu) C:\Users\Jonas ****\Desktop\JRT.exe
2014-02-20 16:52 - 2014-02-20 16:52 - 01241834 _____ () C:\Users\Jonas ****\Downloads\adwcleaner.exe
2014-02-20 16:52 - 2014-02-20 16:52 - 01241834 _____ () C:\Users\Jonas ****\Desktop\adwcleaner.exe
2014-02-20 09:45 - 2014-02-20 09:45 - 00032737 _____ () C:\ComboFix.txt
2014-02-20 09:28 - 2014-02-20 09:46 - 00000000 ____D () C:\Qoobox
2014-02-20 09:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-20 09:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-20 09:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-20 09:27 - 2014-02-20 09:43 - 00000000 ____D () C:\Windows\erdnt
2014-02-20 09:24 - 2014-02-20 09:25 - 05183254 ____R (Swearware) C:\Users\Jonas ****\Desktop\ComboFix.exe
2014-02-20 00:23 - 2014-02-20 00:23 - 00380416 _____ () C:\Users\Jonas ****\Downloads\Gmer-19357.exe
2014-02-20 00:12 - 2014-02-20 00:13 - 00031723 _____ () C:\Users\Jonas ****\Downloads\Addition.txt
2014-02-20 00:11 - 2014-02-20 21:05 - 00014830 _____ () C:\Users\Jonas ****\Downloads\FRST.txt
2014-02-20 00:10 - 2014-02-20 21:05 - 00000000 ____D () C:\FRST
2014-02-20 00:09 - 2014-02-20 21:04 - 02153984 _____ (Farbar) C:\Users\Jonas ****\Downloads\FRST64.exe
2014-02-20 00:08 - 2014-02-20 20:53 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Trojaner
2014-02-20 00:06 - 2014-02-20 00:06 - 00050477 _____ () C:\Users\Jonas ****\Downloads\Defogger.exe
2014-02-20 00:06 - 2014-02-20 00:06 - 00000484 _____ () C:\Users\Jonas ****\Downloads\defogger_disable.log
2014-02-20 00:06 - 2014-02-20 00:06 - 00000000 _____ () C:\Users\Jonas ****\defogger_reenable
2014-02-18 20:58 - 2014-02-18 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 20:57 - 2014-02-18 20:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-18 20:55 - 2014-02-18 21:55 - 00000000 ____D () C:\Users\Jonas ****\Desktop\mbar
2014-02-18 20:54 - 2014-02-18 20:55 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Jonas ****\Downloads\mbar-1.07.0.1009.exe
2014-02-15 15:15 - 2014-02-15 15:17 - 00016476 _____ () C:\Users\Jonas ****\Desktop\Checka.aip
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-SetupFiles
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-cache
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Brurli Corp
2014-02-15 15:11 - 2014-02-15 15:11 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Caphyon
2014-02-15 15:10 - 2014-02-15 15:11 - 00000000 ____D () C:\ProgramData\regid.2003-04.com.caphyon
2014-02-15 15:10 - 2014-02-15 15:11 - 00000000 ____D () C:\ProgramData\Caphyon
2014-02-15 15:10 - 2014-02-15 15:10 - 00001338 _____ () C:\Users\Public\Desktop\Advanced Installer 10.9.1.lnk
2014-02-15 15:10 - 2014-02-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Caphyon
2014-02-15 15:02 - 2014-02-15 15:02 - 00000000 ____D () C:\Program Files (x86)\Myncos
2014-02-14 10:18 - 2014-02-14 10:18 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Final
2014-02-13 14:04 - 2014-02-19 15:52 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\DayZ
2014-02-13 14:04 - 2014-02-13 16:07 - 00000000 ____D () C:\Users\Jonas ****\Documents\DayZ
2014-02-12 12:15 - 2014-02-15 14:52 - 00000000 ____D () C:\Users\Jonas ****\Desktop\V-Day
2014-01-31 13:19 - 2014-01-31 13:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 13:19 - 2014-01-31 13:19 - 00000000 ____D () C:\ProgramData\fadgadbklejlmilpbompfkilmahdkjje
2014-01-30 08:20 - 2014-01-30 08:20 - 00001565 _____ () C:\Users\Public\Desktop\LastChaosGER.lnk
2014-01-30 08:10 - 2014-01-30 08:10 - 00000118 _____ () C:\Users\Public\Desktop\LastChaos Homepage.url
2014-01-23 01:24 - 2014-01-23 01:34 - 00000000 ____D () C:\Users\Jonas ****\FTBRETROSSP
2014-01-23 01:19 - 2014-01-23 01:35 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\ftblauncher
2014-01-23 01:19 - 2014-01-23 01:19 - 00767467 _____ () C:\Users\Jonas ****\Desktop\launcher^FTB_Launcher.exe
2014-01-22 19:00 - 2014-01-22 19:01 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Moni
2014-01-22 15:08 - 2014-01-22 15:08 - 00291720 _____ () C:\Windows\Minidump\012214-30326-01.dmp
2014-01-22 15:07 - 2014-01-22 15:07 - 393122768 _____ () C:\Windows\MEMORY.DMP
2014-01-21 00:51 - 2014-01-21 00:51 - 00001185 _____ () C:\Users\Jonas ****\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-01-21 00:51 - 2014-01-21 00:51 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-21 00:29 - 2014-02-20 20:54 - 00000000 ____D () C:\AdwCleaner

==================== One Month Modified Files and Folders =======

2014-02-20 21:06 - 2014-02-20 00:11 - 00014830 _____ () C:\Users\Jonas ****\Downloads\FRST.txt
2014-02-20 21:05 - 2014-02-20 00:10 - 00000000 ____D () C:\FRST
2014-02-20 21:04 - 2014-02-20 21:04 - 00000000 ____D () C:\Users\Jonas ****\Downloads\FRST-OlderVersion
2014-02-20 21:04 - 2014-02-20 00:09 - 02153984 _____ (Farbar) C:\Users\Jonas ****\Downloads\FRST64.exe
2014-02-20 21:04 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 21:04 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 21:03 - 2013-02-26 19:57 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Deployment
2014-02-20 21:01 - 2013-01-29 21:51 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Skype
2014-02-20 20:58 - 2013-01-29 15:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-20 20:57 - 2014-01-15 03:41 - 00005073 _____ () C:\Windows\setupact.log
2014-02-20 20:56 - 2014-01-15 03:40 - 00007092 _____ () C:\Windows\PFRO.log
2014-02-20 20:56 - 2013-10-17 17:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-20 20:56 - 2013-01-27 22:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 20:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 20:55 - 2013-12-29 15:58 - 01353842 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 20:55 - 2013-01-27 19:57 - 00000000 ____D () C:\Users\Jonas ****
2014-02-20 20:54 - 2014-01-21 00:29 - 00000000 ____D () C:\AdwCleaner
2014-02-20 20:53 - 2014-02-20 00:08 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Trojaner
2014-02-20 20:50 - 2014-02-20 20:50 - 00000907 _____ () C:\Users\Jonas ****\Desktop\JRT.txt
2014-02-20 20:49 - 2013-01-27 22:30 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-20 20:39 - 2014-02-20 20:39 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 20:26 - 2013-02-13 23:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-20 20:12 - 2013-08-18 01:22 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Battle.net
2014-02-20 16:53 - 2014-02-20 16:53 - 01037734 _____ (Thisisu) C:\Users\Jonas ****\Downloads\JRT.exe
2014-02-20 16:53 - 2014-02-20 16:53 - 01037734 _____ (Thisisu) C:\Users\Jonas ****\Desktop\JRT.exe
2014-02-20 16:52 - 2014-02-20 16:52 - 01241834 _____ () C:\Users\Jonas ****\Downloads\adwcleaner.exe
2014-02-20 16:52 - 2014-02-20 16:52 - 01241834 _____ () C:\Users\Jonas ****\Desktop\adwcleaner.exe
2014-02-20 09:46 - 2014-02-20 09:28 - 00000000 ____D () C:\Qoobox
2014-02-20 09:46 - 2013-02-26 19:57 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Apps\2.0
2014-02-20 09:45 - 2014-02-20 09:45 - 00032737 _____ () C:\ComboFix.txt
2014-02-20 09:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-20 09:43 - 2014-02-20 09:27 - 00000000 ____D () C:\Windows\erdnt
2014-02-20 09:42 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-20 09:41 - 2014-01-09 17:41 - 00000000 ____D () C:\Program Files (x86)\ESO Survey Live
2014-02-20 09:25 - 2014-02-20 09:24 - 05183254 ____R (Swearware) C:\Users\Jonas ****\Desktop\ComboFix.exe
2014-02-20 00:23 - 2014-02-20 00:23 - 00380416 _____ () C:\Users\Jonas ****\Downloads\Gmer-19357.exe
2014-02-20 00:13 - 2014-02-20 00:12 - 00031723 _____ () C:\Users\Jonas ****\Downloads\Addition.txt
2014-02-20 00:06 - 2014-02-20 00:06 - 00050477 _____ () C:\Users\Jonas ****\Downloads\Defogger.exe
2014-02-20 00:06 - 2014-02-20 00:06 - 00000484 _____ () C:\Users\Jonas ****\Downloads\defogger_disable.log
2014-02-20 00:06 - 2014-02-20 00:06 - 00000000 _____ () C:\Users\Jonas ****\defogger_reenable
2014-02-19 16:40 - 2013-01-28 18:42 - 00000000 ____D () C:\World of Warcraft
2014-02-19 16:13 - 2013-02-10 03:14 - 00007622 _____ () C:\Users\Jonas ****\AppData\Local\Resmon.ResmonCfg
2014-02-19 15:52 - 2014-02-13 14:04 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\DayZ
2014-02-18 21:55 - 2014-02-18 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 21:55 - 2014-02-18 20:55 - 00000000 ____D () C:\Users\Jonas ****\Desktop\mbar
2014-02-18 20:57 - 2014-02-18 20:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-18 20:55 - 2014-02-18 20:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Jonas ****\Downloads\mbar-1.07.0.1009.exe
2014-02-18 17:19 - 2013-01-28 18:43 - 00000000 ____D () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client
2014-02-17 20:41 - 2014-01-18 22:54 - 00000000 ____D () C:\ProgramData\8f34adb5f3a00093
2014-02-15 15:17 - 2014-02-15 15:15 - 00016476 _____ () C:\Users\Jonas ****\Desktop\Checka.aip
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-SetupFiles
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-cache
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Brurli Corp
2014-02-15 15:11 - 2014-02-15 15:11 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Caphyon
2014-02-15 15:11 - 2014-02-15 15:10 - 00000000 ____D () C:\ProgramData\regid.2003-04.com.caphyon
2014-02-15 15:11 - 2014-02-15 15:10 - 00000000 ____D () C:\ProgramData\Caphyon
2014-02-15 15:10 - 2014-02-15 15:10 - 00001338 _____ () C:\Users\Public\Desktop\Advanced Installer 10.9.1.lnk
2014-02-15 15:10 - 2014-02-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Caphyon
2014-02-15 15:02 - 2014-02-15 15:02 - 00000000 ____D () C:\Program Files (x86)\Myncos
2014-02-15 14:52 - 2014-02-12 12:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\V-Day
2014-02-14 18:41 - 2013-01-28 04:30 - 00698700 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 18:41 - 2013-01-28 04:30 - 00148944 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 18:41 - 2009-07-14 06:13 - 01618816 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 10:18 - 2014-02-14 10:18 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Final
2014-02-13 20:41 - 2013-09-24 12:54 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Game Dev Tycoon - Steam
2014-02-13 16:07 - 2014-02-13 14:04 - 00000000 ____D () C:\Users\Jonas ****\Documents\DayZ
2014-02-12 18:17 - 2013-08-18 01:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-10 23:14 - 2013-12-04 21:18 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-02-10 20:05 - 2013-04-09 16:56 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\.minecraft
2014-02-05 11:02 - 2013-02-13 23:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 11:01 - 2013-01-29 14:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 11:01 - 2013-01-29 14:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 11:03 - 2013-10-21 00:03 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\NVIDIA
2014-02-04 11:03 - 2013-10-17 17:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-04 11:03 - 2013-02-09 15:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-31 13:19 - 2014-01-31 13:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 13:19 - 2014-01-31 13:19 - 00000000 ____D () C:\ProgramData\fadgadbklejlmilpbompfkilmahdkjje
2014-01-31 13:19 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-31 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-30 08:20 - 2014-01-30 08:20 - 00001565 _____ () C:\Users\Public\Desktop\LastChaosGER.lnk
2014-01-30 08:10 - 2014-01-30 08:10 - 00000118 _____ () C:\Users\Public\Desktop\LastChaos Homepage.url
2014-01-28 22:30 - 2013-09-10 21:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-28 21:57 - 2013-03-11 08:58 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\PMB Files
2014-01-28 21:57 - 2013-03-11 08:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-01-28 00:11 - 2013-02-02 17:29 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Skyrim
2014-01-23 01:35 - 2014-01-23 01:19 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\ftblauncher
2014-01-23 01:34 - 2014-01-23 01:24 - 00000000 ____D () C:\Users\Jonas ****\FTBRETROSSP
2014-01-23 01:19 - 2014-01-23 01:19 - 00767467 _____ () C:\Users\Jonas ****\Desktop\launcher^FTB_Launcher.exe
2014-01-22 19:01 - 2014-01-22 19:00 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Moni
2014-01-22 15:08 - 2014-01-22 15:08 - 00291720 _____ () C:\Windows\Minidump\012214-30326-01.dmp
2014-01-22 15:08 - 2013-02-11 23:56 - 00000000 ____D () C:\Windows\Minidump
2014-01-22 15:07 - 2014-01-22 15:07 - 393122768 _____ () C:\Windows\MEMORY.DMP
2014-01-21 00:52 - 2013-07-11 12:51 - 00001358 _____ () C:\Users\Jonas ****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-01-21 00:51 - 2014-01-21 00:51 - 00001185 _____ () C:\Users\Jonas ****\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-01-21 00:51 - 2014-01-21 00:51 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-21 00:27 - 2014-01-18 22:53 - 00000000 ____D () C:\ProgramData\InstallMate

Some content of TEMP:
====================
C:\Users\Jonas ****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 16:35

==================== End Of Log ============================
--- --- ---

schrauber 21.02.2014 20:34

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Necros 22.02.2014 14:45
Hey,
der ESET online Scanner ist bei mir 5 Stunden gelaufen, jedoch ohne Funde und hat sich dann ohne Fehlermeldung geschlossen, in dem angegeben Dateipfad gibt es auch keine Log-Datei :\

Der Log des Security Checks:

Code:
Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java(TM) 6 Update 39 
 Java 7 Update 17 
 Java(TM) SE Development Kit 6 Update 39
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player 12.0.0.70 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 32.0.1700.102 
 Google Chrome 32.0.1700.76 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Probleme bestehen weiterhin, auch der ominöse UTuberAdBlockeR ist weiterhin installiert...
FRST lasse ich gerade drüberlaufen :)

Hier das FRST-log:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2014 01
Ran by Jonas **** (administrator) on JONAS****-PC on 22-02-2014 12:05:33
Running from C:\Users\Jonas ****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2013-01-27] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-01-21] ()
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1822400 2014-02-20] (Valve Corporation)
HKU\S-1-5-21-2407130220-617045063-1494062072-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\Jonas ****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE520DE520
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jonas ****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: BalancedWorlds.com/WebLauncher - C:\Users\Jonas ****\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: No Name - C:\Users\Jonas ****\AppData\Roaming\Mozilla\Firefox\Profiles\gpdkaj8x.default-1378759098533\Extensions\staged [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-20]
CHR Extension: (YouTube) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-20]
CHR Extension: (Google-Suche) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-20]
CHR Extension: (UTuberAdBlockeR) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgadbklejlmilpbompfkilmahdkjje [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Jonas ****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-13] ()
S2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [146768 2014-01-18] ()
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-21] ()
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4276136 2013-04-04] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-23] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2009-07-21] (Windows (R) Win 7 DDK provider)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [25088 2009-07-21] (Nuvoton Technology Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-22 12:05 - 2014-02-22 12:05 - 00014326 _____ () C:\Users\Jonas ****\Desktop\FRST.txt
2014-02-22 12:05 - 2014-02-22 12:05 - 00000000 ____D () C:\Users\Jonas ****\Desktop\FRST-OlderVersion
2014-02-22 11:53 - 2014-02-22 11:53 - 00987425 _____ () C:\Users\Jonas ****\Desktop\SecurityCheck.exe
2014-02-22 11:52 - 2014-02-22 11:53 - 00987425 _____ () C:\Users\Jonas ****\Downloads\SecurityCheck.exe
2014-02-21 21:50 - 2014-02-21 21:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-21 21:49 - 2014-02-21 21:50 - 02347384 _____ (ESET) C:\Users\Jonas ****\Downloads\esetsmartinstaller_enu.exe
2014-02-20 21:04 - 2014-02-20 21:04 - 00000000 ____D () C:\Users\Jonas ****\Downloads\FRST-OlderVersion
2014-02-20 21:03 - 2013-02-26 19:58 - 00000318 _____ () C:\Users\Jonas ****\Desktop\Curse Client.appref-ms
2014-02-20 20:50 - 2014-02-20 20:50 - 00000907 _____ () C:\Users\Jonas ****\Desktop\JRT.txt
2014-02-20 20:39 - 2014-02-20 20:39 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 16:53 - 2014-02-20 16:53 - 01037734 _____ (Thisisu) C:\Users\Jonas ****\Downloads\JRT.exe
2014-02-20 16:53 - 2014-02-20 16:53 - 01037734 _____ (Thisisu) C:\Users\Jonas ****\Desktop\JRT.exe
2014-02-20 16:52 - 2014-02-20 16:52 - 01241834 _____ () C:\Users\Jonas ****\Downloads\adwcleaner.exe
2014-02-20 16:52 - 2014-02-20 16:52 - 01241834 _____ () C:\Users\Jonas ****\Desktop\adwcleaner.exe
2014-02-20 09:45 - 2014-02-20 09:45 - 00032737 _____ () C:\ComboFix.txt
2014-02-20 09:28 - 2014-02-20 09:46 - 00000000 ____D () C:\Qoobox
2014-02-20 09:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-20 09:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-20 09:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-20 09:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-20 09:27 - 2014-02-20 09:43 - 00000000 ____D () C:\Windows\erdnt
2014-02-20 09:24 - 2014-02-20 09:25 - 05183254 ____R (Swearware) C:\Users\Jonas ****\Desktop\ComboFix.exe
2014-02-20 00:23 - 2014-02-20 00:23 - 00380416 _____ () C:\Users\Jonas ****\Downloads\Gmer-19357.exe
2014-02-20 00:12 - 2014-02-20 00:13 - 00031723 _____ () C:\Users\Jonas ****\Downloads\Addition.txt
2014-02-20 00:11 - 2014-02-20 21:07 - 00030939 _____ () C:\Users\Jonas ****\Downloads\FRST.txt
2014-02-20 00:10 - 2014-02-22 12:05 - 00000000 ____D () C:\FRST
2014-02-20 00:09 - 2014-02-22 12:05 - 02154496 _____ (Farbar) C:\Users\Jonas ****\Desktop\FRST64.exe
2014-02-20 00:08 - 2014-02-20 20:53 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Trojaner
2014-02-20 00:06 - 2014-02-20 00:06 - 00050477 _____ () C:\Users\Jonas ****\Downloads\Defogger.exe
2014-02-20 00:06 - 2014-02-20 00:06 - 00000484 _____ () C:\Users\Jonas ****\Downloads\defogger_disable.log
2014-02-20 00:06 - 2014-02-20 00:06 - 00000000 _____ () C:\Users\Jonas ****\defogger_reenable
2014-02-18 20:58 - 2014-02-18 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 20:57 - 2014-02-18 20:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-18 20:55 - 2014-02-18 21:55 - 00000000 ____D () C:\Users\Jonas ****\Desktop\mbar
2014-02-18 20:54 - 2014-02-18 20:55 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Jonas ****\Downloads\mbar-1.07.0.1009.exe
2014-02-15 15:15 - 2014-02-15 15:17 - 00016476 _____ () C:\Users\Jonas ****\Desktop\Checka.aip
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-SetupFiles
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-cache
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Brurli Corp
2014-02-15 15:11 - 2014-02-15 15:11 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Caphyon
2014-02-15 15:10 - 2014-02-15 15:11 - 00000000 ____D () C:\ProgramData\regid.2003-04.com.caphyon
2014-02-15 15:10 - 2014-02-15 15:11 - 00000000 ____D () C:\ProgramData\Caphyon
2014-02-15 15:10 - 2014-02-15 15:10 - 00001338 _____ () C:\Users\Public\Desktop\Advanced Installer 10.9.1.lnk
2014-02-15 15:10 - 2014-02-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Caphyon
2014-02-15 15:02 - 2014-02-15 15:02 - 00000000 ____D () C:\Program Files (x86)\Myncos
2014-02-14 10:18 - 2014-02-14 10:18 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Final
2014-02-13 14:04 - 2014-02-20 22:42 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\DayZ
2014-02-13 14:04 - 2014-02-13 16:07 - 00000000 ____D () C:\Users\Jonas ****\Documents\DayZ
2014-02-12 12:15 - 2014-02-15 14:52 - 00000000 ____D () C:\Users\Jonas ****\Desktop\V-Day
2014-01-31 13:19 - 2014-01-31 13:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 13:19 - 2014-01-31 13:19 - 00000000 ____D () C:\ProgramData\fadgadbklejlmilpbompfkilmahdkjje
2014-01-30 08:20 - 2014-01-30 08:20 - 00001565 _____ () C:\Users\Public\Desktop\LastChaosGER.lnk
2014-01-30 08:10 - 2014-01-30 08:10 - 00000118 _____ () C:\Users\Public\Desktop\LastChaos Homepage.url
2014-01-23 01:24 - 2014-01-23 01:34 - 00000000 ____D () C:\Users\Jonas ****\FTBRETROSSP
2014-01-23 01:19 - 2014-01-23 01:35 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\ftblauncher
2014-01-23 01:19 - 2014-01-23 01:19 - 00767467 _____ () C:\Users\Jonas ****\Desktop\launcher^FTB_Launcher.exe

==================== One Month Modified Files and Folders =======

2014-02-22 12:05 - 2014-02-22 12:05 - 00014326 _____ () C:\Users\Jonas ****\Desktop\FRST.txt
2014-02-22 12:05 - 2014-02-22 12:05 - 00000000 ____D () C:\Users\Jonas ****\Desktop\FRST-OlderVersion
2014-02-22 12:05 - 2014-02-20 00:10 - 00000000 ____D () C:\FRST
2014-02-22 12:05 - 2014-02-20 00:09 - 02154496 _____ (Farbar) C:\Users\Jonas ****\Desktop\FRST64.exe
2014-02-22 11:53 - 2014-02-22 11:53 - 00987425 _____ () C:\Users\Jonas ****\Desktop\SecurityCheck.exe
2014-02-22 11:53 - 2014-02-22 11:52 - 00987425 _____ () C:\Users\Jonas ****\Downloads\SecurityCheck.exe
2014-02-22 11:49 - 2013-12-29 15:58 - 01356034 _____ () C:\Windows\WindowsUpdate.log
2014-02-22 11:49 - 2013-02-13 23:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-22 11:49 - 2013-01-27 22:30 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 23:22 - 2013-01-29 15:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-21 23:20 - 2013-01-29 21:51 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Skype
2014-02-21 21:50 - 2014-02-21 21:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-21 21:50 - 2014-02-21 21:49 - 02347384 _____ (ESET) C:\Users\Jonas ****\Downloads\esetsmartinstaller_enu.exe
2014-02-21 18:17 - 2013-08-18 01:22 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Battle.net
2014-02-21 18:07 - 2013-01-28 18:42 - 00000000 ____D () C:\World of Warcraft
2014-02-21 00:27 - 2013-02-13 23:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 00:27 - 2013-01-29 14:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 00:27 - 2013-01-29 14:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 22:42 - 2014-02-13 14:04 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\DayZ
2014-02-20 21:07 - 2014-02-20 00:11 - 00030939 _____ () C:\Users\Jonas ****\Downloads\FRST.txt
2014-02-20 21:04 - 2014-02-20 21:04 - 00000000 ____D () C:\Users\Jonas ****\Downloads\FRST-OlderVersion
2014-02-20 21:04 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 21:04 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 21:03 - 2013-02-26 19:57 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Deployment
2014-02-20 20:57 - 2014-01-15 03:41 - 00005073 _____ () C:\Windows\setupact.log
2014-02-20 20:56 - 2014-01-15 03:40 - 00007092 _____ () C:\Windows\PFRO.log
2014-02-20 20:56 - 2013-10-17 17:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-20 20:56 - 2013-01-27 22:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 20:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 20:55 - 2013-01-27 19:57 - 00000000 ____D () C:\Users\Jonas ****
2014-02-20 20:54 - 2014-01-21 00:29 - 00000000 ____D () C:\AdwCleaner
2014-02-20 20:53 - 2014-02-20 00:08 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Trojaner
2014-02-20 20:50 - 2014-02-20 20:50 - 00000907 _____ () C:\Users\Jonas ****\Desktop\JRT.txt
2014-02-20 20:39 - 2014-02-20 20:39 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 16:53 - 2014-02-20 16:53 - 01037734 _____ (Thisisu) C:\Users\Jonas ****\Downloads\JRT.exe
2014-02-20 16:53 - 2014-02-20 16:53 - 01037734 _____ (Thisisu) C:\Users\Jonas ****\Desktop\JRT.exe
2014-02-20 16:52 - 2014-02-20 16:52 - 01241834 _____ () C:\Users\Jonas ****\Downloads\adwcleaner.exe
2014-02-20 16:52 - 2014-02-20 16:52 - 01241834 _____ () C:\Users\Jonas ****\Desktop\adwcleaner.exe
2014-02-20 09:46 - 2014-02-20 09:28 - 00000000 ____D () C:\Qoobox
2014-02-20 09:46 - 2013-02-26 19:57 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Apps\2.0
2014-02-20 09:45 - 2014-02-20 09:45 - 00032737 _____ () C:\ComboFix.txt
2014-02-20 09:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-20 09:43 - 2014-02-20 09:27 - 00000000 ____D () C:\Windows\erdnt
2014-02-20 09:42 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-20 09:41 - 2014-01-09 17:41 - 00000000 ____D () C:\Program Files (x86)\ESO Survey Live
2014-02-20 09:25 - 2014-02-20 09:24 - 05183254 ____R (Swearware) C:\Users\Jonas ****\Desktop\ComboFix.exe
2014-02-20 00:23 - 2014-02-20 00:23 - 00380416 _____ () C:\Users\Jonas ****\Downloads\Gmer-19357.exe
2014-02-20 00:13 - 2014-02-20 00:12 - 00031723 _____ () C:\Users\Jonas ****\Downloads\Addition.txt
2014-02-20 00:06 - 2014-02-20 00:06 - 00050477 _____ () C:\Users\Jonas ****\Downloads\Defogger.exe
2014-02-20 00:06 - 2014-02-20 00:06 - 00000484 _____ () C:\Users\Jonas ****\Downloads\defogger_disable.log
2014-02-20 00:06 - 2014-02-20 00:06 - 00000000 _____ () C:\Users\Jonas ****\defogger_reenable
2014-02-19 16:13 - 2013-02-10 03:14 - 00007622 _____ () C:\Users\Jonas ****\AppData\Local\Resmon.ResmonCfg
2014-02-18 21:55 - 2014-02-18 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 21:55 - 2014-02-18 20:55 - 00000000 ____D () C:\Users\Jonas ****\Desktop\mbar
2014-02-18 20:57 - 2014-02-18 20:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-18 20:55 - 2014-02-18 20:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Jonas ****\Downloads\mbar-1.07.0.1009.exe
2014-02-18 17:19 - 2013-01-28 18:43 - 00000000 ____D () C:\Users\Jonas ****\Desktop\TeamSpeak 3 Client
2014-02-17 20:41 - 2014-01-18 22:54 - 00000000 ____D () C:\ProgramData\8f34adb5f3a00093
2014-02-15 15:17 - 2014-02-15 15:15 - 00016476 _____ () C:\Users\Jonas ****\Desktop\Checka.aip
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-SetupFiles
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Checka-cache
2014-02-15 15:15 - 2014-02-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Brurli Corp
2014-02-15 15:11 - 2014-02-15 15:11 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\Caphyon
2014-02-15 15:11 - 2014-02-15 15:10 - 00000000 ____D () C:\ProgramData\regid.2003-04.com.caphyon
2014-02-15 15:11 - 2014-02-15 15:10 - 00000000 ____D () C:\ProgramData\Caphyon
2014-02-15 15:10 - 2014-02-15 15:10 - 00001338 _____ () C:\Users\Public\Desktop\Advanced Installer 10.9.1.lnk
2014-02-15 15:10 - 2014-02-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Caphyon
2014-02-15 15:02 - 2014-02-15 15:02 - 00000000 ____D () C:\Program Files (x86)\Myncos
2014-02-15 14:52 - 2014-02-12 12:15 - 00000000 ____D () C:\Users\Jonas ****\Desktop\V-Day
2014-02-14 18:41 - 2013-01-28 04:30 - 00698700 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 18:41 - 2013-01-28 04:30 - 00148944 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 18:41 - 2009-07-14 06:13 - 01618816 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 10:18 - 2014-02-14 10:18 - 00000000 ____D () C:\Users\Jonas ****\Desktop\Final
2014-02-13 20:41 - 2013-09-24 12:54 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Game Dev Tycoon - Steam
2014-02-13 16:07 - 2014-02-13 14:04 - 00000000 ____D () C:\Users\Jonas ****\Documents\DayZ
2014-02-12 18:17 - 2013-08-18 01:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-10 23:14 - 2013-12-04 21:18 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-02-10 20:05 - 2013-04-09 16:56 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\.minecraft
2014-02-04 11:03 - 2013-10-21 00:03 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\NVIDIA
2014-02-04 11:03 - 2013-10-17 17:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-04 11:03 - 2013-02-09 15:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-31 13:19 - 2014-01-31 13:19 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 13:19 - 2014-01-31 13:19 - 00000000 ____D () C:\ProgramData\fadgadbklejlmilpbompfkilmahdkjje
2014-01-31 13:19 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-31 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-30 08:20 - 2014-01-30 08:20 - 00001565 _____ () C:\Users\Public\Desktop\LastChaosGER.lnk
2014-01-30 08:10 - 2014-01-30 08:10 - 00000118 _____ () C:\Users\Public\Desktop\LastChaos Homepage.url
2014-01-28 22:30 - 2013-09-10 21:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-28 21:57 - 2013-03-11 08:58 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\PMB Files
2014-01-28 21:57 - 2013-03-11 08:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-01-28 00:11 - 2013-02-02 17:29 - 00000000 ____D () C:\Users\Jonas ****\AppData\Local\Skyrim
2014-01-23 01:35 - 2014-01-23 01:19 - 00000000 ____D () C:\Users\Jonas ****\AppData\Roaming\ftblauncher
2014-01-23 01:34 - 2014-01-23 01:24 - 00000000 ____D () C:\Users\Jonas ****\FTBRETROSSP
2014-01-23 01:19 - 2014-01-23 01:19 - 00767467 _____ () C:\Users\Jonas ****\Desktop\launcher^FTB_Launcher.exe

Some content of TEMP:
====================
C:\Users\Jonas ****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 16:35

==================== End Of Log ============================
--- --- ---

--- --- ---


und das Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2014 01
Ran by Jonas **** at 2014-02-22 12:06:17
Running from C:\Users\Jonas ****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.15.0715 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advanced Installer 10.9.1 (HKLM-x32\...\{A55C392E-7969-447C-89E1-0028C7BE9296}) (Version: 10.9.1 - Caphyon)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Burnout(TM) Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Canon iP4200 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Checka (HKLM-x32\...\{122B06A0-870E-45D6-A39A-3130F82BE45B}) (Version: 1.0.0 - Brurli Corp)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cradle of Rome (remove only) (HKLM-x32\...\Cradle of Rome) (Version:  - )
Crashday (HKLM-x32\...\{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}) (Version: 1 - ATARI)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
DER HOBBIT  (HKLM-x32\...\InstallShield_{023FFB0A-C5DB-4930-B3E4-D48266C21738}) (Version: 1.00.000 - Sierra)
Der Hobbit (x32 Version: 1.00.000 - Sierra) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Gilde Gold-Edition (HKLM-x32\...\Die Gilde Gold-Edition) (Version: 2.06 - JoWooD Productions Software AG)
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
Die Siedler 2 - Die nächste Generation (HKLM-x32\...\{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}) (Version: 1.00.0000 - UBISOFT)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Dungeonland (HKLM-x32\...\Steam App 218130) (Version:  - )
DUNGEONS Game of the Year edition (HKLM-x32\...\{B6505079-4610-4434-9558-53D7F9CBF6B3}) (Version: 1.3.3.0 - Realmforge Studios GmbH)
Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: 1.02 - Sierra)
Empire Earth III (HKLM-x32\...\{B17E235C-7A3B-4482-B650-21FFDE1D452E}) (Version: 1.00.0000 - Sierra Entertainment)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ESO Survey Live version 1.3.0 (HKLM-x32\...\17CBAF83-B4D1-41CC-B7DC-BFF1D4B9DDAC-live_is1) (Version: 1.3.0 - Immersyve, Inc.)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Far Cry 3 (HKLM-x32\...\{3E7F5A51-7657-43D6-A9B3-C3A21473834B}_is1) (Version: 1.01 - RAF)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.1.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Full Mojo Rampage (HKLM-x32\...\Steam App 225280) (Version:  - Over the Top Games)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
GameMaker-Studio 1.1 (HKCU\...\GameMaker-Studio11) (Version:  - YoYo Games Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
God Mode (HKLM-x32\...\Steam App 227480) (Version:  - Old School Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
GS Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}) (Version:  - Verified Publisher) <==== ATTENTION
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.55 - Conexant Systems)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 13 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170130}) (Version: 1.7.0.130 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java(TM) 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle)
Java(TM) SE Development Kit 6 Update 39 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160390}) (Version: 1.6.0.390 - Oracle)
LastChaosGER (HKLM-x32\...\{A86A50FC-7C22-478B-BAEF-82393328825F}) (Version: 1.00.000 - Barunsongames CO., LTD.)
Lazarus 1.0.14 (HKLM\...\Lazarus_is1) (Version: 1.0.14 - Lazarus Team)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic Online (HKLM-x32\...\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}) (Version: 3.00.0000 - Wizards of the Coast)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version:  - )
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{ac3600d2-e1b3-4573-bef7-73f9409d6393}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{aec97477-921a-4289-985a-9e29506625b6}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0a1 - Mozilla)
MSIBuilder (HKLM-x32\...\{03F39E93-14B1-4590-879F-EDCB52AFB44F}) (Version: 2.0.25 - Myncos)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Neverwinter (HKLM-x32\...\Neverwinter) (Version:  - Cryptic Studios)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)
Nightly 24.0a1 (x86 en-US) (HKLM-x32\...\Nightly 24.0a1 (x86 en-US)) (Version: 24.0a1 - Mozilla)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM-x32\...\{92975DF9-EA36-4F36-A9AC-D412BC1D709E}) (Version: 8.80.1001 - Nuvoton Technology Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Populous (HKLM-x32\...\{476CD9DE-C45F-4443-BFA7-E51C58B7E455}) (Version: 1.0.0.0 - Electronic Arts)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Rome - Total War - Gold Edition (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1970.1 - Hi-Rez Studios)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
The Mighty Quest For Epic Loot Version 1.213647 (HKLM-x32\...\The Mighty Quest For Epic Loot_is1) (Version: 1.213647 - )
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Tukui Client (HKLM-x32\...\{510CF4AB-E9C8-4F48-BB02-CDC11B880D68}) (Version: 2.2.7 - Tukui)
Tukui Client (HKLM-x32\...\{EF0FAA54-5532-4B90-99C4-B4A97D600A94}) (Version: 2.4.3 - Tukui)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
Xamarin Studio 4.2.1 (HKLM-x32\...\{C9184B82-189F-4FEA-B6FE-3AAEE3EA71F5}) (Version: 4.2.1.1 - Xamarin)
Xamarin Universal Installer (HKLM-x32\...\{63245546-ef4a-43ec-8493-55bd664b95c5}) (Version: 3.5.0.0 - Xamarin, Inc)
Xamarin.Android (HKLM-x32\...\{0A1239F2-D707-4984-AF0E-98EC2B9D4F77}) (Version: 4.10.01073 - Xamarin)

==================== Restore Points  =========================

11-02-2014 15:34:04 Geplanter Prüfpunkt
15-02-2014 13:59:49 Installed MakeMsi
15-02-2014 14:01:36 Installed MSIBuilder
15-02-2014 14:10:16 Installed Advanced Installer 10.9.1
15-02-2014 14:15:48 Installed Checka
20-02-2014 08:28:28 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-20 20:56 - 00039317 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 642 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {013C3038-8A02-4174-8A37-A57F24A8E73C} - System32\Tasks\{E5B1A35F-A8F3-45B6-8806-434B514229DA} => C:\Program Files (x86)\Electronic Arts\SPORE\Sporebin\SporeApp.exe [2013-06-11] (Maxis, a division of Electronic Arts Inc.)
Task: {09192B45-44D7-4B1B-9B18-630AC481C89F} - System32\Tasks\{29F839E4-33DF-4109-AAF9-412E1649A26D} => C:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\lotrbfme2ep1.exe
Task: {3AA5CD9D-A790-4251-A4AB-F99E542DCDF6} - System32\Tasks\{712462F2-2B76-487E-AA30-8664F5E0F75D} => C:\Program Files (x86)\JoWooD\Die Gilde Gold-Edition\GildeGold.exe [2003-10-01] ()
Task: {77B0A6DD-E1F4-4288-911A-3C28CFF80787} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {7EFEF390-C001-47DE-958C-C3920CDC4ED9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: {8652A68D-6731-45F0-A9FC-DC0315BC819E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {91C3DCBF-EFB1-4B0F-A29E-0BA72D7E5978} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {C7108F67-873A-42F9-9DFF-93C687732692} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {DE99F44E-1B16-4DBF-83AC-146DC8A086BD} - \BrowserDefendert No Task File
Task: {F1CAD3DA-F27C-49F5-AF56-31311D5DDD6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-17 17:13 - 2013-09-12 08:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-14 10:46 - 2013-12-23 20:29 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-29 18:55 - 2014-01-23 06:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-29 18:55 - 2014-01-23 06:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-29 18:55 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-29 18:55 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-29 18:55 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-01-29 18:55 - 2014-01-23 06:56 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:E3C56885

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2014 00:04:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/21/2014 09:50:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/20/2014 10:35:10 PM) (Source: Application Hang) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 72c

Startzeit: 01cf2e839a06857a

Endzeit: 10

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Berichts-ID: dde7cef7-9a76-11e3-8990-00262d69747a

Error: (02/20/2014 09:03:47 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1074

Startzeit: 01cf2e76af07bda3

Endzeit: 3

Anwendungspfad: C:\Users\Jonas ****\Downloads\FRST64.exe

Berichts-ID: 1a2b58aa-9a6a-11e3-8990-00262d69747a


System errors:
=============
Error: (02/20/2014 08:57:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/20/2014 08:57:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-20 09:41:25.676
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-20 09:41:25.599
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 4090.93 MB
Available physical RAM: 2410.05 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 6216.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:584.35 GB) (Free:125.7 GB) NTFS
Drive e: (ROMETWGOLD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 8D938D93)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 23.02.2014 11:30
Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Verbindest Du mit einem Google Konto?

Necros 23.02.2014 13:46
So, habe es Neu-Installiert.

Bislang habe ich mich schon angemeldet, jetzt habe ich es allerdings erst mal gelassen.
Die Extension ist jetzt erstmal weg, ich werde mir mal versuchen ein Bild davon zu machen ob die Probleme noch weiterhin bestehen.

schrauber 24.02.2014 16:35
Wenn die beim verbinden mit Google wieder kommen synct Google das immer wieder in den Browser. Dann musst du verbinden, dann von Hand die Einstellungen durchsuchen und alles löschen.

Necros 25.02.2014 12:03
Die Probleme sind bislang noch nicht wieder aufgetaucht.
Danke für die Hilfe :)

Ich habe mich jetzt seit einem Tag wieder komplett eingeloggt, und bislang wurde nichts installiert, also hoffe ich das beste.

schrauber 26.02.2014 10:58
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19