Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 / 64Bit : Ungültiges Bild Error / Fehlermeldung (https://www.trojaner-board.de/152655-windows-7-64bit-ungueltiges-bild-error-fehlermeldung.html)

Slida Kyrs 17.04.2014 12:40
Windows 7 / 64Bit : Ungültiges Bild Error / Fehlermeldung
 
Guten Tag

Ich habe seit einiger Zeit ein Problem mit meinem Rechner, undzwar ich erhalte immer wider einen Error bzw Fehlermeldung von Windows ( Ungültiges Bild ) :Beispiel C:\Windows\System32\( hier steht die Datei der Betroffenden ANwendung).dll. Danach folgt noch ein Text, dass die Datei nicht für die Ausführung unter Windows vorgesehen ist, odr einen Fehler enthält.Installieren sie das Programm mit den Original Installationsmedien erneut, oder wenden sie sich an den System Administrator oder an den Softwarelieferanten, um Unterstüzung zu erhalten. Jedoch funktionirt das gleiche Programm z.b Steam bei meinem Laptop ohne diese Fehlermeldung.

Ich bin sehr neu hier desshalb weiss ich nicht ob ich die Logfiles erst auf auforderung oder sofort anhängen soll , weil ich beides im Regelwerk gelesen habe.

schrauber 17.04.2014 12:59
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Slida Kyrs 17.04.2014 13:12
Ich hatte dies schon runtergaladen, trozdem dankeschön für die rasche antwort:daumenhoc

schrauber 18.04.2014 09:55
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Slida Kyrs 18.04.2014 17:02
Achso vielen Dank für den Hinweis

FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by Christopher (administrator) on DADDELKISTE on 17-04-2014 14:06:15
Running from C:\Users\Christopher\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
() C:\Users\Christopher\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamSpeak Systems GmbH) C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304 2013-02-28] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-10-31] (LogMeIn Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Run: [DriverBoost] => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [3544432 2013-01-25] (PC Drivers Headquarters)
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Run: [PC Speed Maximizer] => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134456 2013-03-09] (Smart PC Solutions)
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3236328371-879444933-2025750576-1000\...\MountPoints2: {80e68b80-79da-11e2-a963-806e6f6e6963} - F:\Autorun.exe
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=a92fc6e7-079f-4324-b353-0899746ef5ff&searchtype=ds&q={searchTerms}&installDate=18/02/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mysearchresults.com/?c=3555&t=01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x637FBBBDF50DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=a92fc6e7-079f-4324-b353-0899746ef5ff&searchtype=ds&q={searchTerms}&installDate=18/02/2013
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=a92fc6e7-079f-4324-b353-0899746ef5ff&searchtype=ds&q={searchTerms}&installDate=18/02/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=a92fc6e7-079f-4324-b353-0899746ef5ff&searchtype=ds&q={searchTerms}&installDate=18/02/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=a92fc6e7-079f-4324-b353-0899746ef5ff&searchtype=ds&q={searchTerms}&installDate=18/02/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=36FA627002FCDA10&affID=119357&tl=2536570&tsp=4924
SearchScopes: HKCU - {7A6D40F3-2683-4C13-8A92-5B9F150FD417} URL = hxxp://www.mysearchresults.com/search?&c=3555&t=01&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Internet Turbo SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Internet Turbo SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Christopher\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Internet Turbo Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - Internet Turbo Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\24ghugbs.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Christopher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-03-02]
FF HKCU\...\Firefox\Extensions: [autolyrics@man-soft.net] - C:\Program Files (x86)\AutoLyrics\FF\
FF Extension: Auto Lyrics - C:\Program Files (x86)\AutoLyrics\FF\ []

Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=36FA627002FCDA10&affID=119357&tl=2536570&tsp=4924
CHR StartupUrls: "hxxp://www.google.com/webhp?source=search_app"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.107\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Angry Birds) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-02-21]
CHR Extension: (Internet Turbo) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Google-Suche) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (Delta Toolbar) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-06-25]
CHR Extension: (avast! WebRep) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-02-19]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-02]
CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Plus-HD-2.3) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec [2013-06-25]
CHR Extension: (Google Mail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
CHR Extension: (Yann Arthus-Bertrand) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc [2013-08-18]
CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Christopher\AppData\Local\Smartbar/Application\1Extension.crx [2013-02-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-03-02]
CHR HKCU\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2013-03-02]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Christopher\AppData\Roaming\BabSolution\CR\Delta.crx [2013-06-25]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-02-18]
CHR HKLM-x32\...\Chrome\Extension: [pkcdkfohdadbjmlfejhncigcbfkiaamf] - C:\Program Files (x86)\AutoLyrics\Chrome.crx [2013-02-18]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-02-28] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-14] ()
R2 DefaultTabUpdate; C:\Users\Christopher\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-18] ()
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] ()
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33472 2013-02-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80888 2013-02-28] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [71064 2013-02-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65408 2013-02-28] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025880 2013-02-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377992 2013-02-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68992 2013-02-28] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177672 2013-02-28] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-24] ()
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-24] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U0 KL1;
U0 SR;
U2 srservice;
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 13:20 - 2014-04-17 13:21 - 01110476 _____ () C:\Users\Christopher\Desktop\7z920(1).exe
2014-04-17 13:10 - 2014-04-17 13:10 - 00292248 _____ () C:\Windows\Minidump\041714-22932-01.dmp
2014-04-17 12:55 - 2014-04-17 14:06 - 00028791 _____ () C:\Users\Christopher\Desktop\FRST.txt
2014-04-17 12:55 - 2014-04-17 14:06 - 00000000 ____D () C:\FRST
2014-04-17 12:55 - 2014-04-17 12:55 - 00037339 _____ () C:\Users\Christopher\Desktop\Addition.txt
2014-04-17 12:54 - 2014-04-17 12:54 - 00000484 _____ () C:\Users\Christopher\Desktop\defogger_disable.log
2014-04-17 12:54 - 2014-04-17 12:54 - 00000000 _____ () C:\Users\Christopher\defogger_reenable
2014-04-17 12:53 - 2014-04-17 12:53 - 02158592 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe
2014-04-17 12:53 - 2014-04-17 12:53 - 00380416 _____ () C:\Users\Christopher\Desktop\Gmer-19357.exe
2014-04-17 12:52 - 2014-04-17 12:52 - 00050477 _____ () C:\Users\Christopher\Desktop\Defogger.exe
2014-04-17 12:44 - 2014-04-17 12:44 - 00083434 _____ () C:\Users\Christopher\Desktop\Extras.Txt
2014-04-17 12:43 - 2014-04-17 12:43 - 00095656 _____ () C:\Users\Christopher\Desktop\OTL.Txt
2014-04-17 12:33 - 2014-04-17 12:33 - 00602112 _____ (OldTimer Tools) C:\Users\Christopher\Desktop\OTL.exe
2014-04-16 13:40 - 2014-04-16 13:40 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skyrim
2014-04-12 14:01 - 2014-04-12 14:01 - 00000000 ____D () C:\Users\Christopher\Neuer Ordner
2014-04-12 13:09 - 2014-04-12 15:34 - 00000000 ____D () C:\Users\Christopher\AppData\Local\fabi.me
2014-04-11 22:16 - 2014-04-11 22:16 - 00156269 _____ () C:\Users\Christopher\Documents\ts3_clientui-win64-1394624943-2014-04-11 22_16_24.482191.dmp
2014-04-10 18:57 - 2014-04-10 18:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-10 18:56 - 2014-04-12 12:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-10 18:56 - 2014-04-10 18:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-10 18:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-10 18:52 - 2014-04-10 18:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Christopher\Downloads\spybot-2.2.25.exe
2014-03-28 18:45 - 2014-03-28 18:45 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Macromedia
2014-03-28 18:42 - 2014-03-28 18:43 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Mozilla
2014-03-28 18:42 - 2014-03-28 18:43 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Mozilla
2014-03-28 18:42 - 2014-03-28 18:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-28 18:42 - 2014-03-28 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 16:05 - 2014-03-28 16:05 - 00003400 ____N () C:\bootsqm.dat
2014-03-27 13:55 - 2014-03-27 13:55 - 00847856 _____ (Google Inc.) C:\Users\Christopher\Downloads\ChromeSetup.exe
2014-03-27 13:46 - 2014-03-28 18:29 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Deployment
2014-03-27 13:46 - 2014-03-27 13:46 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Apps\2.0
2014-03-24 20:29 - 2014-03-24 20:29 - 00000000 ____D () C:\db04e2a935d8b172b9b57c40
2014-03-23 21:52 - 2014-03-23 21:52 - 00000000 ____D () C:\Windows\system32\SPReview

==================== One Month Modified Files and Folders =======

2014-04-17 14:06 - 2014-04-17 12:55 - 00028791 _____ () C:\Users\Christopher\Desktop\FRST.txt
2014-04-17 14:06 - 2014-04-17 12:55 - 00000000 ____D () C:\FRST
2014-04-17 13:49 - 2014-01-09 16:03 - 00000375 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-17 13:43 - 2013-02-18 19:01 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 13:43 - 2013-02-18 19:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 13:28 - 2013-02-21 19:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-17 13:23 - 2009-07-14 06:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 13:23 - 2009-07-14 06:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 13:21 - 2014-04-17 13:20 - 01110476 _____ () C:\Users\Christopher\Desktop\7z920(1).exe
2014-04-17 13:17 - 2013-03-28 14:04 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\TS3Client
2014-04-17 13:17 - 2009-07-14 19:58 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 13:17 - 2009-07-14 19:58 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 13:17 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 13:13 - 2013-07-26 14:05 - 00000000 ____D () C:\Users\Christopher\AppData\Local\LogMeIn Hamachi
2014-04-17 13:11 - 2013-06-25 10:59 - 00001916 _____ () C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2014-04-17 13:11 - 2013-06-25 10:59 - 00001210 _____ () C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2014-04-17 13:11 - 2013-02-18 19:01 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 13:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 13:10 - 2014-04-17 13:10 - 00292248 _____ () C:\Windows\Minidump\041714-22932-01.dmp
2014-04-17 13:10 - 2013-03-18 10:42 - 687382080 _____ () C:\Windows\MEMORY.DMP
2014-04-17 13:10 - 2013-03-18 10:42 - 00000000 ____D () C:\Windows\Minidump
2014-04-17 13:10 - 2013-02-18 19:06 - 00208612 _____ () C:\Windows\PFRO.log
2014-04-17 13:10 - 2013-02-18 19:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-17 13:10 - 2009-07-14 06:51 - 00104188 _____ () C:\Windows\setupact.log
2014-04-17 13:08 - 2013-02-18 16:53 - 01232551 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 12:55 - 2014-04-17 12:55 - 00037339 _____ () C:\Users\Christopher\Desktop\Addition.txt
2014-04-17 12:54 - 2014-04-17 12:54 - 00000484 _____ () C:\Users\Christopher\Desktop\defogger_disable.log
2014-04-17 12:54 - 2014-04-17 12:54 - 00000000 _____ () C:\Users\Christopher\defogger_reenable
2014-04-17 12:54 - 2013-02-18 17:00 - 00000000 ____D () C:\Users\Christopher
2014-04-17 12:53 - 2014-04-17 12:53 - 02158592 _____ (Farbar) C:\Users\Christopher\Desktop\FRST64.exe
2014-04-17 12:53 - 2014-04-17 12:53 - 00380416 _____ () C:\Users\Christopher\Desktop\Gmer-19357.exe
2014-04-17 12:52 - 2014-04-17 12:52 - 00050477 _____ () C:\Users\Christopher\Desktop\Defogger.exe
2014-04-17 12:44 - 2014-04-17 12:44 - 00083434 _____ () C:\Users\Christopher\Desktop\Extras.Txt
2014-04-17 12:43 - 2014-04-17 12:43 - 00095656 _____ () C:\Users\Christopher\Desktop\OTL.Txt
2014-04-17 12:33 - 2014-04-17 12:33 - 00602112 _____ (OldTimer Tools) C:\Users\Christopher\Desktop\OTL.exe
2014-04-16 19:20 - 2013-06-25 11:11 - 00000000 ____D () C:\Users\Christopher\AppData\Local\PMB Files
2014-04-16 19:20 - 2013-06-25 11:11 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-16 13:40 - 2014-04-16 13:40 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Skyrim
2014-04-16 12:02 - 2013-02-21 19:06 - 00580106 _____ () C:\Windows\DirectX.log
2014-04-16 11:56 - 2013-03-13 18:03 - 00000000 ____D () C:\Users\Christopher\Documents\My Games
2014-04-14 19:17 - 2014-03-04 16:34 - 00000000 ____D () C:\Users\Christopher\AppData\Local\DayZ
2014-04-13 12:08 - 2013-03-09 19:09 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Skype
2014-04-13 11:06 - 2013-04-12 17:15 - 00000000 ____D () C:\Users\Christopher\Desktop\Anwendungen
2014-04-13 11:04 - 2013-09-11 14:38 - 00000000 ____D () C:\Users\Christopher\Desktop\Schule
2014-04-12 15:59 - 2013-02-24 17:28 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Ubisoft
2014-04-12 15:34 - 2014-04-12 13:09 - 00000000 ____D () C:\Users\Christopher\AppData\Local\fabi.me
2014-04-12 14:01 - 2014-04-12 14:01 - 00000000 ____D () C:\Users\Christopher\Neuer Ordner
2014-04-12 12:57 - 2014-04-10 18:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-11 22:16 - 2014-04-11 22:16 - 00156269 _____ () C:\Users\Christopher\Documents\ts3_clientui-win64-1394624943-2014-04-11 22_16_24.482191.dmp
2014-04-10 18:57 - 2014-04-10 18:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-10 18:56 - 2014-04-10 18:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-10 18:53 - 2014-04-10 18:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Christopher\Downloads\spybot-2.2.25.exe
2014-04-09 18:41 - 2013-03-03 18:47 - 00000000 ____D () C:\ProgramData\Origin
2014-04-09 18:17 - 2013-03-03 18:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-08 09:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 18:45 - 2014-03-28 18:45 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Macromedia
2014-03-28 18:43 - 2014-03-28 18:42 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Mozilla
2014-03-28 18:43 - 2014-03-28 18:42 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Mozilla
2014-03-28 18:42 - 2014-03-28 18:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-28 18:42 - 2014-03-28 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 18:42 - 2013-03-02 15:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 18:29 - 2014-03-27 13:46 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Deployment
2014-03-28 16:05 - 2014-03-28 16:05 - 00003400 ____N () C:\bootsqm.dat
2014-03-27 13:55 - 2014-03-27 13:55 - 00847856 _____ (Google Inc.) C:\Users\Christopher\Downloads\ChromeSetup.exe
2014-03-27 13:46 - 2014-03-27 13:46 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Apps\2.0
2014-03-24 20:29 - 2014-03-24 20:29 - 00000000 ____D () C:\db04e2a935d8b172b9b57c40
2014-03-23 21:52 - 2014-03-23 21:52 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-19 22:30 - 2013-08-14 20:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 22:28 - 2013-02-21 19:36 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 22:09 - 2013-02-18 18:55 - 00002167 _____ () C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.6264.dll


Some content of TEMP:
====================
C:\Users\Christopher\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\Christopher\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\Christopher\AppData\Local\Temp\eauninstall.exe
C:\Users\Christopher\AppData\Local\Temp\egjye7vz.dll
C:\Users\Christopher\AppData\Local\Temp\i4jdel0.exe
C:\Users\Christopher\AppData\Local\Temp\i4jdel1.exe
C:\Users\Christopher\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Christopher\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Christopher\AppData\Local\Temp\u5hkyzwv.dll
C:\Users\Christopher\AppData\Local\Temp\ubi5F05.tmp.exe
C:\Users\Christopher\AppData\Local\Temp\ubi7CDF.tmp.exe
C:\Users\Christopher\AppData\Local\Temp\uninst1.exe
C:\Users\Christopher\AppData\Local\Temp\Uninstaller-5392.exe
C:\Users\Christopher\AppData\Local\Temp\Uninstaller-8460.exe
C:\Users\Christopher\AppData\Local\Temp\UpdateCheckerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 19:59

==================== End Of Log ============================
--- --- ---


FRST Addition:

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014
Ran by Christopher at 2014-04-17 12:55:33
Running from C:\Users\Christopher\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ZoneAlarm Antivirus (Disabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: avast! Antivirus (Disabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ZoneAlarm Anti-Spyware (Disabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.00.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - )
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Auto Lyrics (HKLM-x32\...\autolyrics@man-soft.net) (Version:  - Mansoft Union) <==== ATTENTION
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1482.0 - AVAST Software)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}) (Version: 0.92.79 - Dotjosh Studios)
DefaultTab (HKLM-x32\...\DefaultTab) (Version: 2.2.3.0 - Search Results, LLC) <==== ATTENTION
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.28.84 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
DriverBoost (HKLM-x32\...\{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}) (Version: 8.1 - DriverBoost)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Game Booster (HKLM-x32\...\Game Booster_is1) (Version: 1.1.0.0 - IObit)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Internet Turbo (HKLM-x32\...\{C4E25446-4162-44B8-821D-739B3ED9B130}) (Version: 1.6.1.802 - ReSoft Ltd.)
Internet Turbo Engine (HKCU\...\{fef9455e-5069-4a9f-906f-ef6b567e6c0e}) (Version: 1.6.1.802 - ReSoft Ltd.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 17 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version:  - Tale Worlds)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Tale Worlds)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA 3D Vision Controller Driver (x32 Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PC Speed Maximizer v3.1 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.1 - Smart PC Solutions)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2 PSG) (Version:  - Sony Online Entertainment)
Plus-HD-2.3 (HKLM-x32\...\Plus-HD-2.3) (Version: 1.27.153.5 - Plus HD) <==== ATTENTION
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.2 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.2.106 - Skype Technologies S.A.)
Sniper Art of Victory (HKLM-x32\...\Steam App 271500) (Version:  - CI Games)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.6 - ) <==== ATTENTION
SoftwareUpdater (HKLM-x32\...\SoftwareUpdater) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17292 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
TL-WN881ND Driver (HKLM-x32\...\{B512F025-E992-44D0-B1F4-D6E1D3339C80}) (Version: 1.0.0 - TP-LINK)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version:  - Ubisoft Toronto)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Yontoo 1.12.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.12.02 - Yontoo LLC) <==== ATTENTION
ZoneAlarm Antivirus (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 11.0.000.057 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points  =========================

13-04-2014 18:52:57 Windows Update
16-04-2014 09:57:19 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {032EB003-1CC3-43D2-8E72-95311CD73214} - System32\Tasks\{0D9B6DDA-335E-4F56-B161-10D480BC16F5} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.59.105/de/abandoninstall?page=tsProgressBar
Task: {03335C11-2DD4-4E25-ABBB-54C67D9CE443} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {0D454133-1B98-4AC2-B537-9789405299C4} - System32\Tasks\{1C755128-273B-47AA-850A-780801C36F0F} => C:\SG Interactive\Crossfire Europe\patcher_cf.exe
Task: {13D23FB1-A0BD-4F34-BF8B-9DD582958355} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {142E3C4B-9E81-4811-A6B8-5ECE79F9C825} - System32\Tasks\{651A6E4F-09DC-42B0-9224-403A14DD76E5} => C:\Users\Christopher\Desktop\cod 2 LAN VERSION\CoD2MP_s.exe
Task: {1B6B2620-F82A-490C-9960-EED2B3827BDC} - System32\Tasks\{B6604747-5A19-4A7F-BEC7-A024F8E27613} => C:\Users\Christopher\Desktop\Minecraft(gecrackt).exe
Task: {23370F82-D770-460B-AB1C-F6DFD8EE476B} - System32\Tasks\DriverBoost-RTMUpdater => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-01-25] (PC Drivers Headquarters)
Task: {23B528B0-8798-4C5F-AF5A-0F65077851CD} - System32\Tasks\{5E9E40D6-8668-4D19-B721-1047476DE471} => C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\lotrbfme2.exe
Task: {28C16D75-F5E7-4B4E-9FAA-EFA9C6F8B8F1} - System32\Tasks\{B5A996DE-3191-403B-BD31-BCD0CB598FC3} => C:\Program Files (x86)\JoWooD\Die Gilde 2\GuildII.exe
Task: {29286047-D8DE-4481-B5B9-269D7A0A8002} - System32\Tasks\{4175D301-8233-421C-8CED-E3D1F06DD7A0} => C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\lotrbfme2.exe
Task: {2B7C08FA-E1A2-4D51-945C-B75A23EBA328} - System32\Tasks\{12661B61-7AD0-4398-AEC5-0C2050CFE18E} => C:\Users\Christopher\Desktop\MinecraftSP.exe
Task: {2D34C9F9-AFF1-444B-8E67-67D72F84A517} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {3326539A-8DE3-445B-901C-AD42B4A03313} - System32\Tasks\{DE214B11-D287-4048-BDF9-EBF864166AD7} => C:\SG Interactive\Crossfire Europe\patcher_cf.exe
Task: {34D2DEE9-C86A-43B5-B7DD-EADA3FCD3BD8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-28] (AVAST Software)
Task: {362BE627-3FEA-416A-9A46-857D85956FA2} - System32\Tasks\{062090DF-6324-4CB9-AD7A-5E9CB34AC065} => C:\Users\Christopher\Desktop\Minecraft(gecrackt).exe
Task: {4792E84C-A6E1-4109-9833-498FC92DE32D} - System32\Tasks\{3D56C92C-9A1A-4B96-9688-94ADBBFBB024} => C:\Program Files\Valve\hl.exe
Task: {5B666ADF-7871-41CE-986B-B68A4D613E25} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5CD70717-4562-45D6-BAC6-0891B5228140} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {6019F97B-F135-4597-A06C-1298060A03F6} - System32\Tasks\{3F54F0DC-71CC-4381-8899-351EFF8CF6A6} => C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\lotrbfme2.exe
Task: {63C492F2-963F-4555-9B20-58FA579A5CA0} - System32\Tasks\{0A083730-437A-465F-AFC6-62F029AB7D41} => C:\Users\Christopher\Desktop\Minecraft(gecrackt).exe
Task: {71D002FE-248A-411D-87F1-EDAEBE6239C3} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-06-25] (Plus HD) <==== ATTENTION
Task: {720DEB8E-C15B-46EF-9A2B-19E0439441E9} - System32\Tasks\{96533D49-2620-4D29-B885-47B39944544D} => C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\LaunchPad.exe [2013-03-05] (Sony Online Entertainment)
Task: {84E5D778-8534-40B8-B0D2-39DD50E68F3B} - System32\Tasks\{91736860-6BF3-4CCD-AB73-4469FB2F13D0} => C:\Users\Christopher\Desktop\Minecraft gecrackt.exe
Task: {898041DA-E105-4635-AD87-6D3813693BF4} - System32\Tasks\{1754121E-8525-4AEE-A895-365B963CB846} => C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\lotrbfme2.exe
Task: {90486FC5-0621-414C-B730-9F1799C45288} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-06-25] (Plus HD) <==== ATTENTION
Task: {93366AD8-2308-4646-99FA-6BB55BFB7088} - System32\Tasks\DriverBoost-RTMRules => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-01-25] (PC Drivers Headquarters)
Task: {95DB5F23-C2C7-4A7A-8A8C-163BB1FA5317} - System32\Tasks\DriverBoost-RTMScan => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-01-25] (PC Drivers Headquarters)
Task: {9A27C205-549D-4FB3-A6F2-8E2E656842E8} - System32\Tasks\{F5929BBD-4ECF-4F32-BCC6-9696D88E09B0} => C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\lotrbfme2.exe
Task: {A7811092-BF46-4914-8EA0-0F9A7A56D656} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {B3A7971B-39B3-4779-BA3B-675DD80ADBE3} - System32\Tasks\{BE3F08A5-66BF-4469-AF32-25A35232AF04} => C:\Users\Christopher\Desktop\MinecraftSP.exe
Task: {C631A3C4-E969-46E3-B0C0-8BFE9CFCE78A} - System32\Tasks\{D327A330-50F0-4E02-B095-AD2D2CA38739} => C:\Users\Christopher\Desktop\Minecraft(gecrackt).exe
Task: {CE5A883D-C7AB-4EBD-9229-6515CF9D9D03} - System32\Tasks\{F8A2D5A7-23C6-4E6F-89F2-418C36EA3A41} => C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\lotrbfme2.exe
Task: {D75A99D5-063C-4478-A4AC-C105966E49AA} - System32\Tasks\EPUpdater => C:\Users\Christopher\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {D9DD139C-8F17-4425-ABB2-B9972800D08B} - System32\Tasks\{7E3FC550-3BD6-402F-8F76-D4B2F6571BAE} => C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\lotrbfme2.exe
Task: {E89A5D88-7224-42B6-BAEB-4B762A9458A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {F0083B6C-BAAD-49C8-9779-18DD2EA1221C} - System32\Tasks\{C5B552CD-9A4C-4909-B0EE-E031FBE8080F} => C:\SG Interactive\Crossfire Europe\crossfire.exe
Task: {F5E6D68D-0B9B-4441-AF21-D805530A6D78} - System32\Tasks\{6134D999-1524-414C-8360-ED236F0CF39D} => C:\Users\Christopher\Desktop\Minecraft gecrackt.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-04-08 00:19 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-18 18:53 - 2013-02-18 18:53 - 00107520 _____ () C:\Users\Christopher\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
2013-04-07 18:08 - 2009-05-25 14:08 - 00075536 _____ () C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
2014-03-13 17:23 - 2014-03-13 17:23 - 00173568 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-03-13 17:23 - 2014-03-13 17:23 - 01080832 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-13 17:23 - 2014-03-13 17:23 - 00833024 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-10-23 14:15 - 2014-03-13 17:23 - 00102344 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-10-23 14:15 - 2014-03-13 17:23 - 00108488 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-13 17:23 - 2014-03-13 17:23 - 00030208 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-13 17:23 - 2014-03-13 17:23 - 00233984 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-10-23 14:15 - 2014-03-13 17:23 - 00577480 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-13 17:23 - 2014-03-13 17:23 - 00159232 _____ () C:\Users\Christopher\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-03-24 18:42 - 2014-03-24 09:56 - 02283520 _____ () C:\Program Files\AVAST Software\Avast\defs\14032400\algo.dll
2014-04-10 18:56 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-10 18:56 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-08 17:57 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 17:57 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 18:10 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-02-15 14:08 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-01-22 05:22 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-12 16:43 - 2014-03-12 16:43 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-03-28 18:42 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: DriverBoost => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2014 00:50:20 PM) (Source: Google Update) (User: NT-AUTORITÄT)
Description: Google Update has encountered a fatal error.
ver=1.3.22.5;lang=de;id=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\fe76d6d8-4925-4028-a29f-cbd5c8eb55c4.dmp

Error: (04/17/2014 00:43:53 PM) (Source: Google Update) (User: NT-AUTORITÄT)
Description: Google Update has encountered a fatal error.
ver=1.3.22.5;lang=de;id=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\19907b24-b36a-4daa-9d24-829eb6ca5e10.dmp

Error: (04/17/2014 11:57:49 AM) (Source: Google Update) (User: NT-AUTORITÄT)
Description: Google Update has encountered a fatal error.
ver=1.3.22.5;lang=de;id=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\2acdc42d-2b7f-49e3-88ca-6a299d9dcfa3.dmp

Error: (04/17/2014 11:54:28 AM) (Source: Application Hang) (User: )
Description: Programm iw4mp.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1688

Startzeit: 01cf5a22d08dd5be

Endzeit: 33

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe

Berichts-ID:

Error: (04/17/2014 11:46:47 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/17/2014 11:43:41 AM) (Source: Google Update) (User: NT-AUTORITÄT)
Description: Google Update has encountered a fatal error.
ver=1.3.22.5;lang=de;id=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\5970b592-8991-4337-b4f7-dea6b366a07a.dmp

Error: (04/17/2014 11:40:50 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (04/16/2014 07:44:32 PM) (Source: Google Update) (User: NT-AUTORITÄT)
Description: Google Update has encountered a fatal error.
ver=1.3.22.5;lang=de;id=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\b9a1bc6b-7e8f-4d3a-8626-c386f558eeca.dmp

Error: (04/16/2014 06:57:40 PM) (Source: Google Update) (User: NT-AUTORITÄT)
Description: Google Update has encountered a fatal error.
ver=1.3.22.5;lang=de;id=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\0443b6cd-6b89-43f4-876a-0397810985e3.dmp

Error: (04/16/2014 06:43:46 PM) (Source: Google Update) (User: NT-AUTORITÄT)
Description: Google Update has encountered a fatal error.
ver=1.3.22.5;lang=de;id=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\fd844a9c-b69a-4ab9-b33d-ed6f220799a1.dmp


System errors:
=============
Error: (04/17/2014 00:55:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:54:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:54:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:53:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:53:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:52:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:52:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:51:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:51:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193

Error: (04/17/2014 00:50:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%193


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-13 12:08:35.799
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 11:59:03.259
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 11:38:03.003
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 11:20:32.538
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 10:57:35.524
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-12 15:20:02.059
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-12 15:09:06.630
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-12 14:27:45.723
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-12 13:22:02.512
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-11 22:36:47.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8189.55 MB
Available physical RAM: 5785.13 MB
Total Pagefile: 16377.25 MB
Available Pagefile: 13862.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:688.54 GB) (Free:414.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.1 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (ANNO2070) (CDROM) (Total:4.61 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=689 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 19.04.2014 10:28
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Slida Kyrs 19.04.2014 16:23
ok vielen dank
Combofix Logfile:
Code:
ComboFix 14-04-17.01 - Christopher 19.04.2014  16:54:48.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.8190.6371 [GMT 2:00]
ausgeführt von:: c:\users\Christopher\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SoftwareUpdater\KeyGen.dll
c:\users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0.localstorage-journal
c:\users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0.localstorage
c:\users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Christopher\AppData\Roaming\DefaultTab\DefaultTab\DeFAulttabbho.dll
c:\users\Public\AlexaNSISPlugin.6264.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SrvUpdater
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-19 bis 2014-04-19  ))))))))))))))))))))))))))))))
.
.
2014-04-17 17:05 . 2014-04-19 13:25        --------        d-----w-        c:\users\Christopher\AppData\Local\Arma 3
2014-04-17 17:05 . 2014-04-17 17:05        --------        d-----w-        c:\programdata\Bohemia Interactive
2014-04-17 10:55 . 2014-04-17 12:07        --------        d-----w-        C:\FRST
2014-04-16 11:40 . 2014-04-16 11:40        --------        d-----w-        c:\users\Christopher\AppData\Local\Skyrim
2014-04-12 12:01 . 2014-04-12 12:01        --------        d-----w-        c:\users\Christopher\Neuer Ordner
2014-04-12 11:09 . 2014-04-12 13:34        --------        d-----w-        c:\users\Christopher\AppData\Local\fabi.me
2014-04-10 16:56 . 2013-09-20 08:49        21040        ----a-w-        c:\windows\system32\sdnclean64.exe
2014-04-10 16:56 . 2014-04-12 10:57        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2014-04-10 16:56 . 2014-04-10 16:56        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2014-03-28 16:45 . 2014-03-28 16:45        --------        d-----w-        c:\users\Christopher\AppData\Local\Macromedia
2014-03-27 11:46 . 2014-03-28 16:29        --------        d-----w-        c:\users\Christopher\AppData\Local\Deployment
2014-03-27 11:46 . 2014-03-27 11:46        --------        d-----w-        c:\users\Christopher\AppData\Local\Apps
2014-03-24 18:29 . 2014-03-24 18:29        --------        d-----w-        C:\db04e2a935d8b172b9b57c40
2014-03-23 19:52 . 2014-03-23 19:52        --------        d-----w-        c:\windows\system32\SPReview
2014-03-21 14:10 . 2014-03-07 04:43        10521840        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CDB20DB-6D95-44C7-A18E-65A500E6CFE6}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 20:28 . 2013-02-21 17:36        90015360        ----a-w-        c:\windows\system32\MRT.exe
2014-03-12 14:43 . 2013-02-18 17:01        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 14:43 . 2013-02-18 17:01        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 11:47        297808        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49        281760        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverBoost"="c:\program files (x86)\DriverBoost\DriverBoost\DriverBoost.exe" [2013-01-25 3544432]
"PC Speed Maximizer"="c:\program files (x86)\PC Speed Maximizer\SPMLauncher.exe" [2013-03-09 134456]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-29 73832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-31 2349392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-2-28 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 aswVmm;aswVmm; [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 12:44        1150280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-18 14:43]
.
2014-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18 17:01]
.
2014-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-18 17:01]
.
2014-04-19 c:\windows\Tasks\Plus-HD-2.3-chromeinstaller.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-06-25 08:59]
.
2014-04-19 c:\windows\Tasks\Plus-HD-2.3-codedownloader.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-06-25 08:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49        342176        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mysearchresults.com/?c=3555&t=01
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=a92fc6e7-079f-4324-b353-0899746ef5ff&searchtype=ds&q={searchTerms}&installDate=18/02/2013
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\24ghugbs.default\
.
.
------- Dateityp-Verknüpfung -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Christopher\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Wow6432Node-HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Amazon Browser Bar - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe
AddRemove-autolyrics@man-soft.net - c:\program files (x86)\AutoLyrics\uninstall.exe
AddRemove-TeamSpeak 3 Client - c:\program files (x86)\TeamSpeak 3 Client\uninstall.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\Christopher\AppData\Local\SwvUpdater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-19  17:20:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-19 15:20
.
Vor Suchlauf: 16 Verzeichnis(se), 432.047.050.752 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 433.490.337.792 Bytes frei
.
- - End Of File - - 23A205A7EE6B01E5A38C8FEE3A4F0018
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/CODE]

schrauber 20.04.2014 17:59
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131