Trojaner-Board - Win 7 schließen einiger prozesse nicht möglich/Turbobit.net account

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Win 7 schließen einiger prozesse nicht möglich/Turbobit.net account (https://www.trojaner-board.de/152814-win-7-schliessen-einiger-prozesse-moeglich-turbobit-net-account.html)

Win 7 schließen einiger prozesse nicht möglich/Turbobit.net account

Hallo liebe Community,

ich habe seit einiger zeit das Gefühl das sich Viren oder dergleichen auf meinem Rechner befinden.
Der PC wurde langsam, das Laden externe Festplatten hat den Explorer zum Absturz gebracht und es war zeitweise nicht möglich Prozesse über den Taskmanager zu schließen.
Beim durchsehen der Installierten Programme habe ich ein Programm entdeckt das laut Google suche zum Netzwerk-Sniffen benutzt wird, leider bin ich mir bei dem namen nicht mehr 100% sicher aber ich meine es heißt Winpcap.

Auch wurde gestern mit meiner E-mail adresse und einem von mir benutzten passwort ein account bei der filesharing seite turbobit.net erstellt.

Ich habe bereits die avira rescue cd benutzt welche im papierkorb von thunderbird phishing dateien sowie trojaner entdeckt hat. Leider finde ich zu den Funden die log datei nicht mehr.
Auch wurden unerwünschte dateien durch Malwarbytes gefunden.

Mfg,

Seleyon

FRST Log

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02

Ran by **** (administrator) on ****-PC on 21-04-2014 15:02:28

Running from C:\Users\****\Desktop\WICHTIG\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-3937361682-188343742-509953620-1001\...\Run: [] => [X]

HKU\S-1-5-21-3937361682-188343742-509953620-1001\...\MountPoints2: {14bfac79-2227-11e1-82aa-001d7d04fccb} - G:\LaunchEAWG.exe

HKU\S-1-5-21-3937361682-188343742-509953620-1001\...\MountPoints2: {88994364-9642-11e3-8631-001d7d04fccb} - K:\NokiaPCIA_Autorun.exe

Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk

ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: localhost:21320

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo

SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default

FF DefaultSearchEngine: AOL Search

FF Homepage: about:home

FF Keyword.URL: www.google.de/search?q=

FF NetworkProxy: "backup.ftp", "94.100.29.164 "

FF NetworkProxy: "backup.ftp_port", 3128

FF NetworkProxy: "backup.gopher", "83.98.5.2"

FF NetworkProxy: "backup.gopher_port", 4001

FF NetworkProxy: "backup.socks", "94.100.29.164 "

FF NetworkProxy: "backup.socks_port", 3128

FF NetworkProxy: "backup.ssl", "94.100.29.164 "

FF NetworkProxy: "backup.ssl_port", 3128

FF NetworkProxy: "ftp", "95.211.156.222"

FF NetworkProxy: "ftp_port", 7777

FF NetworkProxy: "gopher", "127.0.0.1"

FF NetworkProxy: "gopher_port", 4001

FF NetworkProxy: "http", "95.211.156.222"

FF NetworkProxy: "http_port", 7777

FF NetworkProxy: "no_proxies_on", ""

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "95.211.156.222"

FF NetworkProxy: "socks_port", 7777

FF NetworkProxy: "socks_remote_dns", true

FF NetworkProxy: "ssl", "95.211.156.222"

FF NetworkProxy: "ssl_port", 7777

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\****\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()

FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\searchplugins\searchplugins-backup

FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\searchplugins\siteadvisor.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\donottrackplus@abine.com [2014-03-15]

FF Extension: FoxyProxy Standard - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\foxyproxy@eric.h.jung [2014-02-07]

FF Extension: MaskMe - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\idme@abine.com [2014-03-08]

FF Extension: RedShift V3.6 - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\redshift_V2@shift-themes.com [2011-11-06]

FF Extension: Aero Fox XL - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2011-11-06]

FF Extension: DivX Web Player - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-11-23]

FF Extension: Ghostery - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\firefox@ghostery.com.xpi [2013-12-05]

FF Extension: Self-Destructing Cookies - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2013-12-05]

FF Extension: Personas Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\personas@christopher.beard.xpi [2013-03-01]

FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-06]

FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-06]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-26] ()

R3 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()

S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1c\RpcAgentSrv.exe [72344 2008-03-24] (SiSoftware)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-20] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-20] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)

R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)

R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-09] (Duplex Secure Ltd.)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-21 15:01 - 2014-04-21 15:01 - 00003850 _____ () C:\Users\****\Gmerlog.log

2014-04-20 22:34 - 2014-04-21 12:57 - 00000022 _____ () C:\Windows\S.dirmngr

2014-04-20 14:02 - 2014-04-21 12:57 - 00001288 _____ () C:\Windows\setupact.log

2014-04-20 14:02 - 2014-04-20 14:02 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-19 19:50 - 2014-04-20 03:25 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps

2014-04-18 17:31 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-18 17:31 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-18 17:31 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-18 17:31 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieUserList

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieSiteList

2014-04-17 19:05 - 2014-04-17 19:05 - 00042114 _____ () C:\Users\****\Desktop\Addition.txt

2014-04-17 19:04 - 2014-04-17 19:19 - 00040505 _____ () C:\Users\****\Desktop\FRST.txt

2014-04-17 19:03 - 2014-04-21 15:02 - 00000000 ____D () C:\FRST

2014-04-17 18:54 - 2014-04-17 18:54 - 00000020 _____ () C:\Users\****\defogger_reenable

2014-04-17 18:36 - 2014-04-17 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-12 15:19 - 2014-04-12 15:19 - 00000000 ____D () C:\Windows\ERUNT

2014-04-12 13:43 - 2014-04-12 13:43 - 00002381 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_134357.txt

2014-04-12 13:42 - 2014-04-12 13:42 - 00002531 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_134255.txt

2014-04-12 13:38 - 2014-04-12 14:45 - 14118912 _____ () C:\Users\****\AppData\Roaming\Sandra.mdb

2014-04-12 13:34 - 2014-04-12 13:34 - 00001183 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Lite 2014.SP1c.lnk

2014-04-12 13:29 - 2014-04-12 13:29 - 00000000 ____D () C:\Program Files\SiSoftware

2014-04-12 00:45 - 2014-04-12 00:47 - 00000000 ____D () C:\AdwCleaner

2014-04-12 00:44 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (2)

2014-04-12 00:43 - 2014-04-12 00:43 - 00019339 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_004308.txt

2014-04-12 00:36 - 2014-04-12 00:44 - 00000000 ____D () C:\Users\****\Desktop\RK_Quarantine

2014-04-12 00:15 - 2014-04-12 00:15 - 00003214 _____ () C:\Windows\System32\Tasks\{AA9B7088-EC46-4AA5-AF0E-FF517BE0660C}

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Program Files (x86)\NirSoft

2014-04-11 14:49 - 2012-01-10 14:28 - 00750488 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll

2014-04-11 14:49 - 2012-01-10 14:28 - 00660368 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll

2014-04-11 14:18 - 2014-04-21 02:08 - 00003128 _____ () C:\Windows\wininit.ini

2014-04-10 19:52 - 2014-04-21 13:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-10 19:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-10 19:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-10 19:16 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-10 19:15 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-10 19:15 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-10 19:15 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-10 19:15 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-10 19:15 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-10 19:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-10 19:15 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-10 19:15 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-10 19:15 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-10 19:15 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-10 19:15 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-10 19:15 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-10 19:15 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-10 19:15 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-10 19:15 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-10 19:15 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-10 19:15 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-10 19:15 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-10 19:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-10 19:15 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-10 19:15 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-10 19:15 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-10 19:15 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-10 19:15 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-10 19:15 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-10 19:15 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-10 19:15 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-10 19:15 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-10 19:15 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-10 19:15 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-10 19:15 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-10 19:15 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-10 19:15 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-10 19:15 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-10 19:15 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-10 19:15 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-10 19:15 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-10 19:15 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-10 19:15 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-10 19:15 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-10 19:15 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-10 19:15 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-10 19:15 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-10 19:15 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-10 19:15 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-10 19:15 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-10 19:07 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-10 19:07 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-10 19:07 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-10 19:07 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-10 19:07 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-10 19:07 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-06 23:38 - 2014-04-06 23:38 - 00000000 ____D () C:\Users\****\AppData\Roaming\Trine2

2014-04-06 21:38 - 2014-04-06 21:38 - 00002053 _____ () C:\Users\****\Desktop\HijackThis.lnk

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-05 00:42 - 2014-04-06 23:36 - 00000000 ____D () C:\Users\****\AppData\Roaming\Comodo

2014-04-05 00:41 - 2014-04-05 12:35 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO

2014-04-05 00:41 - 2014-04-05 00:41 - 00000000 ____D () C:\ProgramData\Shared Space

2014-04-05 00:40 - 2014-03-25 21:22 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll

2014-03-29 20:40 - 2014-03-29 20:40 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-29 18:45 - 2014-03-29 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 01:36 - 2014-03-29 01:36 - 00003088 _____ () C:\Windows\System32\Tasks\{68B1960A-7A0C-4FC7-9E71-82A5E7108C17}

2014-03-25 22:00 - 2014-03-25 22:54 - 00000014 _____ () C:\Users\****\Desktop\Neues Textdokument.txt
 

==================== One Month Modified Files and Folders =======
 

2014-04-21 15:02 - 2014-04-17 19:03 - 00000000 ____D () C:\FRST

2014-04-21 15:01 - 2014-04-21 15:01 - 00003850 _____ () C:\Users\****\Gmerlog.log

2014-04-21 15:01 - 2011-11-06 06:52 - 00000000 ____D () C:\Users\****

2014-04-21 14:58 - 2009-07-14 06:45 - 00016544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-21 14:58 - 2009-07-14 06:45 - 00016544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-21 14:52 - 2014-04-12 00:44 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (2)

2014-04-21 14:17 - 2011-11-06 08:16 - 00000000 ____D () C:\Users\****\AppData\Local\PMB Files

2014-04-21 13:28 - 2014-04-10 19:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-21 13:03 - 2013-08-27 19:19 - 01440407 _____ () C:\Windows\WindowsUpdate.log

2014-04-21 12:57 - 2014-04-20 22:34 - 00000022 _____ () C:\Windows\S.dirmngr

2014-04-21 12:57 - 2014-04-20 14:02 - 00001288 _____ () C:\Windows\setupact.log

2014-04-21 12:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-21 02:08 - 2014-04-11 14:18 - 00003128 _____ () C:\Windows\wininit.ini

2014-04-20 19:40 - 2011-11-07 06:37 - 00000000 ____D () C:\Users\****\AppData\Roaming\Winamp

2014-04-20 16:59 - 2011-11-06 08:16 - 00000000 ____D () C:\ProgramData\PMB Files

2014-04-20 14:04 - 2012-02-13 16:45 - 00706048 ___SH () C:\Users\****\Desktop\Thumbs.db

2014-04-20 14:02 - 2014-04-20 14:02 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-20 03:28 - 2011-11-06 08:42 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype

2014-04-20 03:25 - 2014-04-19 19:50 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps

2014-04-20 03:25 - 2013-09-27 21:33 - 00000000 ____D () C:\Windows\Minidump

2014-04-19 15:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-04-18 23:35 - 2012-05-30 21:38 - 00000000 ____D () C:\Users\****\Desktop\USB-Stick

2014-04-18 23:21 - 2013-02-16 13:23 - 00742646 _____ () C:\Windows\system32\perfh013.dat

2014-04-18 23:21 - 2013-02-16 13:23 - 00156440 _____ () C:\Windows\system32\perfc013.dat

2014-04-18 23:21 - 2010-11-21 08:22 - 00707316 _____ () C:\Windows\system32\perfh007.dat

2014-04-18 23:21 - 2010-11-21 08:22 - 00152908 _____ () C:\Windows\system32\perfc007.dat

2014-04-18 23:21 - 2009-07-14 07:13 - 02541440 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-18 17:31 - 2013-11-02 12:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-04-18 17:31 - 2012-03-10 18:48 - 00000000 ____D () C:\Program Files (x86)\Java

2014-04-18 03:46 - 2011-11-23 19:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc

2014-04-18 00:24 - 2011-11-20 16:30 - 00000000 ____D () C:\Users\****\Documents\Battlefield 2

2014-04-18 00:12 - 2011-11-11 02:06 - 00000000 ____D () C:\Users\****\Documents\My Games

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieUserList

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieSiteList

2014-04-17 19:19 - 2014-04-17 19:04 - 00040505 _____ () C:\Users\****\Desktop\FRST.txt

2014-04-17 19:05 - 2014-04-17 19:05 - 00042114 _____ () C:\Users\****\Desktop\Addition.txt

2014-04-17 18:54 - 2014-04-17 18:54 - 00000020 _____ () C:\Users\****\defogger_reenable

2014-04-17 18:36 - 2014-04-17 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-16 23:12 - 2011-10-07 19:48 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys

2014-04-14 20:13 - 2014-04-18 17:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-14 20:05 - 2014-04-18 17:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-14 20:05 - 2014-04-18 17:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-14 20:04 - 2014-04-18 17:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-12 15:19 - 2014-04-12 15:19 - 00000000 ____D () C:\Windows\ERUNT

2014-04-12 14:45 - 2014-04-12 13:38 - 14118912 _____ () C:\Users\****\AppData\Roaming\Sandra.mdb

2014-04-12 14:07 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-04-12 13:43 - 2014-04-12 13:43 - 00002381 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_134357.txt

2014-04-12 13:42 - 2014-04-12 13:42 - 00002531 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_134255.txt

2014-04-12 13:34 - 2014-04-12 13:34 - 00001183 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Lite 2014.SP1c.lnk

2014-04-12 13:29 - 2014-04-12 13:29 - 00000000 ____D () C:\Program Files\SiSoftware

2014-04-12 00:47 - 2014-04-12 00:45 - 00000000 ____D () C:\AdwCleaner

2014-04-12 00:44 - 2014-04-12 00:36 - 00000000 ____D () C:\Users\****\Desktop\RK_Quarantine

2014-04-12 00:43 - 2014-04-12 00:43 - 00019339 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_004308.txt

2014-04-12 00:15 - 2014-04-12 00:15 - 00003214 _____ () C:\Windows\System32\Tasks\{AA9B7088-EC46-4AA5-AF0E-FF517BE0660C}

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Program Files (x86)\NirSoft

2014-04-11 20:50 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media

2014-04-11 14:50 - 2011-11-07 06:37 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect

2014-04-11 14:48 - 2011-11-06 06:52 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-11 14:34 - 2011-11-07 06:35 - 00000000 ___RD () C:\Users\****\Desktop\WICHTIG

2014-04-11 14:31 - 2011-11-17 09:05 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-11 14:31 - 2011-11-17 09:05 - 00000000 ____D () C:\Program Files\CCleaner

2014-04-11 13:25 - 2014-02-07 21:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-11 13:25 - 2014-02-07 21:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-11 13:25 - 2011-11-10 18:08 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe

2014-04-11 13:22 - 2013-12-27 21:05 - 00000000 ____D () C:\FreeOCR

2014-04-11 13:21 - 2011-12-09 07:11 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite

2014-04-11 13:21 - 2011-11-23 18:09 - 00000000 ____D () C:\Program Files\DivX

2014-04-11 13:21 - 2011-11-23 18:06 - 00000000 ____D () C:\ProgramData\DivX

2014-04-11 13:20 - 2013-12-30 18:59 - 00000000 ____D () C:\Users\****\AppData\Roaming\Dropbox

2014-04-11 13:16 - 2011-11-09 05:46 - 00000000 ____D () C:\Program Files\Logitech

2014-04-11 13:14 - 2011-12-24 20:39 - 00000000 ____D () C:\Program Files (x86)\Nokia

2014-04-11 13:12 - 2012-05-21 03:04 - 00000000 ____D () C:\Users\****\AppData\Local\Unity

2014-04-11 13:12 - 2011-11-06 06:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-10 20:10 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2012-12-09 20:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes

2014-04-10 19:51 - 2012-12-09 20:38 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-10 19:51 - 2012-12-09 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-10 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-04-10 19:15 - 2013-07-30 04:32 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 19:09 - 2011-03-08 21:49 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-10 19:06 - 2013-03-09 16:43 - 00000000 ____D () C:\Users\****\AppData\Local\ArmA 2 OA

2014-04-08 20:13 - 2012-01-30 21:28 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer

2014-04-06 23:38 - 2014-04-06 23:38 - 00000000 ____D () C:\Users\****\AppData\Roaming\Trine2

2014-04-06 23:36 - 2014-04-05 00:42 - 00000000 ____D () C:\Users\****\AppData\Roaming\Comodo

2014-04-06 21:38 - 2014-04-06 21:38 - 00002053 _____ () C:\Users\****\Desktop\HijackThis.lnk

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-05 15:51 - 2012-07-28 17:35 - 00003114 _____ () C:\Windows\System32\Tasks\TeamViewer.exe

2014-04-05 15:45 - 2011-11-07 03:48 - 00000000 ____D () C:\ProgramData\Comodo

2014-04-05 15:28 - 2013-05-23 13:40 - 00000000 ____D () C:\Users\****\Desktop\@CBA_CO

2014-04-05 12:53 - 2013-11-07 16:07 - 00000000 ____D () C:\Users\****\AppData\Local\AeroFS

2014-04-05 12:35 - 2014-04-05 00:41 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO

2014-04-05 00:41 - 2014-04-05 00:41 - 00000000 ____D () C:\ProgramData\Shared Space

2014-04-05 00:41 - 2011-11-07 03:47 - 00000000 ____D () C:\ProgramData\Comodo Downloader

2014-04-04 16:46 - 2013-06-27 02:50 - 00000000 ____D () C:\ProgramData\Origin

2014-04-04 16:34 - 2013-06-27 02:50 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-04-03 09:51 - 2014-04-10 19:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-10 19:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2012-12-09 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-31 00:40 - 2011-11-06 09:23 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-03-31 00:40 - 2011-11-06 07:59 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-03-31 00:40 - 2011-11-06 07:59 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-03-30 19:59 - 2012-04-26 01:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-29 20:40 - 2014-03-29 20:40 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-29 20:40 - 2011-11-06 08:42 - 00000000 ____D () C:\ProgramData\Skype

2014-03-29 18:45 - 2014-03-29 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 01:36 - 2014-03-29 01:36 - 00003088 _____ () C:\Windows\System32\Tasks\{68B1960A-7A0C-4FC7-9E71-82A5E7108C17}

2014-03-28 02:52 - 2011-11-06 07:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-03-28 02:47 - 2013-07-06 15:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-03-28 02:38 - 2013-06-27 02:55 - 00000000 ____D () C:\Users\****\AppData\Roaming\Origin

2014-03-27 21:02 - 2013-11-07 16:01 - 00000000 ____D () C:\Users\****\AppData\Roaming\AeroFSExec

2014-03-25 22:54 - 2014-03-25 22:00 - 00000014 _____ () C:\Users\****\Desktop\Neues Textdokument.txt

2014-03-25 21:22 - 2014-04-05 00:40 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll

2014-03-25 21:22 - 2014-04-05 00:40 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll

2014-03-25 21:22 - 2014-04-05 00:40 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll

2014-03-25 21:22 - 2014-04-05 00:40 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll

2014-03-25 21:22 - 2011-10-07 19:47 - 00453680 _____ (COMODO) C:\Windows\system32\guard64.dll

2014-03-25 21:22 - 2011-10-07 19:47 - 00363504 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll

2014-03-25 21:22 - 2011-10-07 19:47 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll

2014-03-25 21:07 - 2013-04-11 15:20 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
 

Some content of TEMP:

====================

C:\Users\****\AppData\Local\Temp\avgnt.exe

C:\Users\****\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
 
 

LastRegBack: 2014-04-19 15:18
 

==================== End Of Log ============================

Addition Log

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02

Ran by **** at 2014-04-21 15:02:51

Running from C:\Users\****\Desktop\WICHTIG\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

AeroFS (HKCU\...\AeroFS) (Version:  - Air Computing, Inc.)

AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden

Application Profiles (x32 Version: 2.0.4532.34673 - Ihr Firmenname) Hidden

Areca (HKLM-x32\...\Areca) (Version:  - )

Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)

Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )

Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.1.0 - Auslogics Labs Pty Ltd)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version:  - )

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)

Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.0522.2128.36590 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Champions Online: Free For All (HKLM-x32\...\Steam App 9880) (Version:  - Cryptic Studios)

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)

COMODO Internet Security (HKLM\...\{4EAB2511-0135-48CA-A47B-CE1E6836793A}) (Version: 5.8.16726.2131 - COMODO Security Solutions Inc.)

Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

DayZ Commander (HKLM-x32\...\{0170930E-68D6-4E85-88B2-82761CDE1F94}) (Version: 0.92.69 - Dotjosh Studios)

Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Diaspora version 1.0.4 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.0.4 - Diaspora Development)

Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )

Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)

G51 Skins (HKLM-x32\...\{B446F5BC-0503-452D-B9B9-37B782A51FB1}) (Version: 1.0.0 - Logitech)

Gajim (HKLM-x32\...\Gajim) (Version: 0.14.4 - )

GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)

Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)

Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)

HydraVision (x32 Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden

InfiniteCrisis (HKLM-x32\...\InfiniteCrisis) (Version:  - Turbine, Inc)

Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version:  - Zero Point Software)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JC2-MP version 0.0.14 (Build 481) (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.14 (Build 481) - )

Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)

Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)

K-Lite Codec Pack 7.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)

Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden

Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden

MOS v1.3 Full Install (HKCU\...\MOS v1.3 Full Install) (Version:  - )

MotioninJoy DS3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0005 - www.motioninjoy.com)

Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)

MRIcroN (remove only) (HKLM-x32\...\MRIcroN) (Version:  - )

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)

Nero 9 Lite (HKLM-x32\...\{5dcda8bd-0c22-4b65-82fd-3357c4d1c2d4}) (Version:  - Nero AG)

Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden

Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden

Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden

Nero StartSmart (x32 Version: 9.4.31.100 - Nero AG) Hidden

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)

Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)

Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)

Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)

PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)

Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)

Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)

Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)

SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)

Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)

Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - )

SiSoftware Sandra Lite 2014.SP1c (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.25.2014.4 - SiSoftware)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)

Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)

Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)

StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version:  - CodeHatch)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Stronghold (HKLM-x32\...\Steam App 40950) (Version:  - Firefly Studios)

Stronghold HD (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.30.0001 - Firefly Studios)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)

The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version:  - Snowblind Studios)

Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)

Warframe (HKLM-x32\...\Steam App 230410) (Version:  - )

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2014-01-10 12:40 - 00450639 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com

127.0.0.1        007guard.com

127.0.0.1        008i.com

127.0.0.1        www.008k.com

127.0.0.1        008k.com

127.0.0.1        www.00hq.com

127.0.0.1        00hq.com

127.0.0.1        010402.com

127.0.0.1        www.032439.com

127.0.0.1        032439.com

127.0.0.1        www.0scan.com

127.0.0.1        0scan.com

127.0.0.1        1000gratisproben.com

127.0.0.1        www.1000gratisproben.com

127.0.0.1        1001namen.com

127.0.0.1        www.1001namen.com

127.0.0.1        100888290cs.com

127.0.0.1        www.100888290cs.com

127.0.0.1        www.100sexlinks.com

127.0.0.1        100sexlinks.com

127.0.0.1        10sek.com

127.0.0.1        www.10sek.com

127.0.0.1        www.1-2005-search.com

127.0.0.1        1-2005-search.com

127.0.0.1        123fporn.info

127.0.0.1        www.123fporn.info

127.0.0.1        123haustiereundmehr.com

127.0.0.1        www.123haustiereundmehr.com

127.0.0.1        123moviedownload.com
 

There are 1000 more lines.
 
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {01255558-A58C-404D-AD89-45E79BD9E59A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {28E36051-FF2B-4888-B07D-30174885EF66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {3AB5DD20-5DD0-423C-AA47-15CD86F8DA6D} - System32\Tasks\{68B1960A-7A0C-4FC7-9E71-82A5E7108C17} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar

Task: {76640CB7-CEE4-4427-9297-DF7DCEB1DB65} - System32\Tasks\TeamViewer.exe => C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

Task: {770D2057-5076-4290-96EB-B58B98B42576} - System32\Tasks\{E4ADE269-8728-4546-9AF1-001093D91D4B} => D:\Programme\Spiele\Riot Games\League of Legends\lol.launcher.exe [2012-05-29] ()

Task: {7BE00FB0-3192-4663-A6A4-6F15509F310B} - System32\Tasks\{60434CFB-5BD0-442C-B433-1EF1E0B61624} => D:\Programme\Spiele\Riot Games\League of Legends\lol.launcher.exe [2012-05-29] ()

Task: {9C6409EB-DE46-4907-BD9E-C74700244752} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {BDA064F4-4831-4E50-BA9E-69BE18126A47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {C3646003-9A4C-4CC5-A017-B72BB3FC0D20} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {F6F8AF89-4A9A-4508-A215-A6726DEADF9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
 

==================== Loaded Modules (whitelisted) =============
 

2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

2011-11-06 07:59 - 2014-03-28 02:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll

2013-06-18 16:49 - 2013-06-18 16:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2013-04-30 00:08 - 2013-04-30 00:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2012-12-14 14:54 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll

2013-11-01 22:25 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2013-11-01 22:25 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2013-11-01 22:25 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2013-11-01 22:25 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-11-01 22:25 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 

==================== Disabled items from MSCONFIG ==============
 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe

MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/21/2014 01:00:38 PM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall
 

Error: (04/21/2014 00:58:05 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/20/2014 10:52:17 PM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall
 

Error: (04/20/2014 10:35:02 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/20/2014 02:06:35 PM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall
 

Error: (04/20/2014 02:02:30 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/20/2014 00:34:20 AM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall
 

Error: (04/20/2014 00:30:15 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/19/2014 07:50:30 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37

Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00184729

ID des fehlerhaften Prozesses: 0x16bc

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3
 

Error: (04/19/2014 06:02:33 PM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall
 
 

System errors:

=============

Error: (04/21/2014 00:58:58 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (04/21/2014 00:58:58 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (04/21/2014 00:58:57 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (04/21/2014 00:58:57 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 

Microsoft Office Sessions:

=========================

Error: (04/21/2014 01:00:38 PM) (Source: Steam Client Service)(User: )

Description: Failed to poke open firewall
 

Error: (04/21/2014 00:58:05 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/20/2014 10:52:17 PM) (Source: Steam Client Service)(User: )

Description: Failed to poke open firewall
 

Error: (04/20/2014 10:35:02 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/20/2014 02:06:35 PM) (Source: Steam Client Service)(User: )

Description: Failed to poke open firewall
 

Error: (04/20/2014 02:02:30 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/20/2014 00:34:20 AM) (Source: Steam Client Service)(User: )

Description: Failed to poke open firewall
 

Error: (04/20/2014 00:30:15 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/19/2014 07:50:30 PM) (Source: Application Error)(User: )

Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472916bc01cf5bcb07f18840C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll185013f0-c7eb-11e3-b223-001d7d04fccb
 

Error: (04/19/2014 06:02:33 PM) (Source: Steam Client Service)(User: )

Description: Failed to poke open firewall
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-04-06 22:11:54.313

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 22:11:54.251

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:36:07.760

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:36:07.682

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:22:56.754

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:22:56.692

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 20:44:22.440

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 20:44:22.362

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 20:35:58.695

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 20:35:58.617

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 39%

Total physical RAM: 4095.55 MB

Available physical RAM: 2477.11 MB

Total Pagefile: 8189.29 MB

Available Pagefile: 6017.16 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:146.39 GB) (Free:25.53 GB) NTFS

Drive d: () (Fixed) (Total:319.27 GB) (Free:18.43 GB) NTFS

Drive f: (Ubuntu-Live-Custom) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

Drive g: () (Removable) (Total:3.74 GB) (Free:0.01 GB) NTFS

Drive h: () (Removable) (Total:7.34 GB) (Free:0.01 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5EEF5EEF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=319 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 7 GB) (Disk ID: 66205247)

No partition Table on disk 1.
 

========================================================

Disk: 2 (Size: 4 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

MBAW Log

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 10.04.2014

Suchlauf-Zeit: 20:12:07

Logdatei: MBAlogfile.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.04.10.07

Rootkit Datenbank: v2014.03.27.01

Lizenz: Testversion

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: ****
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 260238

Verstrichene Zeit: 18 Min, 28 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Shuriken: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 6

PUP.Optional.Babylon.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.bbDpng", 27);), Ersetzt,[149b1d0bd3a867cf2a3d6dda9b6949b7]

PUP.Optional.Babylon.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.cntry", "DE");), Ersetzt,[d7d851d752296dc9dd8ae364ca3ad32d]

PUP.Optional.Babylon.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.firstRun", false);), Ersetzt,[28872bfd81fa8babc4a3ae9922e2b54b]

PUP.Optional.Babylon.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.hdrMd5", "7E03901256DF9B6389C204FF2D22B586");), Ersetzt,[a60981a7c7b41a1c6afdbf88798b41bf]

PUP.Optional.Babylon.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.lastActv", "27");), Ersetzt,[ddd211170a7193a32b3c0f3846be23dd]

PUP.Optional.Babylon.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.lastDP", 27);), Ersetzt,[a10ef632fd7e42f4c4a350f78282a060]
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo und entschuldigung das es so lange gedauert hat,

hier die combofix.txt

Code:

ComboFix 14-04-20.01 - Elethor 25.04.2014  14:20:19.1.2 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.4096.2668 [GMT 2:00]

ausgeführt von:: c:\users\Elethor\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

D:\install.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-03-25 bis 2014-04-25  ))))))))))))))))))))))))))))))

.

.

2014-04-25 12:31 . 2014-04-25 12:31        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-04-19 17:50 . 2014-04-20 01:25        --------        d-----w-        c:\users\Elethor\AppData\Local\CrashDumps

2014-04-18 15:31 . 2014-04-14 18:13        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-17 17:23 . 2014-04-17 17:23        --------        d-sh--w-        c:\users\Elethor\AppData\Local\EmieUserList

2014-04-17 17:23 . 2014-04-17 17:23        --------        d-sh--w-        c:\users\Elethor\AppData\Local\EmieSiteList

2014-04-17 17:03 . 2014-04-21 13:06        --------        d-----w-        C:\FRST

2014-04-17 16:36 . 2014-04-17 16:36        --------        d-----w-        c:\program files (x86)\ESET

2014-04-12 13:19 . 2014-04-12 13:19        --------        d-----w-        c:\windows\ERUNT

2014-04-12 11:29 . 2014-04-12 11:29        --------        d-----w-        c:\program files\SiSoftware

2014-04-11 22:45 . 2014-04-11 22:47        --------        d-----w-        C:\AdwCleaner

2014-04-11 22:12 . 2014-04-11 22:12        --------        d-----w-        c:\program files (x86)\NirSoft

2014-04-11 12:49 . 2012-01-10 12:28        750488        ----a-w-        c:\windows\system32\npDeployJava1.dll

2014-04-11 12:49 . 2012-01-10 12:28        660368        ----a-w-        c:\windows\system32\deployJava1.dll

2014-04-10 17:52 . 2014-04-24 21:57        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-04-10 17:51 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-04-10 17:51 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-04-10 17:51 . 2014-04-10 17:51        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-04-10 17:16 . 2014-03-06 06:00        359936        ----a-w-        c:\program files\Internet Explorer\IEShims.dll

2014-04-10 17:16 . 2014-03-06 05:50        257536        ----a-w-        c:\program files (x86)\Internet Explorer\IEShims.dll

2014-04-10 17:16 . 2014-03-06 08:32        574976        ----a-w-        c:\windows\system32\ieui.dll

2014-04-10 17:07 . 2014-03-04 09:44        243712        ----a-w-        c:\windows\system32\wow64.dll

2014-04-10 17:07 . 2014-03-04 09:44        1163264        ----a-w-        c:\windows\system32\kernel32.dll

2014-04-10 17:07 . 2014-03-04 09:44        362496        ----a-w-        c:\windows\system32\wow64win.dll

2014-04-10 17:07 . 2014-03-04 09:44        13312        ----a-w-        c:\windows\system32\wow64cpu.dll

2014-04-10 17:07 . 2014-03-04 09:44        16384        ----a-w-        c:\windows\system32\ntvdm64.dll

2014-04-10 17:07 . 2014-03-04 09:17        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2014-04-10 17:07 . 2014-03-04 09:16        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2014-04-10 17:07 . 2014-03-04 09:16        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2014-04-10 17:07 . 2014-03-04 08:09        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2014-04-10 17:07 . 2014-03-04 08:09        2048        ----a-w-        c:\windows\SysWow64\user.exe

2014-04-06 21:38 . 2014-04-06 21:38        --------        d-----w-        c:\users\Elethor\AppData\Roaming\Trine2

2014-04-06 19:38 . 2014-04-06 19:38        --------        d-----w-        c:\program files (x86)\Trend Micro

2014-04-04 22:42 . 2014-04-06 21:36        --------        d-----w-        c:\users\Elethor\AppData\Roaming\Comodo

2014-04-04 22:41 . 2014-04-04 22:41        --------        d-----w-        c:\programdata\Shared Space

2014-04-04 22:40 . 2014-03-25 19:22        45784        ----a-w-        c:\windows\system32\cmdkbd64.dll

2014-04-04 22:40 . 2014-03-25 19:22        40664        ----a-w-        c:\windows\SysWow64\cmdkbd32.dll

2014-04-04 22:40 . 2014-03-25 19:22        352984        ----a-w-        c:\windows\system32\cmdvrt64.dll

2014-04-04 22:40 . 2014-03-25 19:22        284888        ----a-w-        c:\windows\SysWow64\cmdvrt32.dll

2014-03-29 18:40 . 2014-03-29 18:40        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2014-03-29 18:40 . 2014-03-29 18:40        --------        d-----r-        c:\program files (x86)\Skype

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-16 21:12 . 2011-10-07 17:48        105552        ----a-w-        c:\windows\system32\drivers\inspect.sys

2014-04-16 21:12 . 2011-10-07 17:47        48360        ----a-w-        c:\windows\system32\drivers\cmdhlp.sys

2014-04-16 21:12 . 2011-10-07 17:47        738472        ----a-w-        c:\windows\system32\drivers\cmdGuard.sys

2014-04-16 21:12 . 2011-10-07 17:47        23168        ----a-w-        c:\windows\system32\drivers\cmderd.sys

2014-04-11 11:25 . 2014-02-07 19:28        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-11 11:25 . 2014-02-07 19:28        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-04-10 17:09 . 2011-03-08 19:49        90655440        ----a-w-        c:\windows\system32\MRT.exe

2014-04-03 07:50 . 2012-12-09 18:38        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-03-30 22:40 . 2011-11-06 07:23        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2014-03-30 22:40 . 2011-11-06 05:59        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2014-03-30 22:40 . 2011-11-06 05:59        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2014-03-28 00:52 . 2011-11-06 05:59        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2014-03-25 19:22 . 2011-10-07 17:47        43216        ----a-w-        c:\windows\system32\cmdcsr.dll

2014-03-25 19:22 . 2011-10-07 17:47        363504        ----a-w-        c:\windows\SysWow64\guard32.dll

2014-03-25 19:22 . 2011-10-07 17:47        453680        ----a-w-        c:\windows\system32\guard64.dll

2014-03-04 09:17 . 2014-04-10 17:07        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2014-02-07 01:23 . 2014-03-12 23:39        3156480        ----a-w-        c:\windows\system32\win32k.sys

2014-02-04 02:32 . 2014-03-12 23:38        624128        ----a-w-        c:\windows\system32\qedit.dll

2014-02-04 02:04 . 2014-03-12 23:38        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

2014-01-29 02:32 . 2014-03-12 23:39        484864        ----a-w-        c:\windows\system32\wer.dll

2014-01-29 02:06 . 2014-03-12 23:39        381440        ----a-w-        c:\windows\SysWow64\wer.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_AeroFSShellExtension]

@="{882108B6-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B6-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        623104        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\AeroFSShellExt32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1_AeroFSShellExtension]

@="{882108B1-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B1-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        623104        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\AeroFSShellExt32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2_AeroFSShellExtension]

@="{882108B2-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B2-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        623104        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\AeroFSShellExt32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3_AeroFSShellExtension]

@="{882108B3-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B3-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        623104        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\AeroFSShellExt32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5_AeroFSShellExtension]

@="{882108B5-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B5-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        623104        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\AeroFSShellExt32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\users\Elethor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-3-19 390256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"

"BlueStacks Agent"=c:\program files (x86)\BlueStacks\HD-Agent.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP1c\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP1c\RpcAgentSrv.exe [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]

S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]

S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_AeroFSShellExtension]

@="{882108B6-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B6-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        648192        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\x64\AeroFSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1_AeroFSShellExtension]

@="{882108B1-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B1-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        648192        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\x64\AeroFSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2_AeroFSShellExtension]

@="{882108B2-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B2-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        648192        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\x64\AeroFSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3_AeroFSShellExtension]

@="{882108B3-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B3-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        648192        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\x64\AeroFSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5_AeroFSShellExtension]

@="{882108B5-26E6-4926-BC70-EA1D738D5DEB}"

[HKEY_CLASSES_ROOT\CLSID\{882108B5-26E6-4926-BC70-EA1D738D5DEB}]

2014-03-26 20:25        648192        ----a-w-        c:\users\Elethor\AppData\Roaming\AeroFSExec\v_0.8.22\x64\AeroFSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://de.yahoo.com?fr=fp-comodo

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = localhost:21320

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Elethor\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - www.google.de/search?q=

FF - prefs.js: network.proxy.ftp - 95.211.156.222

FF - prefs.js: network.proxy.ftp_port - 7777

FF - prefs.js: network.proxy.gopher - 127.0.0.1

FF - prefs.js: network.proxy.gopher_port - 4001

FF - prefs.js: network.proxy.http - 95.211.156.222

FF - prefs.js: network.proxy.http_port - 7777

FF - prefs.js: network.proxy.socks - 95.211.156.222

FF - prefs.js: network.proxy.socks_port - 7777

FF - prefs.js: network.proxy.ssl - 95.211.156.222

FF - prefs.js: network.proxy.ssl_port - 7777

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{882108B4-26E6-4926-BC70-EA1D738D5DEB} - (no file)

Notify-LBTWlgn - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{882108B4-26E6-4926-BC70-EA1D738D5DEB} - (no file)

AddRemove-BattlEye for OA - j:\steamlibrary\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe

AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Elethor\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3937361682-188343742-509953620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*"29]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3937361682-188343742-509953620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*"29\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3937361682-188343742-509953620-1001\Software\SecuROM\License information*]

"datasecu"=hex:ac,b1,aa,c3,c2,b4,dd,2e,da,b3,b0,81,a1,86,41,ec,29,ad,a6,1e,a1,

   74,96,0f,d5,a7,79,06,e1,7d,ea,84,d9,d0,77,19,a5,b6,bc,e4,cd,28,78,07,dc,92,\

"rkeysecu"=hex:7d,01,5d,c3,90,da,d8,7d,20,33,f3,f4,a2,3c,74,e9

.

[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-04-25  14:41:33 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-04-25 12:41

.

Vor Suchlauf: 14 Verzeichnis(se), 27.251.896.320 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 26.657.349.632 Bytes frei

.

- - End Of File - - B09AE0F82F66DF25B3F3D22759DA642C

A36C5E4F47E84449FF07ED3517B43A31

Das programm wurde erst nicht richtig entpackt weil comodo anscheinend trotz beendigung weiterhin zugriffe blockiert hat.
Nachdem ich es dann zum starten bekommen habe waren avira und Spybot noch aktiv die hab ich abgeschaltet, combofix hat sich dann noch über die updateprozesse von spybot beschwert die nicht mit dem programm geschlossen wurden, welche ich dann aber per taskmanager geschlossen habe.
Nach dem neustart wurde in der Combofix konsole kurz "Zugriff verweigert" angezeigt es gab danach aber keinerlei fehlermeldung.

Mfg,

Seleyon

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo,

adw cleaner wurde mir anscheinend schonmal von nem bekannten empfohlen, damit habe ich schon einen suchlauf gemacht wie ich am log gesehen habe...entschuldigung das ich das nicht schon früher gesehen habe ist im moment bissel viel los...

mbam.txt

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 26.04.2014

Suchlauf-Zeit: 13:19:55

Logdatei: mdba.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.04.26.01

Rootkit Datenbank: v2014.03.27.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Aktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: ****
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 272437

Verstrichene Zeit: 27 Min, 25 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Shuriken: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Adwcleaner 12.04

Code:

# AdwCleaner v3.023 - Bericht erstellt am 12/04/2014 um 00:47:34

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)

# Benutzername : **** - ****-PC

# Gestartet von : C:\Users\****\Desktop\WICHTIG\Downloads\adwcleaner3023.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Trymedia

Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar

Ordner Gelöscht : C:\Users\****\AppData\Local\CrashRpt

Ordner Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\FoxTab

Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\searchplugins\winamp-search.xml
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}

Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17041
 
 

-\\ Mozilla Firefox v28.0 (de)
 

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\prefs.js ]
 

Zeile gelöscht : user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 259);

Zeile gelöscht : user_pref("aol_toolbar.surf.date", "30");

Zeile gelöscht : user_pref("aol_toolbar.surf.lastDate", "11");

Zeile gelöscht : user_pref("aol_toolbar.surf.lastMonth", "3");

Zeile gelöscht : user_pref("aol_toolbar.surf.lastYear", "2014");

Zeile gelöscht : user_pref("aol_toolbar.surf.month", "328");

Zeile gelöscht : user_pref("aol_toolbar.surf.prevMonth", "2118");

Zeile gelöscht : user_pref("aol_toolbar.surf.total", "69671");

Zeile gelöscht : user_pref("aol_toolbar.surf.week", "186");

Zeile gelöscht : user_pref("aol_toolbar.surf.year", "10486");

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20110607145905470&tb_oid=22-09-2010&tb_mrud=23-12-2012&query[...]

Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 27);

Zeile gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");

Zeile gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false);

Zeile gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "7E03901256DF9B6389C204FF2D22B586");

Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "27");

Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 27);

Zeile gelöscht : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
 

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\hc2e45sg.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [5150 octets] - [12/04/2014 00:45:47]

AdwCleaner[S0].txt - [4921 octets] - [12/04/2014 00:47:34]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4981 octets] ##########

adwcleaner heute

Code:

# AdwCleaner v3.203 - Bericht erstellt am 26/04/2014 um 20:37:21

# Aktualisiert 26/04/2014 von Xplode

# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)

# Benutzername : **** - ****-PC

# Gestartet von : C:\Users\****\Desktop\WICHTIG\Downloads\adwcleaner(1).exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\****\.android
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17041
 
 

-\\ Mozilla Firefox v28.0 (de)
 

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\prefs.js ]
 
 

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\hc2e45sg.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [5150 octets] - [12/04/2014 00:45:47]

AdwCleaner[R1].txt - [1095 octets] - [26/04/2014 20:35:23]

AdwCleaner[S0].txt - [5097 octets] - [12/04/2014 00:47:34]

AdwCleaner[S1].txt - [1019 octets] - [26/04/2014 20:37:21]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1079 octets] ##########

JRT.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Enterprise x64

Ran by **** on 26.04.2014 at 20:42:39,48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\6ao4ehfq.default\prefs.js
 

user_pref("adblock.patterns", "hxxp://content.yieldmanager.edgesuite.net/atoms/63/c9/63c952cb67bc9ac4f3859c2a6602bb0c.gif hxxp://content.yieldmanager.edgesuite.net/atoms/e5/53

user_pref("extensions.opensearch@ask.com.install-event-fired", true);

Emptied folder: C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\6ao4ehfq.default\minidumps [352 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26.04.2014 at 22:16:25,92

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

...
FRST log

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 03

Ran by **** (administrator) on ****-PC on 26-04-2014 22:20:19

Running from C:\Users\****\Desktop\WICHTIG\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk

ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: localhost:21320

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default

FF DefaultSearchEngine: AOL Search

FF Homepage: about:home

FF Keyword.URL: www.google.de/search?q=

FF NetworkProxy: "backup.ftp", "94.100.29.164 "

FF NetworkProxy: "backup.ftp_port", 3128

FF NetworkProxy: "backup.gopher", "83.98.5.2"

FF NetworkProxy: "backup.gopher_port", 4001

FF NetworkProxy: "backup.socks", "94.100.29.164 "

FF NetworkProxy: "backup.socks_port", 3128

FF NetworkProxy: "backup.ssl", "94.100.29.164 "

FF NetworkProxy: "backup.ssl_port", 3128

FF NetworkProxy: "ftp", "95.211.156.222"

FF NetworkProxy: "ftp_port", 7777

FF NetworkProxy: "gopher", "127.0.0.1"

FF NetworkProxy: "gopher_port", 4001

FF NetworkProxy: "http", "95.211.156.222"

FF NetworkProxy: "http_port", 7777

FF NetworkProxy: "no_proxies_on", ""

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "95.211.156.222"

FF NetworkProxy: "socks_port", 7777

FF NetworkProxy: "ssl", "95.211.156.222"

FF NetworkProxy: "ssl_port", 7777

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\****\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()

FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\searchplugins\searchplugins-backup

FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\searchplugins\siteadvisor.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\donottrackplus@abine.com [2014-04-25]

FF Extension: FoxyProxy Standard - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\foxyproxy@eric.h.jung [2014-02-07]

FF Extension: MaskMe - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\idme@abine.com [2014-03-08]

FF Extension: RedShift V3.6 - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\redshift_V2@shift-themes.com [2011-11-06]

FF Extension: Aero Fox XL - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2011-11-06]

FF Extension: DivX Web Player - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-11-23]

FF Extension: Ghostery - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\firefox@ghostery.com.xpi [2013-12-05]

FF Extension: Self-Destructing Cookies - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2013-12-05]

FF Extension: Personas Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\personas@christopher.beard.xpi [2013-03-01]

FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-06]

FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-06]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-26] ()

R3 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()

S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1c\RpcAgentSrv.exe [72344 2008-03-24] (SiSoftware)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-20] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-20] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)

R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)

R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-09] (Duplex Secure Ltd.)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-26 22:16 - 2014-04-26 22:16 - 00001135 _____ () C:\Users\****\Desktop\JRT.txt

2014-04-26 20:39 - 2014-04-26 20:39 - 00000022 _____ () C:\Windows\S.dirmngr

2014-04-25 14:41 - 2014-04-25 14:41 - 00022015 _____ () C:\ComboFix.txt

2014-04-25 14:32 - 2014-04-25 14:32 - 00000552 _____ () C:\Windows\PFRO.log

2014-04-25 14:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-25 14:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-25 14:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-25 14:15 - 2014-04-25 14:41 - 00000000 ____D () C:\Qoobox

2014-04-25 14:10 - 2014-04-25 14:38 - 00000000 ____D () C:\Windows\erdnt

2014-04-25 14:05 - 2014-04-26 21:16 - 00000504 _____ () C:\Windows\setupact.log

2014-04-25 14:05 - 2014-04-25 14:05 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-22 10:14 - 2014-04-24 23:47 - 05196870 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe

2014-04-21 15:01 - 2014-04-21 15:01 - 00003850 _____ () C:\Users\****\Gmerlog.log

2014-04-19 19:50 - 2014-04-20 03:25 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps

2014-04-18 17:31 - 2014-04-18 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-04-18 17:31 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-18 17:31 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-18 17:31 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-18 17:31 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-17 19:39 - 2014-04-17 19:39 - 00042010 _____ () C:\Users\****\Desktop\Addition.txt

2014-04-17 19:38 - 2014-04-17 19:39 - 00040238 _____ () C:\Users\****\Desktop\FRST.txt

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieUserList

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieSiteList

2014-04-17 19:03 - 2014-04-26 22:20 - 00000000 ____D () C:\FRST

2014-04-17 18:54 - 2014-04-17 18:54 - 00000020 _____ () C:\Users\****\defogger_reenable

2014-04-17 18:36 - 2014-04-17 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-12 15:19 - 2014-04-12 15:19 - 00000000 ____D () C:\Windows\ERUNT

2014-04-12 13:43 - 2014-04-12 13:43 - 00002381 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_134357.txt

2014-04-12 13:42 - 2014-04-12 13:42 - 00002531 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_134255.txt

2014-04-12 13:38 - 2014-04-12 14:45 - 14118912 _____ () C:\Users\****\AppData\Roaming\Sandra.mdb

2014-04-12 13:34 - 2014-04-12 13:34 - 00001183 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Lite 2014.SP1c.lnk

2014-04-12 13:29 - 2014-04-12 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware

2014-04-12 13:29 - 2014-04-12 13:29 - 00000000 ____D () C:\Program Files\SiSoftware

2014-04-12 00:45 - 2014-04-26 20:38 - 00000000 ____D () C:\AdwCleaner

2014-04-12 00:44 - 2014-04-21 15:12 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (2)

2014-04-12 00:44 - 2014-04-12 00:44 - 00019339 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_004308.txt

2014-04-12 00:40 - 2014-04-12 00:40 - 00019469 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_004051.txt

2014-04-12 00:36 - 2014-04-12 00:44 - 00000000 ____D () C:\Users\****\Desktop\RK_Quarantine

2014-04-12 00:15 - 2014-04-12 00:15 - 00003214 _____ () C:\Windows\System32\Tasks\{AA9B7088-EC46-4AA5-AF0E-FF517BE0660C}

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Program Files (x86)\NirSoft

2014-04-11 14:49 - 2012-01-10 14:28 - 00750488 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll

2014-04-11 14:49 - 2012-01-10 14:28 - 00660368 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll

2014-04-11 14:18 - 2014-04-21 02:08 - 00003128 _____ () C:\Windows\wininit.ini

2014-04-10 19:52 - 2014-04-26 20:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-10 19:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-10 19:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-10 19:16 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-10 19:15 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-10 19:15 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-10 19:15 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-10 19:15 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-10 19:15 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-10 19:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-10 19:15 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-10 19:15 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-10 19:15 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-10 19:15 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-10 19:15 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-10 19:15 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-10 19:15 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-10 19:15 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-10 19:15 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-10 19:15 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-10 19:15 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-10 19:15 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-10 19:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-10 19:15 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-10 19:15 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-10 19:15 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-10 19:15 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-10 19:15 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-10 19:15 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-10 19:15 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-10 19:15 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-10 19:15 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-10 19:15 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-10 19:15 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-10 19:15 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-10 19:15 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-10 19:15 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-10 19:15 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-10 19:15 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-10 19:15 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-10 19:15 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-10 19:15 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-10 19:15 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-10 19:15 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-10 19:15 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-10 19:15 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-10 19:15 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-10 19:15 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-10 19:15 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-10 19:15 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-10 19:07 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-10 19:07 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-10 19:07 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-10 19:07 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-10 19:07 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-10 19:07 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-06 23:38 - 2014-04-06 23:38 - 00000000 ____D () C:\Users\****\AppData\Roaming\Trine2

2014-04-06 21:38 - 2014-04-06 21:38 - 00002053 _____ () C:\Users\****\Desktop\HijackThis.lnk

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-05 00:42 - 2014-04-06 23:36 - 00000000 ____D () C:\Users\****\AppData\Roaming\Comodo

2014-04-05 00:41 - 2014-04-05 12:35 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO

2014-04-05 00:41 - 2014-04-05 00:41 - 00000000 ____D () C:\ProgramData\Shared Space

2014-04-05 00:40 - 2014-03-25 21:22 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll

2014-03-29 20:40 - 2014-03-29 20:40 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-29 20:40 - 2014-03-29 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-03-29 18:45 - 2014-03-29 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 01:36 - 2014-03-29 01:36 - 00003088 _____ () C:\Windows\System32\Tasks\{68B1960A-7A0C-4FC7-9E71-82A5E7108C17}
 

==================== One Month Modified Files and Folders =======
 

2014-04-26 22:20 - 2014-04-17 19:03 - 00000000 ____D () C:\FRST

2014-04-26 22:16 - 2014-04-26 22:16 - 00001135 _____ () C:\Users\****\Desktop\JRT.txt

2014-04-26 21:45 - 2009-07-14 06:45 - 00016544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-26 21:45 - 2009-07-14 06:45 - 00016544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-26 21:16 - 2014-04-25 14:05 - 00000504 _____ () C:\Windows\setupact.log

2014-04-26 20:59 - 2014-04-10 19:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-26 20:43 - 2013-08-27 19:19 - 01501431 _____ () C:\Windows\WindowsUpdate.log

2014-04-26 20:39 - 2014-04-26 20:39 - 00000022 _____ () C:\Windows\S.dirmngr

2014-04-26 20:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-26 20:38 - 2014-04-12 00:45 - 00000000 ____D () C:\AdwCleaner

2014-04-26 20:37 - 2011-11-06 06:52 - 00000000 ____D () C:\Users\****

2014-04-25 16:01 - 2013-03-09 16:43 - 00000000 ____D () C:\Users\****\AppData\Local\ArmA 2 OA

2014-04-25 16:01 - 2013-02-16 13:23 - 00742646 _____ () C:\Windows\system32\perfh013.dat

2014-04-25 16:01 - 2013-02-16 13:23 - 00156440 _____ () C:\Windows\system32\perfc013.dat

2014-04-25 16:01 - 2010-11-21 08:22 - 00707316 _____ () C:\Windows\system32\perfh007.dat

2014-04-25 16:01 - 2010-11-21 08:22 - 00152908 _____ () C:\Windows\system32\perfc007.dat

2014-04-25 16:01 - 2009-07-14 07:13 - 02541440 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-25 15:37 - 2011-11-06 08:16 - 00000000 ____D () C:\Users\****\AppData\Local\PMB Files

2014-04-25 14:41 - 2014-04-25 14:41 - 00022015 _____ () C:\ComboFix.txt

2014-04-25 14:41 - 2014-04-25 14:15 - 00000000 ____D () C:\Qoobox

2014-04-25 14:41 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-04-25 14:38 - 2014-04-25 14:10 - 00000000 ____D () C:\Windows\erdnt

2014-04-25 14:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-25 14:32 - 2014-04-25 14:32 - 00000552 _____ () C:\Windows\PFRO.log

2014-04-25 14:07 - 2012-02-13 16:45 - 00706048 ___SH () C:\Users\****\Desktop\Thumbs.db

2014-04-25 14:05 - 2014-04-25 14:05 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-25 00:46 - 2011-11-07 06:37 - 00000000 ____D () C:\Users\****\AppData\Roaming\Winamp

2014-04-24 23:48 - 2012-05-30 21:38 - 00000000 ____D () C:\Users\****\Desktop\USB-Stick

2014-04-24 23:47 - 2014-04-22 10:14 - 05196870 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe

2014-04-21 20:16 - 2011-11-06 08:42 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype

2014-04-21 17:16 - 2011-11-06 08:16 - 00000000 ____D () C:\ProgramData\PMB Files

2014-04-21 15:12 - 2014-04-12 00:44 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (2)

2014-04-21 15:01 - 2014-04-21 15:01 - 00003850 _____ () C:\Users\****\Gmerlog.log

2014-04-21 02:08 - 2014-04-11 14:18 - 00003128 _____ () C:\Windows\wininit.ini

2014-04-20 03:25 - 2014-04-19 19:50 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps

2014-04-20 03:25 - 2013-09-27 21:33 - 00000000 ____D () C:\Windows\Minidump

2014-04-19 15:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-04-18 17:31 - 2014-04-18 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-04-18 17:31 - 2013-11-02 12:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-04-18 17:31 - 2012-03-10 18:48 - 00000000 ____D () C:\Program Files (x86)\Java

2014-04-18 03:46 - 2011-11-23 19:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc

2014-04-18 00:24 - 2011-11-20 16:30 - 00000000 ____D () C:\Users\****\Documents\Battlefield 2

2014-04-18 00:12 - 2011-11-11 02:06 - 00000000 ____D () C:\Users\****\Documents\My Games

2014-04-18 00:11 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-04-17 19:39 - 2014-04-17 19:39 - 00042010 _____ () C:\Users\****\Desktop\Addition.txt

2014-04-17 19:39 - 2014-04-17 19:38 - 00040238 _____ () C:\Users\****\Desktop\FRST.txt

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieUserList

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieSiteList

2014-04-17 18:54 - 2014-04-17 18:54 - 00000020 _____ () C:\Users\****\defogger_reenable

2014-04-17 18:36 - 2014-04-17 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-16 23:12 - 2011-10-07 19:48 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys

2014-04-14 20:13 - 2014-04-18 17:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-14 20:05 - 2014-04-18 17:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-14 20:05 - 2014-04-18 17:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-14 20:04 - 2014-04-18 17:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-12 15:19 - 2014-04-12 15:19 - 00000000 ____D () C:\Windows\ERUNT

2014-04-12 14:45 - 2014-04-12 13:38 - 14118912 _____ () C:\Users\****\AppData\Roaming\Sandra.mdb

2014-04-12 14:07 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-04-12 13:43 - 2014-04-12 13:43 - 00002381 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_134357.txt

2014-04-12 13:42 - 2014-04-12 13:42 - 00002531 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_134255.txt

2014-04-12 13:34 - 2014-04-12 13:34 - 00001183 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Lite 2014.SP1c.lnk

2014-04-12 13:34 - 2014-04-12 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware

2014-04-12 13:29 - 2014-04-12 13:29 - 00000000 ____D () C:\Program Files\SiSoftware

2014-04-12 00:44 - 2014-04-12 00:44 - 00019339 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_004308.txt

2014-04-12 00:44 - 2014-04-12 00:36 - 00000000 ____D () C:\Users\****\Desktop\RK_Quarantine

2014-04-12 00:40 - 2014-04-12 00:40 - 00019469 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_004051.txt

2014-04-12 00:15 - 2014-04-12 00:15 - 00003214 _____ () C:\Windows\System32\Tasks\{AA9B7088-EC46-4AA5-AF0E-FF517BE0660C}

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Program Files (x86)\NirSoft

2014-04-11 20:50 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media

2014-04-11 14:50 - 2011-11-07 06:37 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect

2014-04-11 14:48 - 2011-11-06 06:52 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-11 14:34 - 2011-11-07 06:35 - 00000000 ___RD () C:\Users\****\Desktop\WICHTIG

2014-04-11 14:31 - 2011-11-17 09:05 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-11 14:31 - 2011-11-17 09:05 - 00000000 ____D () C:\Program Files\CCleaner

2014-04-11 13:25 - 2014-02-07 21:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-11 13:25 - 2014-02-07 21:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-11 13:25 - 2011-11-10 18:08 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe

2014-04-11 13:22 - 2013-12-27 21:05 - 00000000 ____D () C:\FreeOCR

2014-04-11 13:21 - 2011-12-09 07:11 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite

2014-04-11 13:21 - 2011-11-23 18:09 - 00000000 ____D () C:\Program Files\DivX

2014-04-11 13:21 - 2011-11-23 18:06 - 00000000 ____D () C:\ProgramData\DivX

2014-04-11 13:20 - 2013-12-30 18:59 - 00000000 ____D () C:\Users\****\AppData\Roaming\Dropbox

2014-04-11 13:16 - 2011-11-09 05:46 - 00000000 ____D () C:\Program Files\Logitech

2014-04-11 13:16 - 2011-11-07 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2014-04-11 13:14 - 2011-12-24 20:39 - 00000000 ____D () C:\Program Files (x86)\Nokia

2014-04-11 13:12 - 2012-05-21 03:04 - 00000000 ____D () C:\Users\****\AppData\Local\Unity

2014-04-11 13:12 - 2011-11-06 06:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-10 20:10 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2012-12-09 20:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes

2014-04-10 19:51 - 2012-12-09 20:38 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-10 19:51 - 2012-12-09 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-10 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-04-10 19:15 - 2013-07-30 04:32 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 19:09 - 2011-03-08 21:49 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-08 20:13 - 2012-01-30 21:28 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer

2014-04-06 23:38 - 2014-04-06 23:38 - 00000000 ____D () C:\Users\****\AppData\Roaming\Trine2

2014-04-06 23:36 - 2014-04-05 00:42 - 00000000 ____D () C:\Users\****\AppData\Roaming\Comodo

2014-04-06 21:38 - 2014-04-06 21:38 - 00002053 _____ () C:\Users\****\Desktop\HijackThis.lnk

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-05 15:51 - 2012-07-28 17:35 - 00003114 _____ () C:\Windows\System32\Tasks\TeamViewer.exe

2014-04-05 15:45 - 2011-11-07 03:48 - 00000000 ____D () C:\ProgramData\Comodo

2014-04-05 15:28 - 2013-05-23 13:40 - 00000000 ____D () C:\Users\****\Desktop\@CBA_CO

2014-04-05 12:53 - 2013-11-07 16:07 - 00000000 ____D () C:\Users\****\AppData\Local\AeroFS

2014-04-05 12:35 - 2014-04-05 00:41 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO

2014-04-05 00:41 - 2014-04-05 00:41 - 00000000 ____D () C:\ProgramData\Shared Space

2014-04-05 00:41 - 2011-11-07 03:47 - 00000000 ____D () C:\ProgramData\Comodo Downloader

2014-04-04 16:46 - 2013-06-27 02:50 - 00000000 ____D () C:\ProgramData\Origin

2014-04-04 16:34 - 2013-06-27 02:50 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-04-03 09:51 - 2014-04-10 19:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-10 19:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2012-12-09 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-31 00:40 - 2011-11-06 09:23 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-03-31 00:40 - 2011-11-06 07:59 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-03-31 00:40 - 2011-11-06 07:59 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-03-30 19:59 - 2012-04-26 01:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-29 20:40 - 2014-03-29 20:40 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-29 20:40 - 2014-03-29 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-03-29 20:40 - 2011-11-06 08:42 - 00000000 ____D () C:\ProgramData\Skype

2014-03-29 18:45 - 2014-03-29 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-29 01:36 - 2014-03-29 01:36 - 00003088 _____ () C:\Windows\System32\Tasks\{68B1960A-7A0C-4FC7-9E71-82A5E7108C17}

2014-03-28 02:52 - 2011-11-06 07:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-03-28 02:47 - 2013-07-06 15:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-03-28 02:38 - 2013-06-27 02:55 - 00000000 ____D () C:\Users\****\AppData\Roaming\Origin

2014-03-27 21:02 - 2013-11-07 16:01 - 00000000 ____D () C:\Users\****\AppData\Roaming\AeroFSExec
 

Some content of TEMP:

====================

C:\Users\****\AppData\Local\Temp\avgnt.exe

C:\Users\****\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
 
 

LastRegBack: 2014-04-19 15:18
 

==================== End Of Log ============================

--- --- ---

Addition log

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2014 03

Ran by **** at 2014-04-26 22:21:37

Running from C:\Users\****\Desktop\WICHTIG\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

AeroFS (HKCU\...\AeroFS) (Version:  - Air Computing, Inc.)

AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden

Application Profiles (x32 Version: 2.0.4532.34673 - Ihr Firmenname) Hidden

Areca (HKLM-x32\...\Areca) (Version:  - )

Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)

Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )

Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.1.0 - Auslogics Labs Pty Ltd)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version:  - )

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)

Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.0522.2128.36590 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Champions Online: Free For All (HKLM-x32\...\Steam App 9880) (Version:  - Cryptic Studios)

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)

COMODO Internet Security (HKLM\...\{4EAB2511-0135-48CA-A47B-CE1E6836793A}) (Version: 5.8.16726.2131 - COMODO Security Solutions Inc.)

Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

DayZ Commander (HKLM-x32\...\{0170930E-68D6-4E85-88B2-82761CDE1F94}) (Version: 0.92.69 - Dotjosh Studios)

Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Diaspora version 1.0.4 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.0.4 - Diaspora Development)

Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )

Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)

G51 Skins (HKLM-x32\...\{B446F5BC-0503-452D-B9B9-37B782A51FB1}) (Version: 1.0.0 - Logitech)

Gajim (HKLM-x32\...\Gajim) (Version: 0.14.4 - )

GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)

Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)

Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)

HydraVision (x32 Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden

InfiniteCrisis (HKLM-x32\...\InfiniteCrisis) (Version:  - Turbine, Inc)

Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version:  - Zero Point Software)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JC2-MP version 0.0.14 (Build 481) (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.14 (Build 481) - )

Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)

Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)

K-Lite Codec Pack 7.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)

Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden

Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden

MOS v1.3 Full Install (HKCU\...\MOS v1.3 Full Install) (Version:  - )

MotioninJoy DS3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0005 - www.motioninjoy.com)

Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)

MRIcroN (remove only) (HKLM-x32\...\MRIcroN) (Version:  - )

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)

Nero 9 Lite (HKLM-x32\...\{5dcda8bd-0c22-4b65-82fd-3357c4d1c2d4}) (Version:  - Nero AG)

Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden

Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden

Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden

Nero StartSmart (x32 Version: 9.4.31.100 - Nero AG) Hidden

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)

Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)

Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)

Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)

PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)

Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)

Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)

Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)

SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)

Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)

Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - )

SiSoftware Sandra Lite 2014.SP1c (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.25.2014.4 - SiSoftware)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)

Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)

Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)

StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version:  - CodeHatch)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Stronghold (HKLM-x32\...\Steam App 40950) (Version:  - Firefly Studios)

Stronghold HD (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.30.0001 - Firefly Studios)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)

The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version:  - Snowblind Studios)

Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)

Warframe (HKLM-x32\...\Steam App 230410) (Version:  - )

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
 

==================== Restore Points  =========================
 

25-04-2014 12:17:36 ComboFix created restore point
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2014-04-25 14:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {01255558-A58C-404D-AD89-45E79BD9E59A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {28E36051-FF2B-4888-B07D-30174885EF66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {3AB5DD20-5DD0-423C-AA47-15CD86F8DA6D} - System32\Tasks\{68B1960A-7A0C-4FC7-9E71-82A5E7108C17} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar

Task: {76640CB7-CEE4-4427-9297-DF7DCEB1DB65} - System32\Tasks\TeamViewer.exe => C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

Task: {770D2057-5076-4290-96EB-B58B98B42576} - System32\Tasks\{E4ADE269-8728-4546-9AF1-001093D91D4B} => D:\Programme\Spiele\Riot Games\League of Legends\lol.launcher.exe [2012-05-29] ()

Task: {7BE00FB0-3192-4663-A6A4-6F15509F310B} - System32\Tasks\{60434CFB-5BD0-442C-B433-1EF1E0B61624} => D:\Programme\Spiele\Riot Games\League of Legends\lol.launcher.exe [2012-05-29] ()

Task: {9C6409EB-DE46-4907-BD9E-C74700244752} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {BDA064F4-4831-4E50-BA9E-69BE18126A47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {C3646003-9A4C-4CC5-A017-B72BB3FC0D20} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {F6F8AF89-4A9A-4508-A215-A6726DEADF9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
 

==================== Loaded Modules (whitelisted) =============
 

2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

2011-11-06 07:59 - 2014-03-28 02:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll

2013-06-18 16:49 - 2013-06-18 16:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2013-04-30 00:08 - 2013-04-30 00:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2012-12-14 14:54 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll

2013-11-01 22:25 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2013-11-01 22:25 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2013-11-01 22:25 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2013-11-01 22:25 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-11-01 22:25 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-03-29 18:45 - 2014-03-29 18:45 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 

==================== Disabled items from MSCONFIG ==============
 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe

MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-04-25 14:30:20.876

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-04-25 14:30:20.798

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-04-06 22:11:54.313

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 22:11:54.251

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:36:07.760

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:36:07.682

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:22:56.754

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:22:56.692

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 20:44:22.440

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 20:44:22.362

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 42%

Total physical RAM: 4095.55 MB

Available physical RAM: 2360.47 MB

Total Pagefile: 8189.29 MB

Available Pagefile: 5481.5 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:146.39 GB) (Free:24.74 GB) NTFS

Drive d: () (Fixed) (Total:319.27 GB) (Free:18.38 GB) NTFS

Drive f: (Ubuntu-Live-Custom) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

Drive g: () (Removable) (Total:3.74 GB) (Free:0.01 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5EEF5EEF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=319 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Mfg,

Seleyon

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo,

hier die beiden logs, der ESET Scan hat ne ganze weile gedauert.

Soweit scheint es im moment keine probleme mehr zu geben.

Mfg,

Seleyon

ESET Log

Code:

J:\Laptop\Users\****\Desktop\WICHTIG\Downloads\vlc-2.0.2-win32.exe        Win32/StartPage.OPH Trojaner

J:\Laptop 21-12-13\Users\****\Desktop\WICHTIG\Downloads\vlc-2.0.2-win32.exe        Win32/StartPage.OPH Trojaner

J:\Platte C\Dokumente und Einstellungen\****\Desktop\WICHTIG\Downloads\FOSetup314.exe        Variante von Win32/Injector.PLO Trojaner

J:\Sicherung Xp\C\Dokumente und Einstellungen\****\Desktop\WICHTIG\Downloads\Games\FOSetup314.exe        Variante von Win32/Injector.PLO Trojaner

SecurityCheck

Code:

 Results of screen317's Security Check version 0.99.82  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Out of date HijackThis  installed! 

 Spybot - Search & Destroy 

 HijackThis 2.0.2    

 Java 7 Update 55  

 Adobe Flash Player 13.0.0.182  

 Adobe Reader XI  

 Mozilla Firefox (28.0) 

 Mozilla Thunderbird (24.4.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Spybot Teatimer.exe is disabled! 

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Comodo Firewall cmdagent.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

und wieder vergessen -.-

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 03

Ran by **** (administrator) on ****-PC on 29-04-2014 17:55:08

Running from C:\Users\****\Desktop\WICHTIG\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk

ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: localhost:21320

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default

FF DefaultSearchEngine: AOL Search

FF Homepage: about:home

FF Keyword.URL: www.google.de/search?q=

FF NetworkProxy: "backup.ftp", "94.100.29.164 "

FF NetworkProxy: "backup.ftp_port", 3128

FF NetworkProxy: "backup.gopher", "83.98.5.2"

FF NetworkProxy: "backup.gopher_port", 4001

FF NetworkProxy: "backup.socks", "94.100.29.164 "

FF NetworkProxy: "backup.socks_port", 3128

FF NetworkProxy: "backup.ssl", "94.100.29.164 "

FF NetworkProxy: "backup.ssl_port", 3128

FF NetworkProxy: "ftp", "95.211.156.222"

FF NetworkProxy: "ftp_port", 7777

FF NetworkProxy: "gopher", "127.0.0.1"

FF NetworkProxy: "gopher_port", 4001

FF NetworkProxy: "http", "95.211.156.222"

FF NetworkProxy: "http_port", 7777

FF NetworkProxy: "no_proxies_on", ""

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "95.211.156.222"

FF NetworkProxy: "socks_port", 7777

FF NetworkProxy: "ssl", "95.211.156.222"

FF NetworkProxy: "ssl_port", 7777

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\****\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()

FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\searchplugins\searchplugins-backup

FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\searchplugins\siteadvisor.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\donottrackplus@abine.com [2014-04-25]

FF Extension: FoxyProxy Standard - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\foxyproxy@eric.h.jung [2014-02-07]

FF Extension: MaskMe - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\idme@abine.com [2014-03-08]

FF Extension: RedShift V3.6 - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\redshift_V2@shift-themes.com [2011-11-06]

FF Extension: Aero Fox XL - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2011-11-06]

FF Extension: DivX Web Player - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-11-23]

FF Extension: Ghostery - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\firefox@ghostery.com.xpi [2013-12-05]

FF Extension: Self-Destructing Cookies - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2013-12-05]

FF Extension: Personas Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\personas@christopher.beard.xpi [2013-03-01]

FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-06]

FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6ao4ehfq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-06]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-26] ()

R3 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()

S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1c\RpcAgentSrv.exe [72344 2008-03-24] (SiSoftware)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-20] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-20] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)

R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)

R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-09] (Duplex Secure Ltd.)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-29 17:36 - 2014-04-29 17:36 - 00855379 _____ () C:\Users\****\Desktop\SecurityCheck.exe

2014-04-29 17:32 - 2014-04-29 17:54 - 00000471 _____ () C:\Users\****\Desktop\ESET.txt

2014-04-28 11:05 - 2014-04-28 11:05 - 00000022 _____ () C:\Windows\S.dirmngr

2014-04-28 04:04 - 2014-04-29 17:29 - 00002072 _____ () C:\Windows\setupact.log

2014-04-28 04:04 - 2014-04-28 04:04 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\****\Downloads\****

2014-04-27 02:05 - 2014-04-27 02:06 - 00000000 ____D () C:\Program Files (x86)\TERA

2014-04-27 02:05 - 2014-04-27 02:05 - 00000000 ____D () C:\Users\****\AppData\Roaming\TERA

2014-04-27 02:05 - 2014-04-27 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA

2014-04-26 22:27 - 2014-04-26 22:28 - 00001143 _____ () C:\Users\****\Desktop\mdba.txt

2014-04-26 22:16 - 2014-04-26 22:29 - 00001126 _____ () C:\Users\****\Desktop\JRT.txt

2014-04-25 14:41 - 2014-04-25 14:41 - 00022015 _____ () C:\ComboFix.txt

2014-04-25 14:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-25 14:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-25 14:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-25 14:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-25 14:15 - 2014-04-25 14:41 - 00000000 ____D () C:\Qoobox

2014-04-25 14:10 - 2014-04-25 14:38 - 00000000 ____D () C:\Windows\erdnt

2014-04-22 10:14 - 2014-04-24 23:47 - 05196870 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe

2014-04-21 15:01 - 2014-04-21 15:01 - 00003850 _____ () C:\Users\****\Gmerlog.log

2014-04-19 19:50 - 2014-04-20 03:25 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps

2014-04-18 17:31 - 2014-04-18 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-04-18 17:31 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-18 17:31 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-18 17:31 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-18 17:31 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-17 19:39 - 2014-04-17 19:39 - 00042010 _____ () C:\Users\****\Desktop\Addition.txt

2014-04-17 19:38 - 2014-04-17 19:39 - 00040238 _____ () C:\Users\****\Desktop\FRST.txt

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieUserList

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieSiteList

2014-04-17 19:03 - 2014-04-29 17:55 - 00000000 ____D () C:\FRST

2014-04-17 18:54 - 2014-04-17 18:54 - 00000020 _____ () C:\Users\****\defogger_reenable

2014-04-17 18:36 - 2014-04-17 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-12 15:19 - 2014-04-12 15:19 - 00000000 ____D () C:\Windows\ERUNT

2014-04-12 13:43 - 2014-04-12 13:43 - 00002381 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_134357.txt

2014-04-12 13:42 - 2014-04-12 13:42 - 00002531 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_134255.txt

2014-04-12 13:38 - 2014-04-12 14:45 - 14118912 _____ () C:\Users\****\AppData\Roaming\Sandra.mdb

2014-04-12 13:34 - 2014-04-12 13:34 - 00001183 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Lite 2014.SP1c.lnk

2014-04-12 13:29 - 2014-04-12 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware

2014-04-12 13:29 - 2014-04-12 13:29 - 00000000 ____D () C:\Program Files\SiSoftware

2014-04-12 00:45 - 2014-04-26 20:38 - 00000000 ____D () C:\AdwCleaner

2014-04-12 00:44 - 2014-04-21 15:12 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (2)

2014-04-12 00:44 - 2014-04-12 00:44 - 00019339 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_004308.txt

2014-04-12 00:40 - 2014-04-12 00:40 - 00019469 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_004051.txt

2014-04-12 00:36 - 2014-04-12 00:44 - 00000000 ____D () C:\Users\****\Desktop\RK_Quarantine

2014-04-12 00:15 - 2014-04-12 00:15 - 00003214 _____ () C:\Windows\System32\Tasks\{AA9B7088-EC46-4AA5-AF0E-FF517BE0660C}

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Program Files (x86)\NirSoft

2014-04-11 14:49 - 2012-01-10 14:28 - 00750488 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll

2014-04-11 14:49 - 2012-01-10 14:28 - 00660368 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll

2014-04-11 14:18 - 2014-04-21 02:08 - 00003128 _____ () C:\Windows\wininit.ini

2014-04-10 19:52 - 2014-04-28 11:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-10 19:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-10 19:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-10 19:16 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-10 19:15 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-10 19:15 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-10 19:15 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-10 19:15 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-10 19:15 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-10 19:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-10 19:15 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-10 19:15 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-10 19:15 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-10 19:15 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-10 19:15 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-10 19:15 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-10 19:15 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-10 19:15 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-10 19:15 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-10 19:15 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-10 19:15 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-10 19:15 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-10 19:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-10 19:15 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-10 19:15 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-10 19:15 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-10 19:15 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-10 19:15 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-10 19:15 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-10 19:15 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-10 19:15 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-10 19:15 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-10 19:15 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-10 19:15 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-10 19:15 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-10 19:15 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-10 19:15 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-10 19:15 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-10 19:15 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-10 19:15 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-10 19:15 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-10 19:15 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-10 19:15 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-10 19:15 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-10 19:15 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-10 19:15 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-10 19:15 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-10 19:15 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-10 19:15 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-10 19:15 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-10 19:07 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-10 19:07 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-10 19:07 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-10 19:07 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-10 19:07 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-10 19:07 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-10 19:07 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-06 23:38 - 2014-04-06 23:38 - 00000000 ____D () C:\Users\****\AppData\Roaming\Trine2

2014-04-06 21:38 - 2014-04-06 21:38 - 00002053 _____ () C:\Users\****\Desktop\HijackThis.lnk

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-05 00:42 - 2014-04-06 23:36 - 00000000 ____D () C:\Users\****\AppData\Roaming\Comodo

2014-04-05 00:41 - 2014-04-05 12:35 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO

2014-04-05 00:41 - 2014-04-05 00:41 - 00000000 ____D () C:\ProgramData\Shared Space

2014-04-05 00:40 - 2014-03-25 21:22 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll

2014-04-05 00:40 - 2014-03-25 21:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-29 17:55 - 2014-04-17 19:03 - 00000000 ____D () C:\FRST

2014-04-29 17:54 - 2014-04-29 17:32 - 00000471 _____ () C:\Users\****\Desktop\ESET.txt

2014-04-29 17:36 - 2014-04-29 17:36 - 00855379 _____ () C:\Users\****\Desktop\SecurityCheck.exe

2014-04-29 17:29 - 2014-04-28 04:04 - 00002072 _____ () C:\Windows\setupact.log

2014-04-29 17:26 - 2009-07-14 06:45 - 00016544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-29 17:26 - 2009-07-14 06:45 - 00016544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-29 14:51 - 2013-08-27 19:19 - 01533674 _____ () C:\Windows\WindowsUpdate.log

2014-04-28 11:19 - 2014-04-10 19:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-28 11:06 - 2012-02-13 16:45 - 00706048 ___SH () C:\Users\****\Desktop\Thumbs.db

2014-04-28 11:05 - 2014-04-28 11:05 - 00000022 _____ () C:\Windows\S.dirmngr

2014-04-28 11:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-28 04:04 - 2014-04-28 04:04 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\****\Downloads\RPC Clan

2014-04-27 16:46 - 2011-11-06 08:16 - 00000000 ____D () C:\Users\****\AppData\Local\PMB Files

2014-04-27 02:40 - 2011-11-06 08:42 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype

2014-04-27 02:06 - 2014-04-27 02:05 - 00000000 ____D () C:\Program Files (x86)\TERA

2014-04-27 02:05 - 2014-04-27 02:05 - 00000000 ____D () C:\Users\****\AppData\Roaming\TERA

2014-04-27 02:05 - 2014-04-27 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA

2014-04-26 22:29 - 2014-04-26 22:16 - 00001126 _____ () C:\Users\****\Desktop\JRT.txt

2014-04-26 22:28 - 2014-04-26 22:27 - 00001143 _____ () C:\Users\****\Desktop\mdba.txt

2014-04-26 20:38 - 2014-04-12 00:45 - 00000000 ____D () C:\AdwCleaner

2014-04-26 20:37 - 2011-11-06 06:52 - 00000000 ____D () C:\Users\****

2014-04-25 16:01 - 2013-03-09 16:43 - 00000000 ____D () C:\Users\****\AppData\Local\ArmA 2 OA

2014-04-25 16:01 - 2013-02-16 13:23 - 00742646 _____ () C:\Windows\system32\perfh013.dat

2014-04-25 16:01 - 2013-02-16 13:23 - 00156440 _____ () C:\Windows\system32\perfc013.dat

2014-04-25 16:01 - 2010-11-21 08:22 - 00707316 _____ () C:\Windows\system32\perfh007.dat

2014-04-25 16:01 - 2010-11-21 08:22 - 00152908 _____ () C:\Windows\system32\perfc007.dat

2014-04-25 16:01 - 2009-07-14 07:13 - 02541440 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-25 14:41 - 2014-04-25 14:41 - 00022015 _____ () C:\ComboFix.txt

2014-04-25 14:41 - 2014-04-25 14:15 - 00000000 ____D () C:\Qoobox

2014-04-25 14:41 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-04-25 14:38 - 2014-04-25 14:10 - 00000000 ____D () C:\Windows\erdnt

2014-04-25 14:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-25 00:46 - 2011-11-07 06:37 - 00000000 ____D () C:\Users\****\AppData\Roaming\Winamp

2014-04-24 23:48 - 2012-05-30 21:38 - 00000000 ____D () C:\Users\****\Desktop\USB-Stick

2014-04-24 23:47 - 2014-04-22 10:14 - 05196870 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe

2014-04-21 17:16 - 2011-11-06 08:16 - 00000000 ____D () C:\ProgramData\PMB Files

2014-04-21 15:12 - 2014-04-12 00:44 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (2)

2014-04-21 15:01 - 2014-04-21 15:01 - 00003850 _____ () C:\Users\****\Gmerlog.log

2014-04-21 02:08 - 2014-04-11 14:18 - 00003128 _____ () C:\Windows\wininit.ini

2014-04-20 03:25 - 2014-04-19 19:50 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps

2014-04-20 03:25 - 2013-09-27 21:33 - 00000000 ____D () C:\Windows\Minidump

2014-04-19 15:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-04-18 17:31 - 2014-04-18 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-04-18 17:31 - 2013-11-02 12:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-04-18 17:31 - 2012-03-10 18:48 - 00000000 ____D () C:\Program Files (x86)\Java

2014-04-18 03:46 - 2011-11-23 19:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc

2014-04-18 00:24 - 2011-11-20 16:30 - 00000000 ____D () C:\Users\****\Documents\Battlefield 2

2014-04-18 00:12 - 2011-11-11 02:06 - 00000000 ____D () C:\Users\****\Documents\My Games

2014-04-18 00:11 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-04-17 19:39 - 2014-04-17 19:39 - 00042010 _____ () C:\Users\****\Desktop\Addition.txt

2014-04-17 19:39 - 2014-04-17 19:38 - 00040238 _____ () C:\Users\****\Desktop\FRST.txt

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieUserList

2014-04-17 19:23 - 2014-04-17 19:23 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieSiteList

2014-04-17 18:54 - 2014-04-17 18:54 - 00000020 _____ () C:\Users\****\defogger_reenable

2014-04-17 18:36 - 2014-04-17 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-16 23:12 - 2011-10-07 19:48 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys

2014-04-16 23:12 - 2011-10-07 19:47 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys

2014-04-14 20:13 - 2014-04-18 17:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-14 20:05 - 2014-04-18 17:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-14 20:05 - 2014-04-18 17:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-14 20:04 - 2014-04-18 17:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-12 15:19 - 2014-04-12 15:19 - 00000000 ____D () C:\Windows\ERUNT

2014-04-12 14:45 - 2014-04-12 13:38 - 14118912 _____ () C:\Users\****\AppData\Roaming\Sandra.mdb

2014-04-12 14:07 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-04-12 13:43 - 2014-04-12 13:43 - 00002381 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_134357.txt

2014-04-12 13:42 - 2014-04-12 13:42 - 00002531 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_134255.txt

2014-04-12 13:34 - 2014-04-12 13:34 - 00001183 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Lite 2014.SP1c.lnk

2014-04-12 13:34 - 2014-04-12 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware

2014-04-12 13:29 - 2014-04-12 13:29 - 00000000 ____D () C:\Program Files\SiSoftware

2014-04-12 00:44 - 2014-04-12 00:44 - 00019339 _____ () C:\Users\****\Desktop\RKreport[0]_D_04122014_004308.txt

2014-04-12 00:44 - 2014-04-12 00:36 - 00000000 ____D () C:\Users\****\Desktop\RK_Quarantine

2014-04-12 00:40 - 2014-04-12 00:40 - 00019469 _____ () C:\Users\****\Desktop\RKreport[0]_S_04122014_004051.txt

2014-04-12 00:15 - 2014-04-12 00:15 - 00003214 _____ () C:\Windows\System32\Tasks\{AA9B7088-EC46-4AA5-AF0E-FF517BE0660C}

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView

2014-04-12 00:12 - 2014-04-12 00:12 - 00000000 ____D () C:\Program Files (x86)\NirSoft

2014-04-11 20:50 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media

2014-04-11 14:50 - 2011-11-07 06:37 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect

2014-04-11 14:48 - 2011-11-06 06:52 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-11 14:34 - 2011-11-07 06:35 - 00000000 ___RD () C:\Users\****\Desktop\WICHTIG

2014-04-11 14:31 - 2011-11-17 09:05 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-11 14:31 - 2011-11-17 09:05 - 00000000 ____D () C:\Program Files\CCleaner

2014-04-11 13:25 - 2014-02-07 21:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-11 13:25 - 2014-02-07 21:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-11 13:25 - 2011-11-10 18:08 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe

2014-04-11 13:22 - 2013-12-27 21:05 - 00000000 ____D () C:\FreeOCR

2014-04-11 13:21 - 2011-12-09 07:11 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite

2014-04-11 13:21 - 2011-11-23 18:09 - 00000000 ____D () C:\Program Files\DivX

2014-04-11 13:21 - 2011-11-23 18:06 - 00000000 ____D () C:\ProgramData\DivX

2014-04-11 13:20 - 2013-12-30 18:59 - 00000000 ____D () C:\Users\****\AppData\Roaming\Dropbox

2014-04-11 13:16 - 2011-11-09 05:46 - 00000000 ____D () C:\Program Files\Logitech

2014-04-11 13:16 - 2011-11-07 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2014-04-11 13:14 - 2011-12-24 20:39 - 00000000 ____D () C:\Program Files (x86)\Nokia

2014-04-11 13:12 - 2012-05-21 03:04 - 00000000 ____D () C:\Users\****\AppData\Local\Unity

2014-04-11 13:12 - 2011-11-06 06:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-10 20:10 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2014-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 19:51 - 2012-12-09 20:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes

2014-04-10 19:51 - 2012-12-09 20:38 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-10 19:51 - 2012-12-09 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-10 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-04-10 19:15 - 2013-07-30 04:32 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 19:09 - 2011-03-08 21:49 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-08 20:13 - 2012-01-30 21:28 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer

2014-04-06 23:38 - 2014-04-06 23:38 - 00000000 ____D () C:\Users\****\AppData\Roaming\Trine2

2014-04-06 23:36 - 2014-04-05 00:42 - 00000000 ____D () C:\Users\****\AppData\Roaming\Comodo

2014-04-06 21:38 - 2014-04-06 21:38 - 00002053 _____ () C:\Users\****\Desktop\HijackThis.lnk

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis

2014-04-06 21:38 - 2014-04-06 21:38 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-05 15:51 - 2012-07-28 17:35 - 00003114 _____ () C:\Windows\System32\Tasks\TeamViewer.exe

2014-04-05 15:45 - 2011-11-07 03:48 - 00000000 ____D () C:\ProgramData\Comodo

2014-04-05 15:28 - 2013-05-23 13:40 - 00000000 ____D () C:\Users\****\Desktop\@CBA_CO

2014-04-05 12:53 - 2013-11-07 16:07 - 00000000 ____D () C:\Users\****\AppData\Local\AeroFS

2014-04-05 12:35 - 2014-04-05 00:41 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO

2014-04-05 00:41 - 2014-04-05 00:41 - 00000000 ____D () C:\ProgramData\Shared Space

2014-04-05 00:41 - 2011-11-07 03:47 - 00000000 ____D () C:\ProgramData\Comodo Downloader

2014-04-04 16:46 - 2013-06-27 02:50 - 00000000 ____D () C:\ProgramData\Origin

2014-04-04 16:34 - 2013-06-27 02:50 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-04-03 09:51 - 2014-04-10 19:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-10 19:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2012-12-09 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-31 00:40 - 2011-11-06 09:23 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-03-31 00:40 - 2011-11-06 07:59 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-03-31 00:40 - 2011-11-06 07:59 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-03-30 19:59 - 2012-04-26 01:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
 

Some content of TEMP:

====================

C:\Users\****\AppData\Local\Temp\avgnt.exe

C:\Users\****\AppData\Local\Temp\Quarantine.exe

C:\Users\****\AppData\Local\Temp\SkypeSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
 
 

LastRegBack: 2014-04-29 16:30
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2014 03

Ran by **** at 2014-04-29 17:56:13

Running from C:\Users\****\Desktop\WICHTIG\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

AeroFS (HKCU\...\AeroFS) (Version:  - Air Computing, Inc.)

AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden

Application Profiles (x32 Version: 2.0.4532.34673 - Ihr Firmenname) Hidden

Areca (HKLM-x32\...\Areca) (Version:  - )

Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)

Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )

Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.1.0 - Auslogics Labs Pty Ltd)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version:  - )

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)

Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.0522.2128.36590 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Champions Online: Free For All (HKLM-x32\...\Steam App 9880) (Version:  - Cryptic Studios)

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)

COMODO Internet Security (HKLM\...\{4EAB2511-0135-48CA-A47B-CE1E6836793A}) (Version: 5.8.16726.2131 - COMODO Security Solutions Inc.)

Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

DayZ Commander (HKLM-x32\...\{0170930E-68D6-4E85-88B2-82761CDE1F94}) (Version: 0.92.69 - Dotjosh Studios)

Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Diaspora version 1.0.4 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.0.4 - Diaspora Development)

Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )

Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)

G51 Skins (HKLM-x32\...\{B446F5BC-0503-452D-B9B9-37B782A51FB1}) (Version: 1.0.0 - Logitech)

Gajim (HKLM-x32\...\Gajim) (Version: 0.14.4 - )

GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)

Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)

Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)

HydraVision (x32 Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden

InfiniteCrisis (HKLM-x32\...\InfiniteCrisis) (Version:  - Turbine, Inc)

Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version:  - Zero Point Software)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JC2-MP version 0.0.14 (Build 481) (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.14 (Build 481) - )

Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)

Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)

K-Lite Codec Pack 7.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)

Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden

Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden

MOS v1.3 Full Install (HKCU\...\MOS v1.3 Full Install) (Version:  - )

MotioninJoy DS3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0005 - www.motioninjoy.com)

Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)

MRIcroN (remove only) (HKLM-x32\...\MRIcroN) (Version:  - )

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)

Nero 9 Lite (HKLM-x32\...\{5dcda8bd-0c22-4b65-82fd-3357c4d1c2d4}) (Version:  - Nero AG)

Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden

Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden

Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden

Nero StartSmart (x32 Version: 9.4.31.100 - Nero AG) Hidden

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)

Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)

Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)

Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)

PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)

Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)

Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)

Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)

SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)

Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)

Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - )

SiSoftware Sandra Lite 2014.SP1c (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.25.2014.4 - SiSoftware)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)

Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)

Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)

StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version:  - CodeHatch)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Stronghold (HKLM-x32\...\Steam App 40950) (Version:  - Firefly Studios)

Stronghold HD (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.30.0001 - Firefly Studios)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)

TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)

The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version:  - Snowblind Studios)

Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)

Warframe (HKLM-x32\...\Steam App 230410) (Version:  - )

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
 

==================== Restore Points  =========================
 

25-04-2014 12:17:36 ComboFix created restore point
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2014-04-25 14:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {01255558-A58C-404D-AD89-45E79BD9E59A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {28E36051-FF2B-4888-B07D-30174885EF66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {3AB5DD20-5DD0-423C-AA47-15CD86F8DA6D} - System32\Tasks\{68B1960A-7A0C-4FC7-9E71-82A5E7108C17} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar

Task: {76640CB7-CEE4-4427-9297-DF7DCEB1DB65} - System32\Tasks\TeamViewer.exe => C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

Task: {770D2057-5076-4290-96EB-B58B98B42576} - System32\Tasks\{E4ADE269-8728-4546-9AF1-001093D91D4B} => D:\Programme\Spiele\Riot Games\League of Legends\lol.launcher.exe [2012-05-29] ()

Task: {7BE00FB0-3192-4663-A6A4-6F15509F310B} - System32\Tasks\{60434CFB-5BD0-442C-B433-1EF1E0B61624} => D:\Programme\Spiele\Riot Games\League of Legends\lol.launcher.exe [2012-05-29] ()

Task: {9C6409EB-DE46-4907-BD9E-C74700244752} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {BDA064F4-4831-4E50-BA9E-69BE18126A47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {C3646003-9A4C-4CC5-A017-B72BB3FC0D20} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {F6F8AF89-4A9A-4508-A215-A6726DEADF9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
 

==================== Loaded Modules (whitelisted) =============
 

2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

2011-11-06 07:59 - 2014-03-28 02:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll

2013-06-18 16:49 - 2013-06-18 16:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2013-04-30 00:08 - 2013-04-30 00:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2012-12-14 14:54 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll

2013-11-01 22:25 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2013-11-01 22:25 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2013-11-01 22:25 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2013-11-01 22:25 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-11-01 22:25 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-03-29 18:45 - 2014-03-29 18:45 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 

==================== Disabled items from MSCONFIG ==============
 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe

MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/29/2014 05:37:04 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (04/29/2014 04:30:13 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (04/28/2014 11:09:40 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (04/28/2014 11:09:36 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (04/28/2014 11:09:25 AM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (04/28/2014 11:05:18 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/27/2014 02:47:08 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============
 

Microsoft Office Sessions:

=========================

Error: (04/29/2014 05:37:04 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\****\Desktop\WICHTIG\Downloads\esetsmartinstaller_enu.exe
 

Error: (04/29/2014 04:30:13 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 

Error: (04/28/2014 11:09:40 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 

Error: (04/28/2014 11:09:36 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 

Error: (04/28/2014 11:09:25 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 

Error: (04/28/2014 11:05:18 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/27/2014 02:47:08 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-04-25 14:30:20.876

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-04-25 14:30:20.798

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-04-06 22:11:54.313

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 22:11:54.251

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:36:07.760

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:36:07.682

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:22:56.754

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 21:22:56.692

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 20:44:22.440

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-06 20:44:22.362

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 68%

Total physical RAM: 4095.55 MB

Available physical RAM: 1302.88 MB

Total Pagefile: 8189.29 MB

Available Pagefile: 4986 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:146.39 GB) (Free:23.49 GB) NTFS

Drive d: () (Fixed) (Total:319.27 GB) (Free:18.35 GB) NTFS

Drive f: (Ubuntu-Live-Custom) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

Drive g: () (Removable) (Total:3.74 GB) (Free:0.01 GB) NTFS

Drive j: (Seleyon) (Fixed) (Total:1863.01 GB) (Free:315.86 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5EEF5EEF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=319 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 2 (Size: 1863 GB) (Disk ID: 004534CC)

Partition 1: (Not Active) - (Size=-198627532288) - (Type=07 NTFS)
 

==================== End Of Log ============================

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ProxyServer: localhost:21320

nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hallo und danke für die Hilfe,

hier das fixlist.txt log

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2014 03

Ran by **** at 2014-05-01 14:22:45 Run:1

Running from C:\Users\****\Desktop\WICHTIG\Downloads

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

ProxyServer: localhost:21320

nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

*****************
 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
 

Fehler beim L”schen des angegebenen Datenelements.

Element nicht gefunden.
 

==== End of Fixlog ====

Bestand jetzt eine infektion und was hat FRST repariert?
Waren die programme die ETST als trojaner ausgeworfen hat falschmeldungen?

Mit freundlichen Grüßen,

Seleyon

Wir haben jede Menge Adware entfernt und nen Proxy.

ESET Funde sind nur Installer, die auch ne Toolbar dabei haben.

Hallo Schrauber,

ein herzliches dankeschön für deine hilfe, läuft jez wieder alles super!

Mit freundlichen Grüßen
Seleyon