Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert (https://www.trojaner-board.de/154556-windows-7-programm-wurde-gruppenrichtlinie-blockiert.html)

Phil1337 30.05.2014 11:43
windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert
 
Hallo,

mir ist aufgefallen das plötzlich avast inaktiv war. Beim Versuch Avast zu reaktivieren kommt die Fehlermeldung:

"dieses Programm wurde durch eine Gruppenrichtlinie blockiert"

Ausderdem erscheint nach der anmeldung eine Fehlermeldung:

" Fehler beim Laden des Moduls "C:\ProgramData\EkuwiQaqab.dat" Stellen sie sicher das die Binärdatei am angegebenen Pfad gespeichert ist oder debuggen sie die Datei. Das angegebene Modul wurde nicht gefunden"

Leider kann ich die Logs nicht als Code hochladen, sie sind im Anhang zu finden.

vielen dank für euer tolles engangement!

p.s. sollte ich die Reperaturen im abgesicherten modus duführen?

cosinus 30.05.2014 13:27
Hi und :hallo:

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Phil1337 30.05.2014 15:15
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Phillipê (administrator) on DRÖHNKISTE-C35D on 30-05-2014 11:56:30
Running from C:\Users\Phillipê\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(Tunngle.net GmbH) D:\Tunngle\TnglCtrl.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [2624512 2010-07-22] ()
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [Steam] => D:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [EkuwiQaqab] => regsvr32.exe "C:\ProgramData\EkuwiQaqab.dat"
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: H - H:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {062f12c3-2890-11e0-bffa-1c6f659604aa} - G:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {d6cd9e04-5340-11e2-87a0-1c6f659604aa} - E:\FalloutLauncher.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x693498F99DBCCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=8EC600FFE8A7A881
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1                                activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\searchplugins-backup
FF Extension: DAEMON Tools Toolbar - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\DTToolbar@toolbarnet.com [2011-04-25]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ich@maltegoetz.de [2012-09-16]
FF Extension: ICQ Toolbar - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-08-05]
FF Extension: Facemoods - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ffxtlbr@Facemoods.com.xpi [2011-08-18]
FF Extension: Movie2kDownloader - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: Adblock Plus - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-25]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-10-02]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://scholar.google.de/schhp?hl=de
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Mozilla Plugins\npitunes.dll ()
CHR Extension: (ProxFlow) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-11-06]
CHR Extension: (Movie2kDownloader 2) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-08]
CHR Extension: (YouTube) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google-Suche) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (AdBlock) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-17]
CHR Extension: (avast! Online Security) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-17]
CHR Extension: (Skype Click to Call) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-05]
CHR Extension: (Simply Block Ads!) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2012-10-08]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-14]
CHR Extension: (Google Wallet) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-26]
CHR Extension: (Google Mail) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-08]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-24] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-26] ()
R2 TunngleService; D:\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-10] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-10] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-17] ()
S3 cleanhlp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-25] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-09] ()
S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7040 2006-11-09] (SweetLow)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-17] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 cpuz136; \??\C:\Users\PHILLI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 afrdiaoc; \??\C:\Users\PHILLI~1\AppData\Local\Temp\afrdiaoc.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 11:51 - 2014-05-30 11:56 - 00027543 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-05-30 11:51 - 2014-05-30 11:56 - 00000000 ____D () C:\FRST
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000548 _____ () C:\Users\Phillipê\Desktop\defogger_disable.log
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:49 - 2014-05-30 11:49 - 02066944 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 11:40 - 2014-05-30 11:40 - 00020372 _____ () C:\Users\Phillipê\Desktop\Emsisoft1.txt
2014-05-30 09:34 - 2014-05-30 11:40 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:26 - 2014-05-30 09:26 - 00009858 _____ () C:\Windows\PFRO.log
2014-05-30 09:25 - 2014-05-30 09:25 - 00018221 _____ () C:\Users\Phillipê\Desktop\malwarebytes 30.05.txt
2014-05-30 09:16 - 2014-05-30 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 09:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 09:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 09:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:38 - 2014-05-30 11:42 - 00000392 _____ () C:\Windows\setupact.log
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 04:42 - 2014-05-30 11:49 - 00064056 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-15 20:26 - 2014-05-15 22:33 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-14 22:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:39 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:39 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:08 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 19:08 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:08 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 19:08 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 19:08 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 19:08 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 19:08 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:08 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 19:08 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 19:08 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 19:08 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-06 22:07 - 2014-05-15 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-30 11:56 - 2014-05-30 11:51 - 00027543 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-05-30 11:56 - 2014-05-30 11:51 - 00000000 ____D () C:\FRST
2014-05-30 11:56 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Temp
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000548 _____ () C:\Users\Phillipê\Desktop\defogger_disable.log
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:50 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê
2014-05-30 11:49 - 2014-05-30 11:49 - 02066944 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-05-30 11:49 - 2014-05-30 04:42 - 00064056 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 11:43 - 2012-05-19 13:41 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\LogMeIn Hamachi
2014-05-30 11:42 - 2014-05-30 05:38 - 00000392 _____ () C:\Windows\setupact.log
2014-05-30 11:42 - 2011-02-26 13:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 11:42 - 2011-01-25 17:27 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-30 11:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 11:40 - 2014-05-30 11:40 - 00020372 _____ () C:\Users\Phillipê\Desktop\Emsisoft1.txt
2014-05-30 11:40 - 2014-05-30 09:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:26 - 2014-05-30 09:26 - 00009858 _____ () C:\Windows\PFRO.log
2014-05-30 09:25 - 2014-05-30 09:25 - 00018221 _____ () C:\Users\Phillipê\Desktop\malwarebytes 30.05.txt
2014-05-30 09:24 - 2014-02-10 21:10 - 00000000 ____D () C:\Users\Phillipê\AppData\Roaming\DigitalSites
2014-05-30 09:16 - 2014-05-30 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 08:56 - 2011-02-13 12:56 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:49 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 05:49 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 05:24 - 2011-02-26 13:33 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 05:10 - 2014-02-15 15:10 - 00000320 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-30 05:10 - 2013-06-19 21:10 - 00000306 _____ () C:\Windows\Tasks\DSite.job
2014-05-30 05:04 - 2012-04-02 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 04:32 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-30 00:10 - 2013-07-27 00:10 - 00000063 _____ () C:\Users\Phillipê\AppData\Roaming\WB.CFG
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-29 15:57 - 2011-01-26 21:33 - 00000000 ____D () C:\Users\Phillipê\Documents\My games
2014-05-29 15:31 - 2011-01-25 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 19:12 - 2011-04-15 16:53 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Fallout3
2014-05-26 18:24 - 2012-08-29 17:58 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-26 06:36 - 2013-01-30 23:17 - 01632188 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-26 06:36 - 2009-07-14 19:58 - 00713594 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 06:36 - 2009-07-14 19:58 - 00155530 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 06:36 - 2009-07-14 07:13 - 01632188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 22:33 - 2014-05-15 20:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 18:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-15 17:15 - 2011-01-25 17:53 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-15 16:58 - 2012-11-02 22:37 - 00000000 ___RD () C:\Users\Phillipê\Desktop\GameZ
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:55 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 22:38 - 2013-08-14 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:38 - 2011-02-27 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:37 - 2011-08-07 16:45 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:05 - 2011-08-07 16:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-13 20:20 - 2013-06-11 20:12 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-30 09:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-30 09:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 09:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-14 19:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:19 - 2011-02-26 13:33 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:19 - 2011-02-26 13:33 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-14 22:39 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:39 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 15:39 - 2011-03-20 14:47 - 00000000 ____D () C:\Users\Phillipê\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\Phillipê\AppData\Local\Temp\drm_dyndata_7380014.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 19:17

==================== End Of Log ============================
--- --- ---

Phil1337 30.05.2014 15:16
FRST Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by Phillipê at 2014-05-30 11:51:59
Running from C:\Users\Phillipê\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.09 - GIGABYTE)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock Infinite version 1.0.0.0 (HKLM-x32\...\BioShock Infinite_is1) (Version: 1.0.0.0 - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29343 - BitTorrent Inc.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.9 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help English (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help French (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help German (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.1125.2148.39102 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DayZ Commander (HKLM-x32\...\{67BE448F-7813-4466-A767-85EF5BBAC1D1}) (Version: 1.09.70 - Dotjosh Studios)
Dead Rising 2 (HKLM-x32\...\GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}) (Version: 1.0.0000.130 - Capcom)
Dead Rising 2 (x32 Version: 1.0.0000.130 - Capcom) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Deus Ex - Invisible War (HKLM-x32\...\{47BE1E5F-8978-484B-BE86-B616C00EA75A}) (Version: 1.00.0000 - )
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Easy Tune 6 B10.1024.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.1024.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - )
FLAC To MP3 V4.0.5 (HKLM-x32\...\FLAC To MP3_is1) (Version:  - FLAC To MP3, Inc.)
Foldit (HKLM-x32\...\Foldit) (Version:  - )
Free Studio version 5.0.3 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{C768E610-4DFB-4A60-A59B-71549EB7BF75}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kane and Lynch: Dead Men (HKLM-x32\...\{A66C4716-7E10-4A53-8101-00C3C11D6A9C}) (Version: 1.00.0000 - Eidos)
K-Lite Codec Pack 9.9.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Mafia II (HKLM-x32\...\Mafia II_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Metro: Last Light (HKLM-x32\...\Metro: Last Light_is1) (Version:  - Deep Silver)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{8973F26D-3E74-481C-AF11-FDC7D0089E96}) (Version: 10.07.0002 - Ihr Firmenname)
MOUSE Editor (x32 Version: 10.07.0002 - Ihr Firmenname) Hidden
Mozilla Firefox 16.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-964f1b46-0a2c-4960-ac16-5d146edf634d) (Version:  - Epic Games, Inc.)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1509 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.4 - )
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Singularity (HKLM-x32\...\Steam App 42670) (Version:  - )
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

30-05-2014 09:48:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2011-07-30 13:57 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                                activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {0740D52B-D79C-49D5-AC41-0E24D20CB325} - System32\Tasks\Digital Sites => C:\Users\PHILLI~1\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {18FF80B1-9A8C-4ECE-BDF1-60958BD91B36} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
Task: {1D47DC25-E59E-4DF6-9532-794AA82A0868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: {2529AC27-E1A5-459E-93AD-1B7AE188DAFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {267E2320-6708-4151-A59C-159688C336D4} - System32\Tasks\DSite => C:\Users\PHILLI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {42945CE0-7500-4909-8CEF-667BC0A3D4F9} - System32\Tasks\{24ECB2F1-8B87-4CE4-BDF6-8055A5D64855} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {7B3C30B0-63D4-4085-B134-4B7298F8AC27} - System32\Tasks\DealPly => C:\Users\PHILLI~1\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {925BCC9E-3CD0-40EB-8689-E392FAE14F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A2AC332B-6B8C-4817-8310-681AD8A09CEB} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {B05C7659-234E-43D3-9B6F-CFB04FB12371} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {B40C0A91-7445-4597-B684-DA4330385069} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE1F2ADC-A293-4886-8B4D-25D5AF0B92D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {E813C1C9-B934-4D36-BE6E-15E401A255A5} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EA42980F-B5F2-463C-B881-285129EF7341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\PHILLI~1\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\PHILLI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-25 17:11 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-01-25 16:42 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2011-01-25 18:04 - 2013-05-26 15:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-22 08:15 - 2010-07-22 08:15 - 02624512 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-05-29 15:14 - 2014-05-29 10:07 - 02295808 _____ () C:\Program Files\Alwil Software\Avast5\defs\14052900\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-25 16:42 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2010-06-01 05:41 - 2010-06-01 05:41 - 00098816 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00094208 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-04-03 05:36 - 2010-04-03 05:36 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00127488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2010-05-07 17:05 - 2010-05-07 17:05 - 00042496 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-02-11 17:28 - 2011-05-31 18:07 - 01852759 _____ () D:\Tunngle\libeay32.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_ABA4318D4E55179246F0B38EF7E0EE65 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN22F190YK05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: WhatPulse => F:\WhatPulse\WhatPulse.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Phillipê\AppData\Roaming\Yontoo\YontooDesktop.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2014 05:47:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x8a4
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3

Error: (05/30/2014 05:47:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
  bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
  bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
  bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/30/2014 05:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xf58
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3

Error: (05/30/2014 05:45:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
  bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
  bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
  bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/30/2014 05:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xe7c
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3

Error: (05/30/2014 05:45:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
  bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
  bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
  bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/30/2014 05:44:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x9c8
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3

Error: (05/30/2014 05:44:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
  bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
  bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
  bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/30/2014 05:43:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xa28
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3

Error: (05/30/2014 05:43:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
  bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
  bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
  bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (05/30/2014 11:44:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Emsisoft Anti-Malware 8.0 - Service" wurde nicht richtig gestartet.

Error: (05/30/2014 11:42:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/30/2014 11:42:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/30/2014 11:42:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Software Protection erreicht.

Error: (05/30/2014 11:39:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (05/30/2014 11:39:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (05/30/2014 11:36:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (05/30/2014 11:36:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (05/30/2014 11:36:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (05/30/2014 11:34:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-27 18:56:28.920
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:56:28.826
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:55:48.150
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:55:48.056
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:34.363
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:34.269
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:16.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:16.839
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-23 19:03:22.932
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-23 19:03:22.880
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8175.43 MB
Available physical RAM: 5485.92 MB
Total Pagefile: 16349.04 MB
Available Pagefile: 13029.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:0.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:249.26 GB) (Free:33.04 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:30 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B2BEB335)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 66205247)
No partition Table on disk 1.

==================== End Of Log ============================
gmer

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-30 12:10:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01113 298,09GB
Running: kom09zc9.exe; Driver: C:\Users\PHILLI~1\AppData\Local\Temp\afrdiaoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      0000000076bfef8d 1 byte [62]
.text  C:\Windows\system32\services.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                    0000000076bfef8d 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                    0000000076bfef8d 1 byte [62]
.text  C:\Windows\system32\atiesrxx.exe[260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                    0000000076bfef8d 1 byte [62]
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      0000000076bfef8d 1 byte [62]
.text  C:\Windows\system32\svchost.exe[248] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      0000000076bfef8d 1 byte [62]
.text  C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          000000007635a2fd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        000000007635a2fd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112        000000007635a2fd 1 byte [62]
.text  C:\Windows\Explorer.EXE[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            0000000076bfef8d 1 byte [62]
.text  C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                          000000007635a2fd 1 byte [62]
.text  C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    000000007635a2fd 1 byte [62]
.text  C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe[2152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                            000000007635a2fd 1 byte [62]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                    000000007635a2fd 1 byte [62]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                        0000000074261a22 2 bytes [26, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                        0000000074261ad0 2 bytes [26, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                        0000000074261b08 2 bytes [26, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                        0000000074261bba 2 bytes [26, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                        0000000074261bda 2 bytes [26, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075791465 2 bytes [79, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000757914bb 2 bytes [79, 75]
.text  ...                                                                                                                                                            * 2
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    0000000076bfef8d 1 byte [62]
.text  C:\Windows\vVX1000.exe[2752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                              000000007635a2fd 1 byte [62]
.text  C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                000000007635a2fd 1 byte [62]
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  000000007635a2fd 1 byte [62]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              000000007635a2fd 1 byte [62]
.text  D:\Hamachi\hamachi-2-ui.exe[2504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                        000000007635a2fd 1 byte [62]
.text  D:\Hamachi\hamachi-2-ui.exe[2504] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                                                      0000000075791465 2 bytes [79, 75]
.text  D:\Hamachi\hamachi-2-ui.exe[2504] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                                                      00000000757914bb 2 bytes [79, 75]
.text  ...                                                                                                                                                            * 2
.text  D:\Tunngle\TnglCtrl.exe[1952] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                                                                      0000000076eb000c 1 byte [90]
.text  D:\Tunngle\TnglCtrl.exe[1952] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                            000000007635a2fd 1 byte [62]
.text  D:\Hamachi\hamachi-2.exe[3228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            0000000076bfef8d 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                          0000000076ce3b10 5 bytes JMP 00000001003f075c
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                            0000000076ce7ac0 5 bytes JMP 00000001003f03a4
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                              0000000076d11430 5 bytes JMP 00000001003f0b14
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                  0000000076d11490 5 bytes JMP 00000001003f0ecc
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000076d11570 5 bytes JMP 00000001003f163c
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                0000000076d117b0 5 bytes JMP 00000001003f1284
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000076d127e0 5 bytes JMP 00000001003f19f4
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                            000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                000007fefd327220 5 bytes JMP 000007ff7d341284
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                              000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                              000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                      000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                      000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text  C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                      000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text  C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                  000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text  C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                      000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text  C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                      000007fefd327220 5 bytes JMP 000007ff7d341284
.text  C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                    000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text  C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                    000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text  C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                            000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text  C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                            000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text  C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                            000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[5328] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                  0000000076bfef8d 1 byte [62]
.text  C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                      000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text  C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                          000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text  C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                          000007fefd327220 5 bytes JMP 000007ff7d341284
.text  C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                          000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text  C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                          000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text  C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text  C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text  C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                  000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                0000000076ce3b10 5 bytes JMP 00000001001d075c
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                  0000000076ce7ac0 5 bytes JMP 00000001001d03a4
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000076d11430 5 bytes JMP 00000001001d0b14
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000076d11490 5 bytes JMP 00000001001d0ecc
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000076d11570 5 bytes JMP 00000001001d163c
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      0000000076d117b0 5 bytes JMP 00000001001d1284
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          0000000076d127e0 5 bytes JMP 00000001001d19f4
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                  000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                      000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                      000007fefd327220 5 bytes JMP 000007ff7d341284
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                    000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                    000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                            000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                            000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text  C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                            000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                0000000076ce3b10 5 bytes JMP 000000010033075c
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                  0000000076ce7ac0 5 bytes JMP 00000001003303a4
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000076d11430 5 bytes JMP 0000000100330b14
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000076d11490 5 bytes JMP 0000000100330ecc
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000076d11570 5 bytes JMP 000000010033163c
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      0000000076d117b0 5 bytes JMP 0000000100331284
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          0000000076d127e0 5 bytes JMP 00000001003319f4
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                    0000000076bfef8d 1 byte [62]
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                  000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                      000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                      000007fefd327220 5 bytes JMP 000007ff7d341284
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                    000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                    000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                            000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                            000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text  C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                            000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text  C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text  C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                    000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text  C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                    000007fefd327220 5 bytes JMP 000007ff7d341284
.text  C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                    000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text  C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                    000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text  C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                          000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text  C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                          000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text  C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                            000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                              0000000076ebfac0 5 bytes JMP 0000000100030600
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                  0000000076ebfb58 5 bytes JMP 0000000100030804
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                  0000000076ebfcb0 5 bytes JMP 0000000100030c0c
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                              0000000076ec0038 5 bytes JMP 0000000100030a08
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                  0000000076ec1920 5 bytes JMP 0000000100030e10
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                          0000000076edc4dd 5 bytes JMP 00000001000301f8
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                        0000000076ee1287 5 bytes JMP 00000001000303fc
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                              000000007635a2fd 1 byte [62]
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                          00000000758f5181 5 bytes JMP 00000001003c1014
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                              00000000758f5254 5 bytes JMP 00000001003c0804
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                              00000000758f53d5 5 bytes JMP 00000001003c0a08
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                              00000000758f54c2 5 bytes JMP 00000001003c0c0c
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                              00000000758f55e2 5 bytes JMP 00000001003c0e10
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                    00000000758f567c 5 bytes JMP 00000001003c01f8
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                    00000000758f589f 5 bytes JMP 00000001003c03fc
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                      00000000758f5a22 5 bytes JMP 00000001003c0600
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                    000000007657ee09 5 bytes JMP 00000001003d01f8
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                      0000000076583982 5 bytes JMP 00000001003d03fc
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                  0000000076587603 5 bytes JMP 00000001003d0804
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                  000000007658835c 5 bytes JMP 00000001003d0600
.text  C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                000000007659f52b 5 bytes JMP 00000001003d0a08

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                            2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                          2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                                    1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                                    aswFsBlk
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                          FSFilter Activity Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                                FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                                    avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                            2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                      aswFsBlk Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                            388400
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                              0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                          2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                          2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                      \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                                    aswMonFlt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                          FSFilter Anti-Virus
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                                FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                                    avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                      aswMonFlt Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                          320700
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                            0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                            1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                      aswRdr
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                            PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                                  tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                      avast! WFP Redirect driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                        \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                    nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                            1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                            0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                                    1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                      aswRvrt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                      avast! Revert
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                          391
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                          7468522
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                            \Device\Harddisk0\Partition1\Windows
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                              2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                            1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                                      aswSnx
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                            FSFilter Virtualization
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                                  FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                                      avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                              2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                                        aswSnx Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                137600
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                  0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                                          \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                            \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                                        aswSP
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                                        avast! Self Protection
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                            1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                          \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                              \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                                      \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                            \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                                                                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                            1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                                      avast! Network Shield Support
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                            PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                                  tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                                      avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                              9
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                            0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                                      aswVmm
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                                      avast! VM Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                                    32
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                                  2
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                            1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                              "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                            avast! Antivirus
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                                  ShellSvcGroup
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                                        aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                              LocalSystem
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                            Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                                2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                              2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                                        1
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                                        aswFsBlk
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                              FSFilter Activity Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                                    FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                                        avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                                2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                          aswFsBlk Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                388400
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                  0
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                              2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                              2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                                          \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                                        aswMonFlt
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                              FSFilter Anti-Virus
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                                    FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                                        avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                                          aswMonFlt Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                             
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                              320700
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                                1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                          aswRdr
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                                PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                                      tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                          avast! WFP Redirect driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                                1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                                0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                                        1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                                          aswRvrt
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                                          avast! Revert
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                                              391
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                                              7468522
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                                \Device\Harddisk0\Partition1\Windows
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                                  2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                                1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                                          aswSnx
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                                FSFilter Virtualization
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                                      FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                                          avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                                  2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                                            aswSnx Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                    137600
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                      0
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                                              \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                                \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                                            aswSP
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                                            avast! Self Protection
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                                1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                                              \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                                  \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                                          \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                                \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                                                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                                1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                                          avast! Network Shield Support
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                                PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                                      tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                                          avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                                  9
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                                0
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                                          aswVmm
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                                          avast! VM Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                                        32
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                                      2
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                                1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                                  "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                                avast! Antivirus
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                                      ShellSvcGroup
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                                            aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                                  LocalSystem
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                                Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                                              1

---- EOF - GMER 2.1 ----

Phil1337 30.05.2014 15:17
malwarebytes

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30.05.2014
Scan Time: 09:16:48
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.30.05
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Phillipê

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339664
Time Elapsed: 6 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 25
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [711cd285c2b9cf6752f231352ed4f50b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [711cd285c2b9cf6752f231352ed4f50b],
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [aae3e2752c4f9a9c99ec75ba36ccb24e],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [aae3e2752c4f9a9c99ec75ba36ccb24e],
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [aae3e2752c4f9a9c99ec75ba36ccb24e],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{64182481-4F71-486B-A045-B233BD0DA8FC}, Quarantined, [830a83d4a3d892a4629d1b1430d2b749],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{64182481-4F71-486B-A045-B233BD0DA8FC}, Quarantined, [830a83d4a3d892a4629d1b1430d2b749],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, Quarantined, [1578f36422599e98e61a6fc1bf43916f],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, Quarantined, [1578f36422599e98e61a6fc1bf43916f],
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DSite, Quarantined, [8a039abd0e6db383d4eb4de5fd042dd3],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [8a03be994f2c72c492312864778ba060],
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\facemoods.com, Quarantined, [850872e585f644f2e9358d1060a2c23e],
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ihflimipbcaljfnojhhknppphnnciiif, Quarantined, [6a233324443792a445d8712c42c0ca36],
PUP.Optional.Gophoto.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfmopbbadnfoelckkcmjjeaaegjpjjbk, Quarantined, [761770e7e398b77f67499e27b44fe917],
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, Quarantined, [f29b75e21f5cce6885ec426638caa45c],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [3a53391eadcef83e79d5c7fb0af9a759],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [8b024e09bcbf2511bfe81ca88c773fc1],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [e0ad63f489f200360fc20bb5fc07f20e],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\facemoods.com, Quarantined, [3c510255ee8d2c0afa259508e61c02fe],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [6b22a5b232491422a2ade5c040c2ca36],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [dcb1d87f2b5091a573827b4520e3b14f],
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [4845d1864c2f181e983a0c9e669c45bb],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [d8b54e09b7c41f17a8dbf7a259a9916f],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\facemoods.com, Quarantined, [404d084fe19a86b02cf356474cb67e82],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [b3daaea99be0c6705af52e77f2107d83],

Registry Values: 4
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, facemoods Toolbar, Quarantined, [1578f36422599e98e61a6fc1bf43916f]
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}, Quarantined, [ddb088cfc6b5a59159a71c1414eef709],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M1S1H1K2U, Quarantined, [dcb1d87f2b5091a573827b4520e3b14f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoOCYB, Quarantined, [4845d1864c2f181e983a0c9e669c45bb]

Registry Data: 6
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4, Good: (www.google.com), Bad: (hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4),Replaced,[bad3dc7b3a41a98d21091a443aca6e92]
PUP.Optional.Snapdo, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013),Replaced,[c5c831264635c96db228baa262a24eb2]
PUP.Optional.StartPage, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=8EC600FFE8A7A881, Good: (hxxp://www.google.com), Bad: (hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=8EC600FFE8A7A881),Replaced,[a0ed58ff87f4280e5c90f06c8e76bf41]
PUP.Optional.Snapdo, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013),Replaced,[810c2235512ae45235a4fa62de26ac54]
PUP.Optional.Snapdo, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013),Replaced,[434acf88a1da6bcbca1299c3b54fe719]
PUP.Optional.Snapdo, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013),Replaced,[5a3395c22358191de2fb065634d0639d]

Folders: 10
PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DIGITALSITES\UPDATEPROC, Quarantined, [4746e86f88f36cca2d046a416d957e82],
PUP.Optional.HDVidCodec.A, C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDVIDCODEC.COM, Quarantined, [117cd186c1ba6dc902da348db35012ee],
PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it, Quarantined, [8409391ef18a9f97e7c8873e83805ea2],
PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly, Quarantined, [791487d0493256e0917a4e2bd230837d],
PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly\UpdateProc, Quarantined, [791487d0493256e0917a4e2bd230837d],
PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OPENCANDY, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4],
PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OPENCANDY\9ABC59DFC98F4921A9DF7200B7610E42, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4],
PUP.Optional.Babylon.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\FFXTLBR@BABYLON.COM, Quarantined, [781534236615fd3957623c429a686898],
PUP.Optional.Babylon.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\FFXTLBR@BABYLON.COM\defaults, Quarantined, [781534236615fd3957623c429a686898],
PUP.Optional.Babylon.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\FFXTLBR@BABYLON.COM\defaults\preferences, Quarantined, [781534236615fd3957623c429a686898],

Files: 36
PUP.Optional.DigitalSites.A, C:\Users\Phillipê\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe, Quarantined, [8a039abd0e6db383d4eb4de5fd042dd3],
PUP.Optional.TornTV.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\TORNTV@TORNTV.COM.XPI, Quarantined, [b2db4215d7a42f076922543d9a68e31d],
PUP.Optional.GoPhoto.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\GOPHOTO@GOPHOTO.IT.XPI, Quarantined, [028bfc5b93e8989ee8112171ba485da3],
PUP.Optional.Conduit.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\conduit.xml, Quarantined, [d7b670e7e596290d9374d7c9639f03fd],
PUP.Optional.Delta.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\delta.xml, Quarantined, [7e0f42151c5f0e285fb5ccd4dd258080],
PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\UPDATETASK.EXE, Quarantined, [4746e86f88f36cca2d046a416d957e82],
PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined, [4746e86f88f36cca2d046a416d957e82],
PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined, [4746e86f88f36cca2d046a416d957e82],
PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, Quarantined, [4746e86f88f36cca2d046a416d957e82],
PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, Quarantined, [4746e86f88f36cca2d046a416d957e82],
PUP.Optional.HDVidCodec.A, C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVIDCODEC.LNK, Quarantined, [117cd186c1ba6dc902da348db35012ee],
PUP.Optional.HDVidCodec.A, C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk, Quarantined, [117cd186c1ba6dc902da348db35012ee],
PUP.Optional.BrowserDefender.A, C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Local Storage\CHROME-EXTENSION_EOONCJEJNPPFJJKLAPAAMHCDMJBILMDE_0.LOCALSTORAGE, Quarantined, [1f6ef4633a41340250de21a3e41f5da3],
PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it\GOPHOTOIT14.CRX, Quarantined, [8409391ef18a9f97e7c8873e83805ea2],
PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly\UpdateProc\config.dat, Quarantined, [791487d0493256e0917a4e2bd230837d],
PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly\UpdateProc\info.dat, Quarantined, [791487d0493256e0917a4e2bd230837d],
PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe, Quarantined, [791487d0493256e0917a4e2bd230837d],
PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OpenCandy\9ABC59DFC98F4921A9DF7200B7610E42\3708.ico, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4],
PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OpenCandy\9ABC59DFC98F4921A9DF7200B7610E42\EBB77268-338F-4C6A-8590-AD88FED26F4A, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4],
PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OpenCandy\9ABC59DFC98F4921A9DF7200B7610E42\Installer.exe, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4],
PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OpenCandy\9ABC59DFC98F4921A9DF7200B7610E42\OCBrowserHelper_1.0.6.124.exe, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4],
PUP.Optional.Babylon.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\ffxtlbr@babylon.com\defaults\preferences\babylon.js, Quarantined, [781534236615fd3957623c429a686898],
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods._xpiupdate", true);), Replaced,[d3ba2a2d2853a4921f408109778d5da3]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.aflt", "_#ddr");), Replaced,[a2eb95c284f7e551b4ab2e5ca75db050]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");), Replaced,[573665f28bf064d29ac50684af5530d0]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.firstRun", false);), Replaced,[b4d9fb5cc1ba89ad104fbdcdee165ba5]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.first_time", false);), Replaced,[78152532354654e2a0bf8a00f311946c]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.id", "_#b0ffe46e51be4461b098796deac5badd");), Replaced,[9cf112453e3db086055a09813cc8b64a]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.instlDay", "_#15205");), Replaced,[8a03f06795e662d43926f79320e4c739]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.lastActv", "18");), Replaced,[dfae6aed9ddeea4ca5ba7e0c63a120e0]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");), Replaced,[305d1443a4d750e6ff607119659f4eb2]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.sid", "_#b0ffe46e51be4461b098796deac5badd");), Replaced,[840951068eed1026fb64fb8f58ac728e]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.update", "_#v1.4.0");), Replaced,[88056ee9d1aaa98d005f6e1cf80caa56]
PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");), Replaced,[ace182d5ef8cc670a8b7e6a419eb38c8]
PUP.Optional.Conduit.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");), Replaced,[2568055217641d194f6f296107fd6799]
PUP.Optional.Conduit.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");), Replaced,[38554215a3d8dc5a0ab5830760a4ae52]

Physical Sectors: 0
(No malicious items detected)


(end)
Emsisoft

Code:
Emsisoft Anti-Malware - Version 8.1
Letztes Update: 30.05.2014 09:38:29
Benutzerkonto: Dröhnkiste-C35D\Phillipê

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        30.05.2014 09:39:01
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!        gefunden: Application.AdStart (A)
C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torntv.com        gefunden: Application.AdStart (A)
C:\Users\Phillipê\AppData\Roaming\babylon        gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\drivercure        gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\dsite        gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\dvdvideosoftiehelpers        gefunden: Application.AppInstall (A)
C:\ProgramData\babylon        gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Local\vghd        gefunden: Application.AppInstall (A)
C:\Program Files (x86)\daemon tools toolbar        gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\engine@conduit.com        gefunden: Application.FireExt (A)
C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}        gefunden: Application.FireExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}        gefunden: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\CLASSES\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}        gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}        gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CONDUIT.ENGINE        gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DTTOOLBAR.TOOLBANDOBJ        gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DTTOOLBAR.TOOLBANDOBJ.1        gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{09C554C3-109B-483C-A06B-F14172F1A947}        gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}        gefunden: Application.BHO (A)
Value: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS -> LFIND@NIJADSOFT.NET        gefunden: Application.FireExt (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\SOFTONIC        gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BABYLON        gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON TOOLS TOOLBAR        gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK        gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\PARTYGAMING        gefunden: Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\PARTYGAMING        gefunden: Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\CONDUIT        gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\DSITEPRODUCTS        gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}        gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\YAHOOPARTNERTOOLBAR        gefunden: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP        gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32        gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS        gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASAPI32        gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASMANCS        gefunden: Application.Win32.InstallExt (A)
D:\Mafia2\Mafia II\pc\Mafia 2 Crackfix.exe        gefunden: Trojan.Generic.4653231 (B)
F:\DL\Bulletstorm\Bulletstorm Install\SKIDROW\Binaries\Win32\SKIDROW.dll        gefunden: Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\SKIDROW\Binaries\Win32\SKIDROW.dll        gefunden: Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\sr-bustp.rar -> SKIDROW\Binaries\Win32\SKIDROW.dll        gefunden: Trojan.Generic.5482034 (B)
F:\DL\Kane.and.Lynch.2.Dog.Days-RELOADED\steambackup.exe        gefunden: Trojan.Generic.5338659 (B)
F:\Spiele\Bulletstorm\Binaries\Win32\SKIDROW.dll        gefunden: Trojan.Generic.5482034 (B)
F:\Spiele\Call of Duty 8 - Modern Warfare 3\COD8.MW3.SP.Crack.Only-3DM.rar -> iw5sp.exe        gefunden: Trojan.Generic.7446411 (B)
F:\Spiele\Grand Theft Auto IV\LaunchGTAIV.exe        gefunden: Riskware.Win32.HackTool (A)

Gescannt        446375
Gefunden        43

Scan Ende:        30.05.2014 11:38:49
Scan Zeit:        1:59:48

F:\Spiele\Grand Theft Auto IV\LaunchGTAIV.exe        Quarantäne Riskware.Win32.HackTool (A)
F:\Spiele\Call of Duty 8 - Modern Warfare 3\COD8.MW3.SP.Crack.Only-3DM.rar        Quarantäne Trojan.Generic.7446411 (B)
F:\DL\Kane.and.Lynch.2.Dog.Days-RELOADED\steambackup.exe        Quarantäne Trojan.Generic.5338659 (B)
F:\DL\Bulletstorm\Bulletstorm Install\SKIDROW\Binaries\Win32\SKIDROW.dll        Quarantäne Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\SKIDROW\Binaries\Win32\SKIDROW.dll        Quarantäne Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\sr-bustp.rar        Quarantäne Trojan.Generic.5482034 (B)
F:\Spiele\Bulletstorm\Binaries\Win32\SKIDROW.dll        Quarantäne Trojan.Generic.5482034 (B)
D:\Mafia2\Mafia II\pc\Mafia 2 Crackfix.exe        Quarantäne Trojan.Generic.4653231 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32        Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS        Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASAPI32        Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASMANCS        Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\YAHOOPARTNERTOOLBAR        Quarantäne Application.Win32.YTool (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}        Quarantäne Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\DSITEPRODUCTS        Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\PARTYGAMING        Quarantäne Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\PARTYGAMING        Quarantäne Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\SOFTONIC        Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BABYLON        Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON TOOLS TOOLBAR        Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK        Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\CONDUIT        Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}        Quarantäne Application.BHO (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}        Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}        Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CONDUIT.ENGINE        Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DTTOOLBAR.TOOLBANDOBJ        Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DTTOOLBAR.TOOLBANDOBJ.1        Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{09C554C3-109B-483C-A06B-F14172F1A947}        Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP        Quarantäne Application.AdReg (A)
C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\engine@conduit.com        Quarantäne Application.FireExt (A)
C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}        Quarantäne Application.FireExt (A)
Value: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS -> LFIND@NIJADSOFT.NET        Quarantäne Application.FireExt (A)
C:\Users\Phillipê\AppData\Roaming\babylon        Quarantäne Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\drivercure        Quarantäne Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\dsite        Quarantäne Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\dvdvideosoftiehelpers        Quarantäne Application.AppInstall (A)
C:\ProgramData\babylon        Quarantäne Application.AppInstall (A)
C:\Users\Phillipê\AppData\Local\vghd        Quarantäne Application.AppInstall (A)
C:\Program Files (x86)\daemon tools toolbar        Quarantäne Application.AppInstall (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!        Quarantäne Application.AdStart (A)
C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torntv.com        Quarantäne Application.AdStart (A)

Quarantäne        42

cosinus 30.05.2014 22:46
Zitat:
F:\Spiele\Grand Theft Auto IV\LaunchGTAIV.exe Quarantäne Riskware.Win32.HackTool (A)
F:\Spiele\Call of Duty 8 - Modern Warfare 3\COD8.MW3.SP.Crack.Only-3DM.rar Quarantäne Trojan.Generic.7446411 (B)
F:\DL\Kane.and.Lynch.2.Dog.Days-RELOADED\steambackup.exe Quarantäne Trojan.Generic.5338659 (B)
F:\DL\Bulletstorm\Bulletstorm Install\SKIDROW\Binaries\Win32\SKIDROW.dll Quarantäne Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\SKIDROW\Binaries\Win32\SKIDROW.dll Quarantäne Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\sr-bustp.rar Quarantäne Trojan.Generic.5482034 (B)
F:\Spiele\Bulletstorm\Binaries\Win32\SKIDROW.dll Quarantäne Trojan.Generic.5482034 (B)
D:\Mafia2\Mafia II\pc\Mafia 2 Crackfix.exe Quarantäne Trojan.Generic.4653231 (B)
:pfui: :nono:

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Phil1337 31.05.2014 11:56
Ups :huepp:
Zu meiner verteidigung ich hatte damals schlicht kein Geld für spiele und Heute kaufe ich mir alles :heilig:

Naja müsste jetz alles runter sein, hier sind die neuen Logs(Malwarebytes und Emisoft haben nichts mehr gefunden und FRST hat mir keine Addition.txt ausgespuckt):


Gmer

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-31 12:45:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01113 298,09GB
Running: kom09zc9.exe; Driver: C:\Users\PHILLI~1\AppData\Local\Temp\afrdiaoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                        fffff800033fa000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                        fffff800033fa02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\services.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                              000000007756ef8d 1 byte [62]
.text    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    00000000771aa2fd 1 byte [62]
.text    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000075941465 2 bytes [94, 75]
.text    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000759414bb 2 bytes [94, 75]
.text    ...                                                                                                                                                      * 2
.text    C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                              000000007756ef8d 1 byte [62]
.text    C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                              000000007756ef8d 1 byte [62]
.text    C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                              000000007756ef8d 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  00000000771aa2fd 1 byte [62]
.text    C:\Windows\Explorer.EXE[2240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      000000007756ef8d 1 byte [62]
.text    C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                        000000007792fac0 5 bytes JMP 0000000100030600
.text    C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                            000000007792fb58 5 bytes JMP 0000000100030804
.text    C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                            000000007792fcb0 5 bytes JMP 0000000100030c0c
.text    C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                        0000000077930038 5 bytes JMP 0000000100030a08
.text    C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                            0000000077931920 5 bytes JMP 0000000100030e10
.text    C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                    000000007794c4dd 5 bytes JMP 00000001000301f8
.text    C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                  0000000077951287 5 bytes JMP 00000001000303fc
.text    C:\Windows\vVX1000.exe[2956] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                        00000000771aa2fd 1 byte [62]
.text    C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                          000000007792fac0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                              000000007792fb58 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                000000007792fcb0 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                            0000000077930038 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                0000000077931920 5 bytes JMP 0000000100030e10
.text    C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                        000000007794c4dd 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                      0000000077951287 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                          00000000771aa2fd 1 byte [62]
.text    D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                            000000007792fac0 5 bytes JMP 0000000100030600
.text    D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                000000007792fb58 5 bytes JMP 0000000100030804
.text    D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                000000007792fcb0 5 bytes JMP 0000000100030c0c
.text    D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                            0000000077930038 5 bytes JMP 0000000100030a08
.text    D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                0000000077931920 5 bytes JMP 0000000100030e10
.text    D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                        000000007794c4dd 5 bytes JMP 00000001000301f8
.text    D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                      0000000077951287 5 bytes JMP 00000001000303fc
.text    D:\Steam\Steam.exe[3004] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                            00000000771aa2fd 1 byte [62]
.text    D:\Steam\Steam.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                                    00000000764c54a9 5 bytes JMP 0000000100430800
.text    C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    0000000077753b10 5 bytes JMP 000000010023075c
.text    C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      0000000077757ac0 5 bytes JMP 00000001002303a4
.text    C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                        0000000077781430 5 bytes JMP 0000000100230b14
.text    C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                            0000000077781490 5 bytes JMP 0000000100230ecc
.text    C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077781570 5 bytes JMP 000000010023163c
.text    C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                          00000000777817b0 5 bytes JMP 0000000100231284
.text    C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              00000000777827e0 5 bytes JMP 00000001002319f4
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                      0000000077753b10 5 bytes JMP 000000010046075c
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                        0000000077757ac0 5 bytes JMP 00000001004603a4
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                            0000000077781430 5 bytes JMP 0000000100460b14
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                0000000077781490 5 bytes JMP 0000000100460ecc
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                0000000077781570 5 bytes JMP 000000010046163c
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                            00000000777817b0 5 bytes JMP 0000000100461284
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                00000000777827e0 5 bytes JMP 00000001004619f4
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                        000007feff3d6e00 5 bytes JMP 000007ff7f3f1dac
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                            000007feff3d6f2c 5 bytes JMP 000007ff7f3f0ecc
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                            000007feff3d7220 5 bytes JMP 000007ff7f3f1284
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                            000007feff3d739c 5 bytes JMP 000007ff7f3f163c
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                            000007feff3d7538 5 bytes JMP 000007ff7f3f19f4
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                  000007feff3d75e8 5 bytes JMP 000007ff7f3f03a4
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                  000007feff3d790c 5 bytes JMP 000007ff7f3f075c
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                    000007feff3d7ab4 5 bytes JMP 000007ff7f3f0b14
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                        000000007792fac0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                            000000007792fb58 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                            000000007792fcb0 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        0000000077930038 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                            0000000077931920 5 bytes JMP 0000000100030e10
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                    000000007794c4dd 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                  0000000077951287 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                        00000000771aa2fd 1 byte [62]
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                              000000007633ee09 5 bytes JMP 00000001002501f8
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                0000000076343982 5 bytes JMP 00000001002503fc
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                            0000000076347603 5 bytes JMP 0000000100250804
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                            000000007634835c 5 bytes JMP 0000000100250600
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                          000000007635f52b 5 bytes JMP 0000000100250a08
.text    C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                000007feff3d6e00 5 bytes JMP 000007ff7f3f1dac
.text    C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                    000007feff3d6f2c 5 bytes JMP 000007ff7f3f0ecc
.text    C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                    000007feff3d7220 5 bytes JMP 000007ff7f3f1284
.text    C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                    000007feff3d739c 5 bytes JMP 000007ff7f3f163c
.text    C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                    000007feff3d7538 5 bytes JMP 000007ff7f3f19f4
.text    C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                          000007feff3d75e8 5 bytes JMP 000007ff7f3f03a4
.text    C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                          000007feff3d790c 5 bytes JMP 000007ff7f3f075c
.text    C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                            000007feff3d7ab4 5 bytes JMP 000007ff7f3f0b14
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                        0000000077753b10 5 bytes JMP 00000001001e075c
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                          0000000077757ac0 5 bytes JMP 00000001001e03a4
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                              0000000077781430 5 bytes JMP 00000001001e0b14
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                  0000000077781490 5 bytes JMP 00000001001e0ecc
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                  0000000077781570 5 bytes JMP 00000001001e163c
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                              00000000777817b0 5 bytes JMP 00000001001e1284
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                  00000000777827e0 5 bytes JMP 00000001001e19f4
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                          000007feff3d6e00 5 bytes JMP 000007ff7f3f1dac
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                              000007feff3d6f2c 5 bytes JMP 000007ff7f3f0ecc
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                              000007feff3d7220 5 bytes JMP 000007ff7f3f1284
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                              000007feff3d739c 5 bytes JMP 000007ff7f3f163c
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                              000007feff3d7538 5 bytes JMP 000007ff7f3f19f4
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                    000007feff3d75e8 5 bytes JMP 000007ff7f3f03a4
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                    000007feff3d790c 5 bytes JMP 000007ff7f3f075c
.text    C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                      000007feff3d7ab4 5 bytes JMP 000007ff7f3f0b14
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077753b10 5 bytes JMP 000000010026075c
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                  0000000077757ac0 5 bytes JMP 00000001002603a4
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                    0000000077781430 5 bytes JMP 0000000100260b14
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                        0000000077781490 5 bytes JMP 0000000100260ecc
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077781570 5 bytes JMP 000000010026163c
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                      00000000777817b0 5 bytes JMP 0000000100261284
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          00000000777827e0 5 bytes JMP 00000001002619f4
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                  000007feff3d6e00 5 bytes JMP 000007ff7f3f1dac
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                      000007feff3d6f2c 5 bytes JMP 000007ff7f3f0ecc
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                      000007feff3d7220 5 bytes JMP 000007ff7f3f1284
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                    000007feff3d739c 5 bytes JMP 000007ff7f3f163c
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                    000007feff3d7538 5 bytes JMP 000007ff7f3f19f4
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                            000007feff3d75e8 5 bytes JMP 000007ff7f3f03a4
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                            000007feff3d790c 5 bytes JMP 000007ff7f3f075c
.text    C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                            000007feff3d7ab4 5 bytes JMP 000007ff7f3f0b14
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                        000000007792fac0 5 bytes JMP 0000000100030600
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                            000000007792fb58 5 bytes JMP 0000000100030804
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                              000000007792fcb0 5 bytes JMP 0000000100030c0c
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          0000000077930038 5 bytes JMP 0000000100030a08
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                              0000000077931920 5 bytes JMP 0000000100030e10
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                      000000007794c4dd 5 bytes JMP 00000001000301f8
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                    0000000077951287 5 bytes JMP 00000001000303fc
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                        00000000771aa2fd 1 byte [62]
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                000000007633ee09 5 bytes JMP 00000001001001f8
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                0000000076343982 5 bytes JMP 00000001001003fc
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                              0000000076347603 5 bytes JMP 0000000100100804
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                              000000007634835c 5 bytes JMP 0000000100100600
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                            000000007635f52b 5 bytes JMP 0000000100100a08
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                      0000000076505181 5 bytes JMP 0000000100111014
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                          0000000076505254 5 bytes JMP 0000000100110804
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                          00000000765053d5 5 bytes JMP 0000000100110a08
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                        00000000765054c2 5 bytes JMP 0000000100110c0c
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                        00000000765055e2 5 bytes JMP 0000000100110e10
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                000000007650567c 5 bytes JMP 00000001001101f8
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                000000007650589f 5 bytes JMP 00000001001103fc
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                0000000076505a22 3 bytes JMP 0000000100110600
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!DeleteService + 4                                                            0000000076505a26 1 byte [89]
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000075941465 2 bytes [94, 75]
.text    D:\Malwarebytes Anti-Malware\mbam.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000759414bb 2 bytes [94, 75]
.text    ...                                                                                                                                                      * 2
?        C:\Windows\system32\mssprxy.dll [6996] entry point in ".rdata" section                                                                                    00000000741d71e6
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                        000000007792fac0 5 bytes JMP 0000000100030600
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                            000000007792fb58 5 bytes JMP 0000000100030804
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                            000000007792fcb0 5 bytes JMP 0000000100030c0c
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                        0000000077930038 5 bytes JMP 0000000100030a08
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                            0000000077931920 5 bytes JMP 0000000100030e10
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                    000000007794c4dd 5 bytes JMP 00000001000301f8
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                  0000000077951287 5 bytes JMP 00000001000303fc
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                        00000000771aa2fd 1 byte [62]
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                    0000000076505181 5 bytes JMP 0000000100241014
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                        0000000076505254 5 bytes JMP 0000000100240804
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                        00000000765053d5 5 bytes JMP 0000000100240a08
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                        00000000765054c2 5 bytes JMP 0000000100240c0c
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                        00000000765055e2 5 bytes JMP 0000000100240e10
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                              000000007650567c 5 bytes JMP 00000001002401f8
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                              000000007650589f 5 bytes JMP 00000001002403fc
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                0000000076505a22 5 bytes JMP 0000000100240600
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                              000000007633ee09 5 bytes JMP 00000001002501f8
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                0000000076343982 5 bytes JMP 00000001002503fc
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                            0000000076347603 5 bytes JMP 0000000100250804
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                            000000007634835c 5 bytes JMP 0000000100250600
.text    C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                          000000007635f52b 5 bytes JMP 0000000100250a08

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [1104:1388]                                                                                                              000007fefabe331c
Thread    C:\Windows\System32\svchost.exe [1104:3520]                                                                                                              000007fef9a744e0
Thread    C:\Windows\System32\svchost.exe [1104:4024]                                                                                                              000007fef3a220c0
Thread    C:\Windows\System32\svchost.exe [1104:4100]                                                                                                              000007fef2f714a0
Thread    C:\Windows\System32\svchost.exe [1104:4116]                                                                                                              000007fef3a226a8
Thread    C:\Windows\System32\svchost.exe [1104:2844]                                                                                                              000007fef9d888f8
Thread    C:\Windows\System32\svchost.exe [1104:5004]                                                                                                              000007fef27da2b0
Thread    C:\Windows\System32\svchost.exe [1104:5584]                                                                                                              000007fef3a229dc
Thread    C:\Windows\System32\svchost.exe [1104:4804]                                                                                                              000007fef3a229dc
Thread    C:\Windows\System32\spoolsv.exe [1784:3040]                                                                                                              000007fef7fe10c8
Thread    C:\Windows\System32\spoolsv.exe [1784:3044]                                                                                                              000007fef7fa6144
Thread    C:\Windows\System32\spoolsv.exe [1784:3048]                                                                                                              000007fef9925fd0
Thread    C:\Windows\System32\spoolsv.exe [1784:3052]                                                                                                              000007fef9713438
Thread    C:\Windows\System32\spoolsv.exe [1784:3056]                                                                                                              000007fef99263ec
Thread    C:\Windows\System32\spoolsv.exe [1784:3064]                                                                                                              000007fef8985e5c
Thread    C:\Windows\System32\spoolsv.exe [1784:3068]                                                                                                              000007fef89b5074
Thread    C:\Windows\system32\svchost.exe [1848:4256]                                                                                                              000007fef3af2888
Thread    C:\Windows\system32\svchost.exe [2208:2268]                                                                                                              000007fef9925fd0
Thread    C:\Windows\system32\svchost.exe [2208:2272]                                                                                                              000007fef9713438
Thread    C:\Windows\system32\svchost.exe [2208:2276]                                                                                                              000007fef99263ec
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:4528]                                                                                            000007feff840168
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:5108]                                                                                            000007fefbd22a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:1216]                                                                                            000007feec7f4830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:1452]                                                                                            000007fef9c05124
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:480]                                                                                            000007feec779d90
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:6952]                                                                                            000007feec7f4830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:5908]                                                                                            000007feff840168
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:6528]                                                                                            000007feff840168
Thread    C:\Windows\System32\svchost.exe [2236:5872]                                                                                                              000007feedf99688
Thread    C:\Windows\System32\WUDFHost.exe [2824:2800]                                                                                                              000007fef23024a0

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                    2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                              aswFsBlk
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                    FSFilter Activity Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                          FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                              avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                aswFsBlk Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                      388400
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                    2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                    2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                              aswMonFlt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                    FSFilter Anti-Virus
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                          FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                              avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                aswMonFlt Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                    320700
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                aswRdr
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                      PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                            tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                avast! WFP Redirect driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                  \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                              nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                aswRvrt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                    392
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                    7468522
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                      \Device\Harddisk0\Partition1\Windows
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                        2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                                aswSnx
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                      FSFilter Virtualization
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                            FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                                avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                        2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                                  aswSnx Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                          137600
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                            0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                                    \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                      \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                                  aswSP
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                                  avast! Self Protection
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                    \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                        \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                                \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                      \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                                avast! Network Shield Support
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                      PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                            tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                                avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                        9
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                                aswVmm
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                                avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                              32
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                            2
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                        "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                      avast! Antivirus
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                            ShellSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                                  aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                        LocalSystem
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                      Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                          2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                        2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                                  aswFsBlk
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                        FSFilter Activity Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                              FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                                  avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                          2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                    aswFsBlk Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                          388400
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                            0
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                        2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                        2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                                    \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                                  aswMonFlt
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                        FSFilter Anti-Virus
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                              FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                                  avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                                    aswMonFlt Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                        320700
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                          0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                    aswRdr
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                          PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                                tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                    avast! WFP Redirect driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                      \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                  nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                          0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                                    aswRvrt
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                                    avast! Revert
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                                        392
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                                        7468522
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                          \Device\Harddisk0\Partition1\Windows
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                            2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                                    aswSnx
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                          FSFilter Virtualization
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                                FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                                    avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                            2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                                      aswSnx Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                              137600
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                                        \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                          \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                                      aswSP
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                                      avast! Self Protection
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                                        \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                            \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                                    \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                          \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                                                                      1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                                    avast! Network Shield Support
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                          PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                                tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                                    avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                            9
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                          0
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                                    aswVmm
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                                    avast! VM Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                                  32
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                                2
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                            "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                          avast! Antivirus
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                                ShellSvcGroup
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                                      aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                            LocalSystem
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                          Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                                        1

---- EOF - GMER 2.1 ----

Phil1337 31.05.2014 11:57
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Phillipê (administrator) on DRÖHNKISTE-C35D on 31-05-2014 12:32:44
Running from C:\Users\Phillipê\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Tunngle.net GmbH) D:\Tunngle\TnglCtrl.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(Valve Corporation) D:\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) D:\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM-x32\...\RunOnce: [20140529] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\744386a5-97c8-4008-8290-439eb78bad9a.exe /check [183208 2014-05-31] (AVAST Software)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [2624512 2010-07-22] ()
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [Steam] => D:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [EkuwiQaqab] => regsvr32.exe "C:\ProgramData\EkuwiQaqab.dat"
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: H - H:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {062f12c3-2890-11e0-bffa-1c6f659604aa} - G:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {d6cd9e04-5340-11e2-87a0-1c6f659604aa} - E:\FalloutLauncher.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x693498F99DBCCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=8EC600FFE8A7A881
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1                                activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\searchplugins-backup
FF Extension: DAEMON Tools Toolbar - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\DTToolbar@toolbarnet.com [2011-04-25]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ich@maltegoetz.de [2012-09-16]
FF Extension: ICQ Toolbar - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-08-05]
FF Extension: Facemoods - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ffxtlbr@Facemoods.com.xpi [2011-08-18]
FF Extension: Movie2kDownloader - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: Adblock Plus - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-25]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-10-02]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://scholar.google.de/schhp?hl=de
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Mozilla Plugins\npitunes.dll ()
CHR Extension: (ProxFlow) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-11-06]
CHR Extension: (Movie2kDownloader 2) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-08]
CHR Extension: (YouTube) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google-Suche) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (AdBlock) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-17]
CHR Extension: (avast! Online Security) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-17]
CHR Extension: (Skype Click to Call) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-05]
CHR Extension: (Simply Block Ads!) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2012-10-08]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-14]
CHR Extension: (Google Wallet) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-26]
CHR Extension: (Google Mail) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-08]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-24] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-26] ()
R2 TunngleService; D:\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-10] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-10] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-17] ()
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-25] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-09] ()
S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7040 2006-11-09] (SweetLow)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-17] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-31] (Malwarebytes Corporation)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 cpuz136; \??\C:\Users\PHILLI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 12:32 - 2014-05-31 12:32 - 00028532 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-05-31 12:31 - 2014-05-31 12:31 - 00000964 _____ () C:\Users\Phillipê\Desktop\emsisoft.txt
2014-05-31 11:20 - 2014-05-31 11:20 - 00001068 _____ () C:\Users\Phillipê\Desktop\malwarebytes.txt
2014-05-31 10:37 - 2014-05-31 10:37 - 00000000 ____D () C:\Users\Phillipê\Desktop\skid
2014-05-30 12:20 - 2014-05-30 12:26 - 00000308 _____ () C:\Users\Phillipê\Desktop\Neues Textdokument.txt
2014-05-30 11:51 - 2014-05-31 12:32 - 00000000 ____D () C:\FRST
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:49 - 2014-05-30 11:49 - 02066944 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 09:34 - 2014-05-31 12:31 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:26 - 2014-05-30 12:24 - 00010212 _____ () C:\Windows\PFRO.log
2014-05-30 09:16 - 2014-05-31 11:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 09:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 09:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 09:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:38 - 2014-05-30 12:24 - 00000448 _____ () C:\Windows\setupact.log
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 04:42 - 2014-05-31 10:32 - 00093497 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-15 20:26 - 2014-05-15 22:33 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-14 22:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:39 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:39 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:08 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 19:08 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:08 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 19:08 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 19:08 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 19:08 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 19:08 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:08 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 19:08 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 19:08 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 19:08 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-06 22:07 - 2014-05-15 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-31 12:32 - 2014-05-31 12:32 - 00028532 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-05-31 12:32 - 2014-05-30 11:51 - 00000000 ____D () C:\FRST
2014-05-31 12:32 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Temp
2014-05-31 12:31 - 2014-05-31 12:31 - 00000964 _____ () C:\Users\Phillipê\Desktop\emsisoft.txt
2014-05-31 12:31 - 2014-05-30 09:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-31 12:24 - 2011-02-26 13:33 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-31 12:10 - 2014-02-15 15:10 - 00000320 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-31 12:10 - 2013-06-19 21:10 - 00000306 _____ () C:\Windows\Tasks\DSite.job
2014-05-31 12:04 - 2012-04-02 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-31 11:20 - 2014-05-31 11:20 - 00001068 _____ () C:\Users\Phillipê\Desktop\malwarebytes.txt
2014-05-31 11:01 - 2014-05-30 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 10:37 - 2014-05-31 10:37 - 00000000 ____D () C:\Users\Phillipê\Desktop\skid
2014-05-31 10:32 - 2014-05-30 04:42 - 00093497 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 10:28 - 2011-02-26 13:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 10:27 - 2011-08-20 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2014-05-30 12:29 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 12:29 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 12:27 - 2012-08-29 17:58 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-30 12:26 - 2014-05-30 12:20 - 00000308 _____ () C:\Users\Phillipê\Desktop\Neues Textdokument.txt
2014-05-30 12:25 - 2012-05-19 13:41 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\LogMeIn Hamachi
2014-05-30 12:24 - 2014-05-30 09:26 - 00010212 _____ () C:\Windows\PFRO.log
2014-05-30 12:24 - 2014-05-30 05:38 - 00000448 _____ () C:\Windows\setupact.log
2014-05-30 12:24 - 2011-01-25 17:27 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-30 12:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 12:21 - 2011-02-13 12:56 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:50 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê
2014-05-30 11:49 - 2014-05-30 11:49 - 02066944 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:24 - 2014-02-10 21:10 - 00000000 ____D () C:\Users\Phillipê\AppData\Roaming\DigitalSites
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 04:32 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-30 00:10 - 2013-07-27 00:10 - 00000063 _____ () C:\Users\Phillipê\AppData\Roaming\WB.CFG
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-29 15:57 - 2011-01-26 21:33 - 00000000 ____D () C:\Users\Phillipê\Documents\My games
2014-05-29 15:31 - 2011-01-25 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 19:12 - 2011-04-15 16:53 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Fallout3
2014-05-26 06:36 - 2013-01-30 23:17 - 01632188 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-26 06:36 - 2009-07-14 19:58 - 00713594 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 06:36 - 2009-07-14 19:58 - 00155530 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 06:36 - 2009-07-14 07:13 - 01632188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 22:33 - 2014-05-15 20:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 18:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-15 17:15 - 2011-01-25 17:53 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-15 16:58 - 2012-11-02 22:37 - 00000000 ___RD () C:\Users\Phillipê\Desktop\GameZ
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:55 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 22:38 - 2013-08-14 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:38 - 2011-02-27 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:37 - 2011-08-07 16:45 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:05 - 2011-08-07 16:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-13 20:20 - 2013-06-11 20:12 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-30 09:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-30 09:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 09:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-14 19:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:19 - 2011-02-26 13:33 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:19 - 2011-02-26 13:33 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-14 22:39 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:39 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 15:39 - 2011-03-20 14:47 - 00000000 ____D () C:\Users\Phillipê\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\Phillipê\AppData\Local\Temp\drm_dyndata_7380014.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 19:17

==================== End Of Log ============================
--- --- ---

cosinus 01.06.2014 11:58
Bitte auch ne neue Additions.txt machen. Haken setzen bei Addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Phil1337 01.06.2014 12:49
addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014
Ran by Phillipê at 2014-06-01 13:47:50
Running from C:\Users\Phillipê\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.09 - GIGABYTE)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock Infinite version 1.0.0.0 (HKLM-x32\...\BioShock Infinite_is1) (Version: 1.0.0.0 - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29343 - BitTorrent Inc.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.9 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help English (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help French (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help German (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.1125.2148.39102 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DayZ Commander (HKLM-x32\...\{67BE448F-7813-4466-A767-85EF5BBAC1D1}) (Version: 1.09.70 - Dotjosh Studios)
Dead Rising 2 (HKLM-x32\...\GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}) (Version: 1.0.0000.130 - Capcom)
Dead Rising 2 (x32 Version: 1.0.0000.130 - Capcom) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Deus Ex - Invisible War (HKLM-x32\...\{47BE1E5F-8978-484B-BE86-B616C00EA75A}) (Version: 1.00.0000 - )
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Easy Tune 6 B10.1024.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.1024.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - )
FLAC To MP3 V4.0.5 (HKLM-x32\...\FLAC To MP3_is1) (Version:  - FLAC To MP3, Inc.)
Foldit (HKLM-x32\...\Foldit) (Version:  - )
Free Studio version 5.0.3 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{C768E610-4DFB-4A60-A59B-71549EB7BF75}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kane and Lynch: Dead Men (HKLM-x32\...\{A66C4716-7E10-4A53-8101-00C3C11D6A9C}) (Version: 1.00.0000 - Eidos)
K-Lite Codec Pack 9.9.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{8973F26D-3E74-481C-AF11-FDC7D0089E96}) (Version: 10.07.0002 - Ihr Firmenname)
MOUSE Editor (x32 Version: 10.07.0002 - Ihr Firmenname) Hidden
Mozilla Firefox 16.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-964f1b46-0a2c-4960-ac16-5d146edf634d) (Version:  - Epic Games, Inc.)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1509 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.4 - )
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Singularity (HKLM-x32\...\Steam App 42670) (Version:  - )
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2011-07-30 13:57 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                                activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {0740D52B-D79C-49D5-AC41-0E24D20CB325} - System32\Tasks\Digital Sites => C:\Users\PHILLI~1\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {18FF80B1-9A8C-4ECE-BDF1-60958BD91B36} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
Task: {1D47DC25-E59E-4DF6-9532-794AA82A0868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: {2529AC27-E1A5-459E-93AD-1B7AE188DAFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {267E2320-6708-4151-A59C-159688C336D4} - System32\Tasks\DSite => C:\Users\PHILLI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {42945CE0-7500-4909-8CEF-667BC0A3D4F9} - System32\Tasks\{24ECB2F1-8B87-4CE4-BDF6-8055A5D64855} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {7B3C30B0-63D4-4085-B134-4B7298F8AC27} - System32\Tasks\DealPly => C:\Users\PHILLI~1\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {925BCC9E-3CD0-40EB-8689-E392FAE14F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A2AC332B-6B8C-4817-8310-681AD8A09CEB} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {B05C7659-234E-43D3-9B6F-CFB04FB12371} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {B40C0A91-7445-4597-B684-DA4330385069} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE1F2ADC-A293-4886-8B4D-25D5AF0B92D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {E813C1C9-B934-4D36-BE6E-15E401A255A5} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EA42980F-B5F2-463C-B881-285129EF7341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\PHILLI~1\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\PHILLI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-25 16:42 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2011-01-25 18:04 - 2013-05-26 15:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-22 08:15 - 2010-07-22 08:15 - 02624512 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-11-25 22:46 - 2010-11-25 22:46 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-31 10:29 - 2014-05-30 20:43 - 02295808 _____ () C:\Program Files\Alwil Software\Avast5\defs\14053001\algo.dll
2014-06-01 13:47 - 2014-06-01 09:30 - 02295808 _____ () C:\Program Files\Alwil Software\Avast5\defs\14060100\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-25 16:42 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2011-02-11 17:28 - 2011-05-31 18:07 - 01852759 _____ () D:\Tunngle\libeay32.dll
2010-06-01 05:41 - 2010-06-01 05:41 - 00098816 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00094208 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-04-03 05:36 - 2010-04-03 05:36 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00127488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2010-05-07 17:05 - 2010-05-07 17:05 - 00042496 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_ABA4318D4E55179246F0B38EF7E0EE65 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN22F190YK05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: WhatPulse => F:\WhatPulse\WhatPulse.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Phillipê\AppData\Roaming\Yontoo\YontooDesktop.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 10:28:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.2.183.21, Zeitstempel: 0x4b95e661
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (05/30/2014 00:55:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9002

Error: (05/30/2014 00:55:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9002

Error: (05/30/2014 00:55:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2014 00:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (05/30/2014 00:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (05/30/2014 00:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2014 00:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

Error: (05/30/2014 00:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005

Error: (05/30/2014 00:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/01/2014 01:43:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/01/2014 01:43:00 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006721b50, 0xfffff8000489a3d0)C:\Windows\MEMORY.DMP060114-24429-01

Error: (05/31/2014 00:35:30 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/30/2014 00:33:37 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/30/2014 00:24:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/30/2014 11:55:08 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (05/30/2014 11:55:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (05/30/2014 11:55:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (05/30/2014 11:55:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (05/30/2014 11:55:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-27 18:56:28.920
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:56:28.826
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:55:48.150
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:55:48.056
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:34.363
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:34.269
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:16.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:16.839
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-23 19:03:22.932
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-23 19:03:22.880
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8175.43 MB
Available physical RAM: 6021.8 MB
Total Pagefile: 16349.04 MB
Available Pagefile: 13628.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:9.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:249.26 GB) (Free:30.82 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:321.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B2BEB335)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 66205247)
No partition Table on disk 1.

==================== End Of Log ============================

cosinus 01.06.2014 13:06
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [EkuwiQaqab] => regsvr32.exe "C:\ProgramData\EkuwiQaqab.dat"
Hosts: 127.0.0.1                                activate.adobe.com
C:\ProgramData\EkuwiQaqab.dat

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Phil1337 01.06.2014 13:30
Avast lässt sich wieder starten.

Fixlog

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by Phillipê at 2014-06-01 14:29:41 Run:1
Running from C:\Users\Phillipê\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [EkuwiQaqab] => regsvr32.exe "C:\ProgramData\EkuwiQaqab.dat"
Hosts: 127.0.0.1                                activate.adobe.com
C:\ProgramData\EkuwiQaqab.dat
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} => Value deleted successfully.
HKCR\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} => Key not found.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EkuwiQaqab => Value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"C:\ProgramData\EkuwiQaqab.dat" => File/Directory not found.

==== End of Fixlog ====

cosinus 01.06.2014 23:18
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Phil1337 02.06.2014 16:33
Während adwcleaner lief hat Avast eine Warnung ausgespuckt, dass versucht wurde "sqlite3.dll" herunterzuladen. Da mir Name und Quelle sehr suspekt waren habe ich die Verbindung trennen lassen.

ADW

Code:
# AdwCleaner v3.211 - Bericht erstellt am 02/06/2014 um 17:13:45
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Phillipê - DRÖHNKISTE-C35D
# Gestartet von : C:\Users\Phillipê\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Phillipê\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Conduit
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\ConduitEngine
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\ICQToolbarData
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\DTToolbar@toolbarnet.com
Ordner Gelöscht : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Ordner Gelöscht : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ffxtlbr@Facemoods.com.xpi
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.gif
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.src
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-11.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-12.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-13.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-14.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-15.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-16.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-17.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-18.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-19.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-9.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\user.js
Datei Gelöscht : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Datei Gelöscht : C:\Windows\System32\Tasks\DSite
Datei Gelöscht : C:\Windows\System32\Tasks\Express FilesUpdate
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic update version3
Datei Gelöscht : C:\Windows\System32\Tasks\QtraxPlayer

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdaterHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdaterHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKCU\Software\53538ddfb46ded45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamachi_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamachi_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C17A0751-580B-466B-8271-5C73EFDC1295}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v16.0.1 (en-US)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\t5v5t66e.default\prefs.js ]


[ Datei : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js ]

Zeile gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1000515", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Zeile gelöscht : user_pref("CT2269050.CT2269050", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "18-1-2013");
Zeile gelöscht : user_pref("CT2269050.DSInstall", true);
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Fri Jan 18 2013 21:24:49 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "24-4-2012");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.HPInstall", true);
Zeile gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2269050.InstallationType", "Unknown");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Tue Apr 24 2012 17:28:17 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jan 18 2013 21:24:49 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Wed Apr 25 2012 23:59:31 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 21:34:10 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 13:32:14 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 22:16:06 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Tue Nov 06 2012 21:19:38 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Fri Jan 18 2013 21:24:49 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "3.16.0.3");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.12.0.7");
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "google.de");
Zeile gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jan 18 2013 21:24:45 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Fri Jan 18 2013 21:24:45 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Fri Jan 18 2013 21:24:45 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1358518258");
Zeile gelöscht : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Zeile gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2269050.UserID", "UN53740589541996318");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.components.1000515", true);
Zeile gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.initDone", true);
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.navigateToUrlOnSearch", false);
Zeile gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.testingCtid", "");
Zeile gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Fri Jan 18 2013 21:24:49 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"bbcad46825955537321176fe87a84f773\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1353315459\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80927e5f86f7cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"0697a2066791d3f9dfa6c976583f2c5c\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e9e14adcb2fc3b9e7b3edbe50330f5cd\"");
Zeile gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 16 2011 14:55:31 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jul 24 2011 12:02:28 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 26 2011 18:13:40 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "c2a159f6-0359-4295-8e32-9af02d75faa2");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "f3b495c1-9236-429f-8c10-7b42849c8c6d");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "google.de");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 16 2011 14:55:32 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "04/16/2011 15");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Sat Apr 16 2011 14:55:46 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 16 2011 14:55:31 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Apr 16 2011 14:55:32 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Apr 16 2011 14:55:31 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN04976286415552067");
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "en-US");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 16 2011 14:55:31 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Apr 16 2011 14:55:32 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@Facemoods.com:1.4.0,{800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145,wrc@avast.com:7.0.1466,ich@maltegoetz.d[...]
Zeile gelöscht : user_pref("extensions.enabledItems", "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,ffxtlbr@Facemoods.com:1.2.1,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}[...]
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.defSearchChange", true);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1358540683);
Zeile gelöscht : user_pref("icqtoolbar.history", "holy%20organ%20porn||moxxi||borderlands%202%20you%20cant%20ignore%20me||workaholics%20season%204||borderlands%202%20thousand%20cuts%20eridian%20shrine||Ibotens%C3%A4ur[...]
Zeile gelöscht : user_pref("icqtoolbar.hpChange", true);
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1344147227");
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "16.0.1");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "129727059212972709351297358609724");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1358540689);
Zeile gelöscht : user_pref("icqtoolbar.userEngineApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : jbpkiefagocgkmemidfngdkamloieekf

*************************

AdwCleaner[R0].txt - [34493 octets] - [02/06/2014 17:12:24]
AdwCleaner[S0].txt - [33334 octets] - [02/06/2014 17:13:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33395 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Phillipˆ on 02.06.2014 at 17:22:33,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1406149438-3228825593-328108524-1000\Software\sweetim



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.06.2014 at 17:26:59,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Phillipê (administrator) on DRÖHNKISTE-C35D on 02-06-2014 17:28:00
Running from C:\Users\Phillipê\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Tunngle.net GmbH) D:\Tunngle\TnglCtrl.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(Valve Corporation) D:\Steam\Steam.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [2624512 2010-07-22] ()
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [Steam] => D:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: H - H:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {062f12c3-2890-11e0-bffa-1c6f659604aa} - G:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {d6cd9e04-5340-11e2-87a0-1c6f659604aa} - E:\FalloutLauncher.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x693498F99DBCCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\searchplugins-backup
FF Extension: ProxTube - Unblock YouTube - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ich@maltegoetz.de [2012-09-16]
FF Extension: Adblock Plus - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-25]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-10-02]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://scholar.google.de/schhp?hl=de
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Mozilla Plugins\npitunes.dll ()
CHR Extension: (ProxFlow) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-11-06]
CHR Extension: (No Name) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-08]
CHR Extension: (YouTube) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google-Suche) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (AdBlock) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-17]
CHR Extension: (avast! Online Security) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-17]
CHR Extension: (Skype Click to Call) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-05]
CHR Extension: (Simply Block Ads!) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2012-10-08]
CHR Extension: (No Name) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-14]
CHR Extension: (Google Wallet) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-26]
CHR Extension: (Google Mail) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-24] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-26] ()
R2 TunngleService; D:\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-10] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-10] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-17] ()
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-25] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-09] ()
S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7040 2006-11-09] (SweetLow)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-17] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 cpuz136; \??\C:\Users\PHILLI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 17:27 - 2014-06-02 17:28 - 00020267 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-06-02 17:26 - 2014-06-02 17:27 - 00000813 _____ () C:\Users\Phillipê\Desktop\JRT.txt
2014-06-02 17:20 - 2014-06-02 17:20 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 17:19 - 2014-06-02 17:19 - 00033608 _____ () C:\Users\Phillipê\Desktop\AdwCleaner[S0].txt
2014-06-02 17:12 - 2014-06-02 17:16 - 00000000 ____D () C:\AdwCleaner
2014-06-02 17:12 - 2010-08-30 08:34 - 00479232 _____ () C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 17:11 - 2014-06-02 17:11 - 01016261 _____ (Thisisu) C:\Users\Phillipê\Desktop\JRT_6.1.4.exe
2014-06-02 17:09 - 2014-06-02 17:09 - 02067456 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-06-02 17:09 - 2014-06-02 17:09 - 01327971 _____ () C:\Users\Phillipê\Desktop\adwcleaner_3.211.exe
2014-06-01 13:47 - 2014-06-01 13:47 - 00000000 ____D () C:\Users\Phillipê\Desktop\FRST-OlderVersion
2014-06-01 13:42 - 2014-06-01 13:42 - 00480944 _____ () C:\Windows\Minidump\060114-24429-01.dmp
2014-05-31 10:37 - 2014-05-31 10:37 - 00000000 ____D () C:\Users\Phillipê\Desktop\skid
2014-05-30 11:51 - 2014-06-02 17:28 - 00000000 ____D () C:\FRST
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 09:34 - 2014-05-31 12:59 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:26 - 2014-06-02 17:17 - 00010522 _____ () C:\Windows\PFRO.log
2014-05-30 09:16 - 2014-05-31 11:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 09:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 09:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 09:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:38 - 2014-06-02 17:17 - 00000616 _____ () C:\Windows\setupact.log
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 04:42 - 2014-06-02 17:21 - 00144170 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-15 20:26 - 2014-05-15 22:33 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-14 22:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:39 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:39 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:08 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 19:08 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:08 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 19:08 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 19:08 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 19:08 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 19:08 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:08 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 19:08 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 19:08 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 19:08 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-06 22:07 - 2014-05-15 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-02 17:28 - 2014-06-02 17:27 - 00020267 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-06-02 17:28 - 2014-05-30 11:51 - 00000000 ____D () C:\FRST
2014-06-02 17:28 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Temp
2014-06-02 17:27 - 2014-06-02 17:26 - 00000813 _____ () C:\Users\Phillipê\Desktop\JRT.txt
2014-06-02 17:25 - 2011-02-26 13:33 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 17:22 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 17:22 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 17:21 - 2014-05-30 04:42 - 00144170 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 17:20 - 2014-06-02 17:20 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 17:19 - 2014-06-02 17:19 - 00033608 _____ () C:\Users\Phillipê\Desktop\AdwCleaner[S0].txt
2014-06-02 17:18 - 2012-05-19 13:41 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\LogMeIn Hamachi
2014-06-02 17:17 - 2014-05-30 09:26 - 00010522 _____ () C:\Windows\PFRO.log
2014-06-02 17:17 - 2014-05-30 05:38 - 00000616 _____ () C:\Windows\setupact.log
2014-06-02 17:17 - 2011-02-26 13:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 17:17 - 2011-01-25 17:27 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-06-02 17:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 17:16 - 2014-06-02 17:12 - 00000000 ____D () C:\AdwCleaner
2014-06-02 17:16 - 2011-02-13 12:56 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-06-02 17:11 - 2014-06-02 17:11 - 01016261 _____ (Thisisu) C:\Users\Phillipê\Desktop\JRT_6.1.4.exe
2014-06-02 17:09 - 2014-06-02 17:09 - 02067456 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-06-02 17:09 - 2014-06-02 17:09 - 01327971 _____ () C:\Users\Phillipê\Desktop\adwcleaner_3.211.exe
2014-06-02 17:04 - 2012-04-02 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 13:47 - 2014-06-01 13:47 - 00000000 ____D () C:\Users\Phillipê\Desktop\FRST-OlderVersion
2014-06-01 13:42 - 2014-06-01 13:42 - 00480944 _____ () C:\Windows\Minidump\060114-24429-01.dmp
2014-06-01 13:42 - 2011-01-29 14:51 - 00000000 ____D () C:\Windows\Minidump
2014-05-31 12:59 - 2014-05-30 09:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-31 11:01 - 2014-05-30 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 10:37 - 2014-05-31 10:37 - 00000000 ____D () C:\Users\Phillipê\Desktop\skid
2014-05-31 10:27 - 2011-08-20 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2014-05-30 12:27 - 2012-08-29 17:58 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:50 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 04:32 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-30 00:10 - 2013-07-27 00:10 - 00000063 _____ () C:\Users\Phillipê\AppData\Roaming\WB.CFG
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-29 15:57 - 2011-01-26 21:33 - 00000000 ____D () C:\Users\Phillipê\Documents\My games
2014-05-29 15:31 - 2011-01-25 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 19:12 - 2011-04-15 16:53 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Fallout3
2014-05-26 06:36 - 2013-01-30 23:17 - 01632188 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-26 06:36 - 2009-07-14 19:58 - 00713594 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 06:36 - 2009-07-14 19:58 - 00155530 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 06:36 - 2009-07-14 07:13 - 01632188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 22:33 - 2014-05-15 20:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 18:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-15 17:15 - 2011-01-25 17:53 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-15 16:58 - 2012-11-02 22:37 - 00000000 ___RD () C:\Users\Phillipê\Desktop\GameZ
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:55 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 22:38 - 2013-08-14 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:38 - 2011-02-27 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:37 - 2011-08-07 16:45 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:05 - 2011-08-07 16:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-13 20:20 - 2013-06-11 20:12 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-30 09:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-30 09:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 09:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-14 19:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:19 - 2011-02-26 13:33 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:19 - 2011-02-26 13:33 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-14 22:39 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:39 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Phillipê\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Phillipê\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 19:17

==================== End Of Log ============================
--- --- ---


Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by Phillipê at 2014-06-02 17:28:24
Running from C:\Users\Phillipê\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.09 - GIGABYTE)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock Infinite version 1.0.0.0 (HKLM-x32\...\BioShock Infinite_is1) (Version: 1.0.0.0 - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29343 - BitTorrent Inc.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.9 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help English (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help French (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help German (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.1125.2148.39102 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DayZ Commander (HKLM-x32\...\{67BE448F-7813-4466-A767-85EF5BBAC1D1}) (Version: 1.09.70 - Dotjosh Studios)
Dead Rising 2 (HKLM-x32\...\GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}) (Version: 1.0.0000.130 - Capcom)
Dead Rising 2 (x32 Version: 1.0.0000.130 - Capcom) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Deus Ex - Invisible War (HKLM-x32\...\{47BE1E5F-8978-484B-BE86-B616C00EA75A}) (Version: 1.00.0000 - )
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Easy Tune 6 B10.1024.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.1024.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - )
FLAC To MP3 V4.0.5 (HKLM-x32\...\FLAC To MP3_is1) (Version:  - FLAC To MP3, Inc.)
Foldit (HKLM-x32\...\Foldit) (Version:  - )
Free Studio version 5.0.3 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{C768E610-4DFB-4A60-A59B-71549EB7BF75}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kane and Lynch: Dead Men (HKLM-x32\...\{A66C4716-7E10-4A53-8101-00C3C11D6A9C}) (Version: 1.00.0000 - Eidos)
K-Lite Codec Pack 9.9.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{8973F26D-3E74-481C-AF11-FDC7D0089E96}) (Version: 10.07.0002 - Ihr Firmenname)
MOUSE Editor (x32 Version: 10.07.0002 - Ihr Firmenname) Hidden
Mozilla Firefox 16.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-964f1b46-0a2c-4960-ac16-5d146edf634d) (Version:  - Epic Games, Inc.)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1509 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.4 - )
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Singularity (HKLM-x32\...\Steam App 42670) (Version:  - )
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

01-06-2014 14:00:05 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-01 14:29 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0740D52B-D79C-49D5-AC41-0E24D20CB325} - \Digital Sites No Task File <==== ATTENTION
Task: {18FF80B1-9A8C-4ECE-BDF1-60958BD91B36} - \QtraxPlayer No Task File <==== ATTENTION
Task: {1D47DC25-E59E-4DF6-9532-794AA82A0868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: {2529AC27-E1A5-459E-93AD-1B7AE188DAFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {267E2320-6708-4151-A59C-159688C336D4} - \DSite No Task File <==== ATTENTION
Task: {42945CE0-7500-4909-8CEF-667BC0A3D4F9} - System32\Tasks\{24ECB2F1-8B87-4CE4-BDF6-8055A5D64855} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {7B3C30B0-63D4-4085-B134-4B7298F8AC27} - \DealPly No Task File <==== ATTENTION
Task: {925BCC9E-3CD0-40EB-8689-E392FAE14F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A2AC332B-6B8C-4817-8310-681AD8A09CEB} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {B05C7659-234E-43D3-9B6F-CFB04FB12371} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {B40C0A91-7445-4597-B684-DA4330385069} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE1F2ADC-A293-4886-8B4D-25D5AF0B92D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {E813C1C9-B934-4D36-BE6E-15E401A255A5} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EA42980F-B5F2-463C-B881-285129EF7341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-25 16:42 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2011-01-25 18:04 - 2013-05-26 15:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-22 08:15 - 2010-07-22 08:15 - 02624512 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-06-02 17:02 - 2014-06-02 09:54 - 02295808 _____ () C:\Program Files\Alwil Software\Avast5\defs\14060200\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-25 16:42 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2011-02-11 17:28 - 2011-05-31 18:07 - 01852759 _____ () D:\Tunngle\libeay32.dll
2010-06-01 05:41 - 2010-06-01 05:41 - 00098816 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00094208 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-04-03 05:36 - 2010-04-03 05:36 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00127488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2010-05-07 17:05 - 2010-05-07 17:05 - 00042496 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2014-05-22 13:27 - 2014-04-30 02:08 - 01135104 _____ () D:\Steam\libavcodec-55.dll
2014-04-23 15:25 - 2014-04-30 02:08 - 00471552 _____ () D:\Steam\libavutil-53.dll
2014-05-22 13:27 - 2014-04-30 02:08 - 00404992 _____ () D:\Steam\libavformat-55.dll
2014-01-12 15:12 - 2014-04-30 02:08 - 00340992 _____ () D:\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-05-17 03:36 - 00756224 _____ () D:\Steam\SDL2.dll
2014-05-22 13:27 - 2014-05-29 19:37 - 02139840 _____ () D:\Steam\video.dll
2014-05-22 13:27 - 2014-04-29 02:37 - 00519168 _____ () D:\Steam\libswscale-2.dll
2011-07-23 23:17 - 2014-05-29 19:36 - 01116864 _____ () D:\Steam\bin\chromehtml.DLL
2011-02-06 21:31 - 2014-05-02 01:35 - 20628160 _____ () D:\Steam\bin\libcef.dll
2012-03-17 15:41 - 2013-06-15 01:49 - 01100800 _____ () D:\Steam\bin\avcodec-53.dll
2012-03-17 15:41 - 2013-06-15 01:49 - 00124416 _____ () D:\Steam\bin\avutil-51.dll
2012-03-17 15:41 - 2013-06-15 01:49 - 00192000 _____ () D:\Steam\bin\avformat-53.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_ABA4318D4E55179246F0B38EF7E0EE65 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN22F190YK05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: WhatPulse => F:\WhatPulse\WhatPulse.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Phillipê\AppData\Roaming\Yontoo\YontooDesktop.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-27 18:56:28.920
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:56:28.826
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:55:48.150
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:55:48.056
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:34.363
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:34.269
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:16.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 18:52:16.839
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-23 19:03:22.932
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-23 19:03:22.880
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 8175.43 MB
Available physical RAM: 6361.97 MB
Total Pagefile: 16349.04 MB
Available Pagefile: 14432.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:8.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:249.26 GB) (Free:30.82 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:321.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B2BEB335)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 66205247)
No partition Table on disk 1.

==================== End Of Log ============================

cosinus 02.06.2014 21:15
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {0740D52B-D79C-49D5-AC41-0E24D20CB325} - \Digital Sites No Task File <==== ATTENTION
Task: {18FF80B1-9A8C-4ECE-BDF1-60958BD91B36} - \QtraxPlayer No Task File <==== ATTENTION
Task: {267E2320-6708-4151-A59C-159688C336D4} - \DSite No Task File <==== ATTENTION
Task: {7B3C30B0-63D4-4085-B134-4B7298F8AC27} - \DealPly No Task File <==== ATTENTION
Task: {A2AC332B-6B8C-4817-8310-681AD8A09CEB} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {B05C7659-234E-43D3-9B6F-CFB04FB12371} - \Express FilesUpdate No Task File <==== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Alle Zeitangaben in WEZ +1. Es ist jetzt 10:41 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27