Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 64bit, Security Essentials wird durch Gruppenrichtlinie geblockt + Werbung poppt auf (https://www.trojaner-board.de/154785-windows-7-64bit-security-essentials-gruppenrichtlinie-geblockt-werbung-poppt.html)

EizFlo 04.06.2014 13:44
Windows 7 64bit, Security Essentials wird durch Gruppenrichtlinie geblockt + Werbung poppt auf
 
Hallo,

Bei mir lässt sich Microsoft Security Essentials nicht mehr öffnen.
Es kommt die Meldung: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert.

Zusätzlich öffnen sich öfters einfach Browserfenster mit diverser Werbung.

Ein Kumpel hatte mir dann schon paar Tipps gegeben was ich machen könnte.
Ich habe MbAM , adwcleaner und JRT heruntergeladen und schon ausgeführt.

Das Ergebnis war keine Veränderung der Symptome.

Hier alle Logfiles von den 3 Programmen:

mbam:
als zip angehängt da sonst der Post zu viele Zeichen hat.


adwcleaner:
Code:
# AdwCleaner v3.211 - Bericht erstellt am 04/06/2014 um 00:13:20
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Flo - FLO-PC
# Gestartet von : C:\Users\Flo\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\Flo\AppData\Local\globalUpdate
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.ini
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\System32\SecureAssist.ini
Datei Gelöscht : C:\Windows\System32\SecureAssist64.dll
Datei Gelöscht : C:\Windows\System32\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3216 octets] - [04/06/2014 00:12:12]
AdwCleaner[S0].txt - [2982 octets] - [04/06/2014 00:13:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3042 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Flo on 04.06.2014 at  0:48:16,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.06.2014 at  0:54:00,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier jetzt noch die Logs aus der Checkliste:

defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:42 on 04/06/2014 (Flo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Flo (administrator) on FLO-PC on 04-06-2014 13:45:01
Running from C:\Users\Flo\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Flo\AppData\Local\Genesis_06030204\Genesis_06030204.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-24] (Microsoft Corporation)
HKU\S-1-5-21-1996519803-3398682263-2091852082-1000\...\Run: [POEngine5] => [X]
HKU\S-1-5-21-1996519803-3398682263-2091852082-1000\...\Run: [chfipqw] => regsvr32.exe "C:\ProgramData\chfipqw.dat"
HKU\S-1-5-21-1996519803-3398682263-2091852082-1000\...\Run: [genesis_06030204] => c:\users\flo\appdata\local\genesis_06030204\genesis_06030204.exe [2703360 2014-06-03] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8A4C01FB36FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} hxxp://www.king.com/ctl/kingcomie.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - c:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.919.433.1_0\plugin/ace.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (VLC Web Plugin) - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Docs) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (YouTube) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-26]
CHR Extension: (Google-Suche) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-26]
CHR Extension: (Hangouts) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-09-26]
CHR Extension: (Google Wallet) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Google Mail) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-26]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 13:45 - 2014-06-04 13:45 - 00011214 _____ () C:\Users\Flo\Desktop\FRST.txt
2014-06-04 13:44 - 2014-06-04 13:45 - 00000000 ____D () C:\FRST
2014-06-04 13:43 - 2014-06-04 13:43 - 02068992 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe
2014-06-04 13:42 - 2014-06-04 13:42 - 00000468 _____ () C:\Users\Flo\Desktop\defogger_disable.log
2014-06-04 13:41 - 2014-06-04 13:41 - 00000000 _____ () C:\Users\Flo\defogger_reenable
2014-06-04 13:39 - 2014-06-04 13:39 - 00050477 _____ () C:\Users\Flo\Desktop\Defogger.exe
2014-06-04 00:54 - 2014-06-04 00:54 - 00000619 _____ () C:\Users\Flo\Desktop\JRT.txt
2014-06-04 00:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 00:17 - 2014-06-04 00:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 00:12 - 2014-06-04 00:44 - 00000000 ____D () C:\AdwCleaner
2014-06-04 00:10 - 2014-06-04 00:09 - 01327971 _____ () C:\Users\Flo\Desktop\adwcleaner_3.211.exe
2014-06-04 00:10 - 2014-06-04 00:09 - 01016261 _____ (Thisisu) C:\Users\Flo\Desktop\JRT.exe
2014-06-03 23:27 - 2014-06-04 13:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 23:27 - 2014-06-03 23:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 23:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 23:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 23:25 - 2014-06-03 23:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Flo\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 04:36 - 2014-06-03 05:28 - 00027596 _____ () C:\Users\Flo\Documents\Mein Film.wlmp
2014-06-03 04:13 - 2014-06-03 04:13 - 00000000 ____D () C:\Windows\de
2014-06-03 04:12 - 2014-06-03 04:12 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-03 04:11 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-03 04:09 - 2014-06-03 04:13 - 00000000 ____D () C:\Users\Flo\AppData\Local\Windows Live
2014-06-03 04:04 - 2014-06-04 13:44 - 00000000 ____D () C:\Users\Flo\AppData\Local\Genesis_06030204
2014-06-03 04:04 - 2014-06-03 23:41 - 00000000 ____D () C:\temp
2014-06-03 03:22 - 2013-01-01 21:37 - 123502592 _____ () C:\Users\Flo\Desktop\MOVI0006.avi
2014-06-03 03:22 - 2013-01-01 21:35 - 838434816 _____ () C:\Users\Flo\Desktop\MOVI0005.avi
2014-06-03 02:48 - 2014-06-03 02:48 - 00001050 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-03 02:25 - 2014-06-03 02:47 - 00000000 ____D () C:\Users\Flo\Desktop\blade
2014-05-28 00:37 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-28 00:36 - 2014-05-15 01:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-28 00:33 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-28 00:33 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-28 00:05 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-28 00:05 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-19 21:42 - 2014-05-19 21:44 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\GameMaker-Studio
2014-05-16 03:02 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 03:02 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 03:02 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 03:02 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 03:02 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 03:02 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 13:44 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 13:44 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 13:44 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:44 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:44 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:44 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:44 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:43 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:43 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:43 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:43 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:43 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:43 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:43 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:43 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:43 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:37 - 2014-05-14 18:37 - 00000668 _____ () C:\Users\Public\Desktop\Guitar Pro 6.lnk
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2014-05-14 18:34 - 2014-05-14 18:36 - 149385851 _____ (Arobas Music ) C:\Users\Flo\Downloads\Guitar_Pro_6.exe
2014-05-06 15:32 - 2014-05-16 03:47 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-04 13:45 - 2014-06-04 13:45 - 00011214 _____ () C:\Users\Flo\Desktop\FRST.txt
2014-06-04 13:45 - 2014-06-04 13:44 - 00000000 ____D () C:\FRST
2014-06-04 13:45 - 2013-06-21 15:30 - 00000000 ____D () C:\Users\Flo\AppData\Local\Temp
2014-06-04 13:44 - 2014-06-03 04:04 - 00000000 ____D () C:\Users\Flo\AppData\Local\Genesis_06030204
2014-06-04 13:43 - 2014-06-04 13:43 - 02068992 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe
2014-06-04 13:42 - 2014-06-04 13:42 - 00000468 _____ () C:\Users\Flo\Desktop\defogger_disable.log
2014-06-04 13:41 - 2014-06-04 13:41 - 00000000 _____ () C:\Users\Flo\defogger_reenable
2014-06-04 13:41 - 2013-06-21 15:30 - 00000000 ____D () C:\Users\Flo
2014-06-04 13:39 - 2014-06-04 13:39 - 00050477 _____ () C:\Users\Flo\Desktop\Defogger.exe
2014-06-04 13:32 - 2014-06-03 23:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 13:32 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 13:32 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 13:29 - 2013-06-21 15:26 - 02030500 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 13:25 - 2013-09-26 17:49 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 13:25 - 2013-06-21 16:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-04 13:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 13:25 - 2009-07-14 06:51 - 00098512 _____ () C:\Windows\setupact.log
2014-06-04 01:25 - 2013-09-26 17:49 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 00:54 - 2014-06-04 00:54 - 00000619 _____ () C:\Users\Flo\Desktop\JRT.txt
2014-06-04 00:45 - 2013-06-21 16:50 - 00292958 _____ () C:\Windows\PFRO.log
2014-06-04 00:44 - 2014-06-04 00:12 - 00000000 ____D () C:\AdwCleaner
2014-06-04 00:17 - 2014-06-04 00:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 00:14 - 2009-07-14 19:58 - 00709884 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 00:14 - 2009-07-14 19:58 - 00154320 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 00:14 - 2009-07-14 07:13 - 01649420 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 00:09 - 2014-06-04 00:10 - 01327971 _____ () C:\Users\Flo\Desktop\adwcleaner_3.211.exe
2014-06-04 00:09 - 2014-06-04 00:10 - 01016261 _____ (Thisisu) C:\Users\Flo\Desktop\JRT.exe
2014-06-03 23:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-06-03 23:41 - 2014-06-03 04:04 - 00000000 ____D () C:\temp
2014-06-03 23:27 - 2014-06-03 23:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 23:26 - 2014-06-03 23:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Flo\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 23:12 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-03 05:28 - 2014-06-03 04:36 - 00027596 _____ () C:\Users\Flo\Documents\Mein Film.wlmp
2014-06-03 04:13 - 2014-06-03 04:13 - 00000000 ____D () C:\Windows\de
2014-06-03 04:13 - 2014-06-03 04:09 - 00000000 ____D () C:\Users\Flo\AppData\Local\Windows Live
2014-06-03 04:12 - 2014-06-03 04:12 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-03 04:12 - 2014-06-03 04:11 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-03 04:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-03 04:10 - 2013-11-13 02:48 - 00027748 _____ () C:\Windows\DirectX.log
2014-06-03 03:10 - 2014-05-04 00:47 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\XnView
2014-06-03 03:01 - 2013-06-26 02:33 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\vlc
2014-06-03 02:48 - 2014-06-03 02:48 - 00001050 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-03 02:47 - 2014-06-03 02:25 - 00000000 ____D () C:\Users\Flo\Desktop\blade
2014-05-28 00:37 - 2013-06-21 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-28 00:37 - 2013-06-21 16:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-22 15:37 - 2013-09-26 17:50 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 00:55 - 2014-03-22 17:33 - 00001370 _____ () C:\Users\Flo\Documents\PhoenixLauncher.log
2014-05-21 00:54 - 2014-03-22 17:34 - 00002632 _____ () C:\Users\Flo\Documents\PhoenixUpdateInstaller.log
2014-05-21 00:00 - 2013-06-23 04:08 - 00000000 ____D () C:\Users\Flo\AppData\Local\PokerStars.EU
2014-05-20 04:44 - 2014-05-28 00:33 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-28 00:33 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-01-25 19:51 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2013-07-02 22:39 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2013-07-02 22:39 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 04:44 - 2013-02-26 00:32 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2009-07-13 23:59 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2013-06-21 16:29 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-28 00:37 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 21:44 - 2014-05-19 21:42 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\GameMaker-Studio
2014-05-19 21:43 - 2013-10-02 00:57 - 00000000 ____D () C:\Users\Flo\AppData\Local\GameMaker-Studio
2014-05-17 17:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 22:51 - 2014-04-28 23:19 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 20:14 - 2013-06-21 15:30 - 00000000 ___RD () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 20:14 - 2013-06-21 15:30 - 00000000 ___RD () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 03:47 - 2014-05-06 15:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 03:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-16 03:02 - 2013-07-31 10:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 03:01 - 2013-06-23 02:17 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 01:49 - 2014-05-28 00:36 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 18:37 - 2014-05-14 18:37 - 00000668 _____ () C:\Users\Public\Desktop\Guitar Pro 6.lnk
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2014-05-14 18:36 - 2014-05-14 18:34 - 149385851 _____ (Arobas Music ) C:\Users\Flo\Downloads\Guitar_Pro_6.exe
2014-05-12 07:26 - 2014-06-03 23:27 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 23:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 23:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 00:02 - 2014-04-01 14:13 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Awesomium
2014-05-09 08:14 - 2014-05-15 13:44 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 13:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 19:49 - 2013-11-10 04:56 - 00000000 ____D () C:\Users\Flo\Desktop\ds
2014-05-07 17:20 - 2013-09-26 17:49 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 17:20 - 2013-09-26 17:49 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 02:46 - 2014-05-16 03:02 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-16 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-16 03:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-16 03:02 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-16 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 03:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\Gw2.exe
C:\Users\Flo\AppData\Local\Temp\kin124B.tmp-installer.exe
C:\Users\Flo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Flo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Flo\AppData\Local\Temp\nvStInst.exe
C:\Users\Flo\AppData\Local\Temp\Quarantine.exe
C:\Users\Flo\AppData\Local\Temp\SIInvoker.exe
C:\Users\Flo\AppData\Local\Temp\SpOrder.dll
C:\Users\Flo\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Flo\AppData\Local\Temp\updatey.exe
C:\Users\Flo\AppData\Local\Temp\updatey_6.0.0.exe
C:\Users\Flo\AppData\Local\Temp\updatez.exe
C:\Users\Flo\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:10

==================== End Of Log ============================
Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Flo at 2014-06-04 13:45:40
Running from C:\Users\Flo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

„Der Herr der Ringe Online™“ v1100.0052.1373.8030 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1100.0052.1373.8030 - Turbine, Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
bwin Poker (HKLM-x32\...\bwincomPoker) (Version:  - bwincom)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Video Editor version 1.4.0.530 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.0.530 - DVDVideoSoft Ltd.)
GameMaker-Studio 1.2 (HKCU\...\GameMaker-Studio12) (Version:  - YoYo Games Ltd.)
Genesis (HKCU\...\genesis_06030204) (Version:  - ) <==== ATTENTION
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PF Macro Recorder 1.0 (HKLM-x32\...\PF Macro Recorder_is1) (Version:  - Beneton Software)
Phoenix R/C® (HKLM-x32\...\PhoenixRC) (Version: 5.0.q - Runtime Games Ltd)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PokerOffice (remove only) (HKCU\...\PokerOffice5) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)

==================== Restore Points  =========================

27-05-2014 22:06:40 DirectX wurde installiert
29-05-2014 14:21:14 Windows Update
02-06-2014 12:45:08 Windows Update
03-06-2014 02:09:25 Windows Live Essentials
03-06-2014 02:10:04 DirectX wurde installiert
03-06-2014 02:10:32 DirectX wurde installiert
03-06-2014 02:10:56 DirectX wurde installiert
03-06-2014 02:11:54 WLSetup

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {478C33BC-FFFA-4EF6-9F91-D129B700FBCE} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {973ED2EB-5053-4EFC-A8ED-3F95DCCC4258} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26] (Google Inc.)
Task: {AD296D1F-187F-4D0D-9352-9212D83C6A82} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {AE305B1F-7C42-4AA3-8C8E-A142C4714569} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-21 16:29 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-03 04:04 - 2014-06-03 04:04 - 02703360 _____ () C:\Users\Flo\AppData\Local\Genesis_06030204\Genesis_06030204.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: NEC PCI-zu-USB Open Host-Controller
Description: NEC PCI-zu-USB Open Host-Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: NEC
Service: usbohci
Problem: : Your computer's system firmware does not include enough information to properly configure and use this device. To use this device, contact your computer manufacturer to obtain a firmware or BIOS update. (Code 35)
Resolution: The Multiprocessor System (MPS) table, which stores the resource assignments for the BIOS, is missing an entry for your device and needs to be updated.
Obtain a new BIOS from the system vendor.

Name: Standard PCI-zu-USB erweiterter Hostcontroller
Description: Standard PCI-zu-USB erweiterter Hostcontroller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: usbehci
Problem: : Your computer's system firmware does not include enough information to properly configure and use this device. To use this device, contact your computer manufacturer to obtain a firmware or BIOS update. (Code 35)
Resolution: The Multiprocessor System (MPS) table, which stores the resource assignments for the BIOS, is missing an entry for your device and needs to be updated.
Obtain a new BIOS from the system vendor.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/04/2014 01:15:49 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{F7A6AE6F-57EA-4E89-A164-2584B798290D}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 6143.18 MB
Available physical RAM: 4486.1 MB
Total Pagefile: 12284.54 MB
Available Pagefile: 10470.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:123.96 GB) (Free:56.61 GB) NTFS
Drive d: (Daten) (Fixed) (Total:341.79 GB) (Free:235.29 GB) NTFS
Drive e: (Platz1) (Fixed) (Total:97.65 GB) (Free:70.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Platz2) (Fixed) (Total:88.65 GB) (Free:70.58 GB) NTFS
Drive g: (BEGINNER_LIVE) (CDROM) (Total:5.99 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2927F957)
Partition 1: (Not Active) - (Size=124 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=342 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: DCBEDCBE)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=89 GB) - (Type=OF Extended)

==================== End Of Log ============================
gmer:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-04 13:54:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AUDX-63WNHY0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Flo\AppData\Local\Temp\uwldypow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    0000000076381465 2 bytes [38, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000763814bb 2 bytes [38, 76]
.text    ...                                                                                                                                                                                  * 2
.text    C:\Users\Flo\AppData\Local\Genesis_06030204\Genesis_06030204.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000076381465 2 bytes [38, 76]
.text    C:\Users\Flo\AppData\Local\Genesis_06030204\Genesis_06030204.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000763814bb 2 bytes [38, 76]
.text    ...                                                                                                                                                                                  * 2
---- Processes - GMER 2.1 ----

Process  C:\Users\Flo\AppData\Local\Genesis_06030204\Genesis_06030204.exe (*** suspicious ***) @ C:\Users\Flo\AppData\Local\Genesis_06030204\Genesis_06030204.exe [952](2014-06-03 02:04:28)  0000000000400000

---- EOF - GMER 2.1 ----
Ich hoffe ich habe alles richtig gepostet.
Danke schonmal in Vorraus für die Mühe.
Gruß Flo

schrauber 04.06.2014 14:27
hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

EizFlo 04.06.2014 16:30
hi,

Hier die Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Flo at 2014-06-04 16:40:32 Run:1
Running from C:\Users\Flo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
       
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
2 Programme konnte ich nicht löschen mit Revo.

Combofix meinte das Microsoft Security Essentials aktiviert wäre.
Der PC wurde nicht automatisch neu gestartet. Es kam der Abmeldesound aber mehr nicht.Ich habe ca 10min gewartet nachdem der Combofix.txt auf dem Bildschirm aufgetaucht ist. Dann habe ich ganz normal neugestartet. Es kam keine Fehlermeldung.

Combofix.txt :

Code:
ComboFix 14-06-04.01 - Flo 04.06.2014  17:06:00.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.6143.4493 [GMT 2:00]
ausgeführt von:: c:\users\Flo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Flo\AppData\Local\Microsoft\Windows\Temporary Internet Files\66b8d7e7-0c40-43cd-ba7b-f7364d8e3e89.jpg
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-04 bis 2014-06-04  ))))))))))))))))))))))))))))))
.
.
2014-06-04 15:11 . 2014-06-04 15:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-06-04 14:42 . 2014-06-04 14:42        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-06-04 11:44 . 2014-06-04 14:40        --------        d-----w-        C:\FRST
2014-06-03 22:44 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-06-03 22:17 . 2014-06-03 22:17        --------        d-----w-        c:\windows\ERUNT
2014-06-03 22:12 . 2014-06-03 22:44        --------        d-----w-        C:\AdwCleaner
2014-06-03 21:27 . 2014-06-04 12:25        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-03 21:27 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-06-03 21:27 . 2014-06-03 21:27        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-03 21:27 . 2014-06-03 21:27        --------        d-----w-        c:\programdata\Malwarebytes
2014-06-03 21:27 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-06-03 21:27 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-06-03 21:14 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03440661-6C1A-433C-AC95-7F38ADF5E978}\mpengine.dll
2014-06-03 02:13 . 2014-06-03 02:13        --------        d-----w-        c:\windows\de
2014-06-03 02:12 . 2014-06-03 02:12        --------        d-----w-        c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-06-03 02:12 . 2014-06-03 02:12        --------        d-----w-        c:\windows\PCHEALTH
2014-06-03 02:11 . 2014-06-03 02:12        --------        d-----w-        c:\program files (x86)\Windows Live
2014-06-03 02:09 . 2014-06-03 02:13        --------        d-----w-        c:\users\Flo\AppData\Local\Windows Live
2014-06-03 02:05 . 2014-06-03 02:05        --------        d-----w-        c:\program files (x86)\Common Files\Windows Live
2014-06-03 02:04 . 2014-06-03 21:41        --------        d-----w-        C:\temp
2014-06-03 00:48 . 2014-06-03 00:48        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2014-06-03 00:48 . 2014-06-03 00:48        --------        d-----w-        c:\users\Flo\AppData\Roaming\DVDVideoSoft
2014-06-02 12:45 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-27 22:37 . 2014-05-19 23:10        601432        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2014-05-27 22:36 . 2014-05-14 23:49        3774821        ----a-w-        c:\windows\system32\nvcoproc.bin
2014-05-27 22:05 . 2014-03-31 16:42        40392        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys
2014-05-27 22:05 . 2014-03-31 16:42        34760        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll
2014-05-24 12:24 . 2014-05-02 14:47        1031560        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98A73E87-1933-4BF6-82D1-2B17BCAFFF6A}\gapaengine.dll
2014-05-19 19:42 . 2014-05-19 19:44        --------        d-----w-        c:\users\Flo\AppData\Roaming\GameMaker-Studio
2014-05-16 01:02 . 2014-05-06 00:21        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-16 01:02 . 2014-05-05 23:14        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-05-16 01:02 . 2014-05-06 00:46        17847808        ----a-w-        c:\windows\system32\mshtml.dll
2014-05-16 01:02 . 2014-05-06 00:21        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2014-05-15 11:43 . 2014-04-12 02:22        155072        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-05-14 16:37 . 2014-05-14 16:37        --------        d-----w-        c:\users\Flo\AppData\Roaming\Guitar Pro 6
2014-05-14 16:37 . 2014-05-14 16:37        --------        d-----w-        c:\programdata\Guitar Pro 6
2014-05-07 12:28 . 2014-05-07 12:28        --------        d-----w-        c:\users\Flo\AppData\Local\Diagnostics
2014-05-06 13:32 . 2014-05-16 01:47        --------        d-s---w-        c:\windows\system32\CompatTel
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 02:12 . 2012-07-17 12:37        23264        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-05-20 02:44 . 2014-01-25 17:51        16003912        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2013-07-02 20:39        2730208        ----a-w-        c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-07-02 20:39        14434704        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-06-21 14:29        61216        ----a-w-        c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2013-06-21 14:29        52056        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2014-05-20 02:44 . 2013-06-21 14:29        3109248        ----a-w-        c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-02-25 22:32        17480432        ----a-w-        c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2009-07-13 21:59        18531568        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2014-05-20 01:25 . 2013-06-21 14:29        6769096        ----a-w-        c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-06-21 14:29        3514144        ----a-w-        c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-06-21 14:29        927520        ----a-w-        c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-06-21 14:29        62808        ----a-w-        c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-06-21 14:29        387528        ----a-w-        c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2013-06-21 14:29        2560968        ----a-w-        c:\windows\system32\nvsvcr.dll
2014-05-16 01:01 . 2013-06-23 00:17        93223848        ----a-w-        c:\windows\system32\MRT.exe
2014-05-02 14:47 . 2013-07-18 13:35        1031560        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-30 18:29 . 2013-10-29 21:26        1081112        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-10-29 21:26        1225920        ----a-w-        c:\windows\system32\nvspcap64.dll
2014-03-31 19:34 . 2014-03-31 19:34        322248        ----a-w-        c:\windows\WLXPGSS.SCR
2014-03-31 16:42 . 2013-10-10 13:10        37320        ----a-w-        c:\windows\system32\nvaudcap64v.dll
2014-03-21 09:46 . 2014-03-21 09:46        152848        ----a-w-        c:\windows\SysWow64\comdlg32.ocx
2014-03-21 09:46 . 2014-03-21 09:46        1081616        ----a-w-        c:\windows\SysWow64\mscomctl.ocx
2014-03-11 07:52 . 2013-01-20 13:59        133928        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-08 04:06 . 2014-04-10 01:00        10926592        ----a-w-        c:\windows\system32\ieframe.dll
2014-03-08 03:49 . 2014-04-10 01:00        2334720        ----a-w-        c:\windows\system32\jscript9.dll
2014-03-08 03:41 . 2014-04-10 01:00        1347072        ----a-w-        c:\windows\system32\urlmon.dll
2014-03-08 03:40 . 2014-04-10 01:00        1392128        ----a-w-        c:\windows\system32\wininet.dll
2014-03-08 03:39 . 2014-04-10 01:00        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-03-08 03:38 . 2014-04-10 01:00        237056        ----a-w-        c:\windows\system32\url.dll
2014-03-08 03:37 . 2014-04-10 01:00        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2014-03-08 03:34 . 2014-04-10 01:00        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-03-08 03:34 . 2014-04-10 01:00        816640        ----a-w-        c:\windows\system32\jscript.dll
2014-03-08 03:33 . 2014-04-10 01:00        599040        ----a-w-        c:\windows\system32\vbscript.dll
2014-03-08 03:32 . 2014-04-10 01:00        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2014-03-08 03:32 . 2014-04-10 01:00        2147840        ----a-w-        c:\windows\system32\iertutil.dll
2014-03-08 03:24 . 2014-04-10 01:00        248320        ----a-w-        c:\windows\system32\ieui.dll
2014-03-07 23:12 . 2014-04-10 01:00        1806848        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-03-07 23:02 . 2014-04-10 01:00        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-03-07 23:02 . 2014-04-10 01:00        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-03-07 22:57 . 2014-04-10 01:00        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-03-07 22:56 . 2014-04-10 01:00        421376        ----a-w-        c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UWLDYPOW
*Deregistered* - uwldypow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 13:26        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 15:49]
.
2014-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 15:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-POEngine5 - (no file)
Wow6432Node-HKCU-Run-chfipqw - c:\programdata\chfipqw.dat
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-04  17:14:18
ComboFix-quarantined-files.txt  2014-06-04 15:14
.
Vor Suchlauf: 11 Verzeichnis(se), 59.770.654.720 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 61.496.172.544 Bytes frei
.
- - End Of File - - 3C0BA629582198B16DED8659D216FD7B
A36C5E4F47E84449FF07ED3517B43A31

schrauber 05.06.2014 13:51
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

EizFlo 05.06.2014 14:34
mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.06.2014
Suchlauf-Zeit: 15:08:18
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.05.08
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Flo

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 266290
Verstrichene Zeit: 7 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
adwCleaner:
Code:
# AdwCleaner v3.211 - Bericht erstellt am 05/06/2014 um 15:19:14
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Flo - FLO-PC
# Gestartet von : C:\Users\Flo\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3216 octets] - [04/06/2014 00:12:12]
AdwCleaner[R1].txt - [1059 octets] - [04/06/2014 00:44:18]
AdwCleaner[R2].txt - [1086 octets] - [05/06/2014 15:18:26]
AdwCleaner[S0].txt - [3166 octets] - [04/06/2014 00:13:20]
AdwCleaner[S1].txt - [1070 octets] - [04/06/2014 00:44:48]
AdwCleaner[S2].txt - [1008 octets] - [05/06/2014 15:19:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1068 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Flo on 05.06.2014 at 15:21:41,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.2014 at 15:27:12,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Flo (administrator) on FLO-PC on 05-06-2014 15:27:37
Running from C:\Users\Flo\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8A4C01FB36FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} hxxp://www.king.com/ctl/kingcomie.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - c:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.919.433.1_0\plugin/ace.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (VLC Web Plugin) - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Docs) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (YouTube) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-26]
CHR Extension: (Google-Suche) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-26]
CHR Extension: (Hangouts) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-09-26]
CHR Extension: (Google Wallet) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Google Mail) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-26]

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 15:27 - 2014-06-05 15:27 - 00009965 _____ () C:\Users\Flo\Desktop\FRST.txt
2014-06-05 15:27 - 2014-06-05 15:27 - 00000619 _____ () C:\Users\Flo\Desktop\JRT.txt
2014-06-05 15:15 - 2014-06-05 15:15 - 00001154 _____ () C:\Users\Flo\Desktop\mbam.txt
2014-06-04 17:14 - 2014-06-04 17:14 - 00019234 _____ () C:\ComboFix.txt
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-04 17:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-04 17:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-04 17:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-04 17:00 - 2014-06-04 17:14 - 00000000 ____D () C:\Qoobox
2014-06-04 17:00 - 2014-06-04 17:13 - 00000000 ____D () C:\Windows\erdnt
2014-06-04 16:57 - 2014-06-04 16:57 - 05205146 ____R (Swearware) C:\Users\Flo\Desktop\ComboFix.exe
2014-06-04 16:42 - 2014-06-04 16:42 - 00001268 _____ () C:\Users\Flo\Desktop\Revo Uninstaller.lnk
2014-06-04 16:42 - 2014-06-04 16:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-04 16:41 - 2014-06-04 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Flo\Downloads\revosetup95.exe
2014-06-04 14:37 - 2014-06-04 14:37 - 01110476 _____ () C:\Users\Flo\Downloads\7z920.exe
2014-06-04 14:37 - 2014-06-04 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-04 13:46 - 2014-06-04 13:46 - 00380416 _____ () C:\Users\Flo\Desktop\Gmer-19357.exe
2014-06-04 13:44 - 2014-06-05 15:27 - 00000000 ____D () C:\FRST
2014-06-04 13:43 - 2014-06-04 13:43 - 02068992 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe
2014-06-04 13:41 - 2014-06-04 13:41 - 00000000 _____ () C:\Users\Flo\defogger_reenable
2014-06-04 13:39 - 2014-06-04 13:39 - 00050477 _____ () C:\Users\Flo\Desktop\Defogger.exe
2014-06-04 00:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 00:17 - 2014-06-04 00:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 00:12 - 2014-06-05 15:19 - 00000000 ____D () C:\AdwCleaner
2014-06-04 00:10 - 2014-06-04 00:09 - 01327971 _____ () C:\Users\Flo\Desktop\adwcleaner_3.211.exe
2014-06-04 00:10 - 2014-06-04 00:09 - 01016261 _____ (Thisisu) C:\Users\Flo\Desktop\JRT.exe
2014-06-03 23:27 - 2014-06-05 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 23:27 - 2014-06-03 23:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 23:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 23:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 23:25 - 2014-06-03 23:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Flo\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 04:36 - 2014-06-03 05:28 - 00027596 _____ () C:\Users\Flo\Documents\Mein Film.wlmp
2014-06-03 04:13 - 2014-06-03 04:13 - 00000000 ____D () C:\Windows\de
2014-06-03 04:12 - 2014-06-03 04:12 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-03 04:11 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-03 04:09 - 2014-06-03 04:13 - 00000000 ____D () C:\Users\Flo\AppData\Local\Windows Live
2014-06-03 04:04 - 2014-06-03 23:41 - 00000000 ____D () C:\temp
2014-06-03 03:22 - 2013-01-01 21:37 - 123502592 _____ () C:\Users\Flo\Desktop\MOVI0006.avi
2014-06-03 03:22 - 2013-01-01 21:35 - 838434816 _____ () C:\Users\Flo\Desktop\MOVI0005.avi
2014-06-03 02:48 - 2014-06-03 02:48 - 00001050 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-03 02:25 - 2014-06-03 02:47 - 00000000 ____D () C:\Users\Flo\Desktop\blade
2014-05-28 00:37 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-28 00:36 - 2014-05-15 01:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-28 00:33 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-28 00:33 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-28 00:05 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-28 00:05 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-19 21:42 - 2014-05-19 21:44 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\GameMaker-Studio
2014-05-16 03:02 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 03:02 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 03:02 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 03:02 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 03:02 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 03:02 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 13:44 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 13:44 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 13:44 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:44 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:44 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:44 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:44 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:43 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:43 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:43 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:43 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:43 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:43 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:43 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:43 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:43 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:37 - 2014-05-14 18:37 - 00000668 _____ () C:\Users\Public\Desktop\Guitar Pro 6.lnk
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2014-05-14 18:34 - 2014-05-14 18:36 - 149385851 _____ (Arobas Music ) C:\Users\Flo\Downloads\Guitar_Pro_6.exe
2014-05-06 15:32 - 2014-05-16 03:47 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-05 15:27 - 2014-06-05 15:27 - 00009965 _____ () C:\Users\Flo\Desktop\FRST.txt
2014-06-05 15:27 - 2014-06-05 15:27 - 00000619 _____ () C:\Users\Flo\Desktop\JRT.txt
2014-06-05 15:27 - 2014-06-04 13:44 - 00000000 ____D () C:\FRST
2014-06-05 15:27 - 2013-06-21 15:30 - 00000000 ____D () C:\Users\Flo\AppData\Local\Temp
2014-06-05 15:27 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 15:27 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 15:25 - 2013-09-26 17:49 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 15:20 - 2014-06-03 23:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 15:20 - 2013-09-26 17:49 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 15:20 - 2013-06-21 16:50 - 00293808 _____ () C:\Windows\PFRO.log
2014-06-05 15:20 - 2013-06-21 16:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-05 15:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 15:20 - 2009-07-14 06:51 - 00099352 _____ () C:\Windows\setupact.log
2014-06-05 15:19 - 2014-06-04 00:12 - 00000000 ____D () C:\AdwCleaner
2014-06-05 15:19 - 2013-06-21 15:26 - 01101581 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 15:15 - 2014-06-05 15:15 - 00001154 _____ () C:\Users\Flo\Desktop\mbam.txt
2014-06-05 04:11 - 2014-03-22 17:33 - 00000466 _____ () C:\Users\Flo\Documents\PhoenixLauncher.log
2014-06-04 17:14 - 2014-06-04 17:14 - 00019234 _____ () C:\ComboFix.txt
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:00 - 00000000 ____D () C:\Qoobox
2014-06-04 17:13 - 2014-06-04 17:00 - 00000000 ____D () C:\Windows\erdnt
2014-06-04 17:12 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-04 16:57 - 2014-06-04 16:57 - 05205146 ____R (Swearware) C:\Users\Flo\Desktop\ComboFix.exe
2014-06-04 16:42 - 2014-06-04 16:42 - 00001268 _____ () C:\Users\Flo\Desktop\Revo Uninstaller.lnk
2014-06-04 16:42 - 2014-06-04 16:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-04 16:41 - 2014-06-04 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Flo\Downloads\revosetup95.exe
2014-06-04 14:37 - 2014-06-04 14:37 - 01110476 _____ () C:\Users\Flo\Downloads\7z920.exe
2014-06-04 14:37 - 2014-06-04 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-04 13:46 - 2014-06-04 13:46 - 00380416 _____ () C:\Users\Flo\Desktop\Gmer-19357.exe
2014-06-04 13:43 - 2014-06-04 13:43 - 02068992 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe
2014-06-04 13:41 - 2014-06-04 13:41 - 00000000 _____ () C:\Users\Flo\defogger_reenable
2014-06-04 13:41 - 2013-06-21 15:30 - 00000000 ____D () C:\Users\Flo
2014-06-04 13:39 - 2014-06-04 13:39 - 00050477 _____ () C:\Users\Flo\Desktop\Defogger.exe
2014-06-04 00:17 - 2014-06-04 00:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 00:14 - 2009-07-14 19:58 - 00709884 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 00:14 - 2009-07-14 19:58 - 00154320 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 00:14 - 2009-07-14 07:13 - 01649420 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 00:09 - 2014-06-04 00:10 - 01327971 _____ () C:\Users\Flo\Desktop\adwcleaner_3.211.exe
2014-06-04 00:09 - 2014-06-04 00:10 - 01016261 _____ (Thisisu) C:\Users\Flo\Desktop\JRT.exe
2014-06-03 23:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-06-03 23:41 - 2014-06-03 04:04 - 00000000 ____D () C:\temp
2014-06-03 23:27 - 2014-06-03 23:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 23:26 - 2014-06-03 23:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Flo\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 23:12 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-03 05:28 - 2014-06-03 04:36 - 00027596 _____ () C:\Users\Flo\Documents\Mein Film.wlmp
2014-06-03 04:13 - 2014-06-03 04:13 - 00000000 ____D () C:\Windows\de
2014-06-03 04:13 - 2014-06-03 04:09 - 00000000 ____D () C:\Users\Flo\AppData\Local\Windows Live
2014-06-03 04:12 - 2014-06-03 04:12 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-03 04:12 - 2014-06-03 04:11 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-03 04:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-03 04:10 - 2013-11-13 02:48 - 00027748 _____ () C:\Windows\DirectX.log
2014-06-03 03:10 - 2014-05-04 00:47 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\XnView
2014-06-03 03:01 - 2013-06-26 02:33 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\vlc
2014-06-03 02:48 - 2014-06-03 02:48 - 00001050 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-03 02:47 - 2014-06-03 02:25 - 00000000 ____D () C:\Users\Flo\Desktop\blade
2014-05-28 00:37 - 2013-06-21 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-28 00:37 - 2013-06-21 16:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-22 15:37 - 2013-09-26 17:50 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 00:54 - 2014-03-22 17:34 - 00002632 _____ () C:\Users\Flo\Documents\PhoenixUpdateInstaller.log
2014-05-21 00:00 - 2013-06-23 04:08 - 00000000 ____D () C:\Users\Flo\AppData\Local\PokerStars.EU
2014-05-20 04:44 - 2014-05-28 00:33 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-28 00:33 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-01-25 19:51 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2013-07-02 22:39 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2013-07-02 22:39 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 04:44 - 2013-02-26 00:32 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2009-07-13 23:59 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2013-06-21 16:29 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-28 00:37 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 21:44 - 2014-05-19 21:42 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\GameMaker-Studio
2014-05-19 21:43 - 2013-10-02 00:57 - 00000000 ____D () C:\Users\Flo\AppData\Local\GameMaker-Studio
2014-05-17 17:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 22:51 - 2014-04-28 23:19 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 20:14 - 2013-06-21 15:30 - 00000000 ___RD () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 20:14 - 2013-06-21 15:30 - 00000000 ___RD () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 03:47 - 2014-05-06 15:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 03:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-16 03:02 - 2013-07-31 10:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 03:01 - 2013-06-23 02:17 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 01:49 - 2014-05-28 00:36 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 18:37 - 2014-05-14 18:37 - 00000668 _____ () C:\Users\Public\Desktop\Guitar Pro 6.lnk
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2014-05-14 18:36 - 2014-05-14 18:34 - 149385851 _____ (Arobas Music ) C:\Users\Flo\Downloads\Guitar_Pro_6.exe
2014-05-12 07:26 - 2014-06-03 23:27 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 23:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 23:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 00:02 - 2014-04-01 14:13 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Awesomium
2014-05-09 08:14 - 2014-05-15 13:44 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 13:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 19:49 - 2013-11-10 04:56 - 00000000 ____D () C:\Users\Flo\Desktop\ds
2014-05-07 17:20 - 2013-09-26 17:49 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 17:20 - 2013-09-26 17:49 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 02:46 - 2014-05-16 03:02 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-16 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-16 03:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-16 03:02 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-16 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 03:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:10

==================== End Of Log ============================
--- --- ---

schrauber 06.06.2014 11:42

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

EizFlo 06.06.2014 15:57
hi,

also sieht ganz gut aus:)
die Werbung ist weg und Security Essentials lässt sich wieder starten.
Vielen Dank nochmal für die Hilfe.

hier noch die logs:
Ich hatte Security Essentials deaktiviert, Eset meinte es wär noch aktiv oder es war nur eine Meldung das es vorhanden ist, das konnte ich leider nicht genau herauslesen.

Eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=0b667916196f864b8c3da43741fb2fc0
# engine=18591
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-06 02:37:37
# local_time=2014-06-06 04:37:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4743401 43378773 0 0
# scanned=200579
# found=3
# cleaned=0
# scan_time=7150
sh=00296EB40204D30FD5B4B220EBAFC2B97522A423 ft=1 fh=9fa89cafc350b3f5 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Flo\Downloads\Downloader_fuer_TV_Total_Nippelboard_1.0.exe"
sh=39CBE0732ADA69A3D33EE0CF2D3D99CF103952CF ft=1 fh=c2f98b2cb92ce22d vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="E:\Nero.Premium.Edition.v7.10.1.0.German-DVT\Nero.Premium.Edition.v7.10.1.0.German-DVT\Nero-7.10.1.0_deu_trial.exe"
sh=18D5E8ED548EC54A33049503410F11C2B74E5C2F ft=1 fh=60227c27182a5392 vn="möglicherweise Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files (x86)\Common Files\Digidesign\DAE\Plug-Ins\Battery 3.dpm"
Security Check:
Code:
Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome 34.0.1847.137 
 Google Chrome 35.0.1916.114 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Flo (administrator) on FLO-PC on 06-06-2014 16:52:07
Running from C:\Users\Flo\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8A4C01FB36FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} hxxp://www.king.com/ctl/kingcomie.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - c:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.919.433.1_0\plugin/ace.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (VLC Web Plugin) - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Docs) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (YouTube) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-26]
CHR Extension: (Google-Suche) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-26]
CHR Extension: (Hangouts) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-09-26]
CHR Extension: (Google Wallet) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Google Mail) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-26]

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 16:52 - 2014-06-06 16:52 - 00010044 _____ () C:\Users\Flo\Desktop\FRST.txt
2014-06-06 16:51 - 2014-06-06 16:51 - 00000733 _____ () C:\Users\Flo\Desktop\checkup.txt
2014-06-06 16:51 - 2014-06-06 16:51 - 00000000 ____D () C:\Users\Flo\Desktop\FRST-OlderVersion
2014-06-06 16:47 - 2014-06-06 16:47 - 00854367 _____ () C:\Users\Flo\Desktop\SecurityCheck.exe
2014-06-06 14:16 - 2014-06-06 14:16 - 02347384 _____ (ESET) C:\Users\Flo\Downloads\esetsmartinstaller_deu.exe
2014-06-04 17:14 - 2014-06-04 17:14 - 00019234 _____ () C:\ComboFix.txt
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-04 17:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-04 17:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-04 17:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-04 17:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-04 17:00 - 2014-06-04 17:14 - 00000000 ____D () C:\Qoobox
2014-06-04 17:00 - 2014-06-04 17:13 - 00000000 ____D () C:\Windows\erdnt
2014-06-04 16:57 - 2014-06-04 16:57 - 05205146 ____R (Swearware) C:\Users\Flo\Desktop\ComboFix.exe
2014-06-04 16:42 - 2014-06-04 16:42 - 00001268 _____ () C:\Users\Flo\Desktop\Revo Uninstaller.lnk
2014-06-04 16:42 - 2014-06-04 16:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-04 16:41 - 2014-06-04 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Flo\Downloads\revosetup95.exe
2014-06-04 14:37 - 2014-06-04 14:37 - 01110476 _____ () C:\Users\Flo\Downloads\7z920.exe
2014-06-04 14:37 - 2014-06-04 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-04 13:46 - 2014-06-04 13:46 - 00380416 _____ () C:\Users\Flo\Desktop\Gmer-19357.exe
2014-06-04 13:44 - 2014-06-06 16:52 - 00000000 ____D () C:\FRST
2014-06-04 13:43 - 2014-06-06 16:51 - 02072576 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe
2014-06-04 13:41 - 2014-06-04 13:41 - 00000000 _____ () C:\Users\Flo\defogger_reenable
2014-06-04 13:39 - 2014-06-04 13:39 - 00050477 _____ () C:\Users\Flo\Desktop\Defogger.exe
2014-06-04 00:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 00:17 - 2014-06-04 00:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 00:12 - 2014-06-05 15:19 - 00000000 ____D () C:\AdwCleaner
2014-06-04 00:10 - 2014-06-04 00:09 - 01327971 _____ () C:\Users\Flo\Desktop\adwcleaner_3.211.exe
2014-06-04 00:10 - 2014-06-04 00:09 - 01016261 _____ (Thisisu) C:\Users\Flo\Desktop\JRT.exe
2014-06-03 23:27 - 2014-06-06 14:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 23:27 - 2014-06-03 23:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 23:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 23:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 23:25 - 2014-06-03 23:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Flo\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 04:36 - 2014-06-03 05:28 - 00027596 _____ () C:\Users\Flo\Documents\Mein Film.wlmp
2014-06-03 04:13 - 2014-06-03 04:13 - 00000000 ____D () C:\Windows\de
2014-06-03 04:12 - 2014-06-03 04:12 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-03 04:11 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-03 04:09 - 2014-06-03 04:13 - 00000000 ____D () C:\Users\Flo\AppData\Local\Windows Live
2014-06-03 04:04 - 2014-06-03 23:41 - 00000000 ____D () C:\temp
2014-06-03 03:22 - 2013-01-01 21:37 - 123502592 _____ () C:\Users\Flo\Desktop\MOVI0006.avi
2014-06-03 03:22 - 2013-01-01 21:35 - 838434816 _____ () C:\Users\Flo\Desktop\MOVI0005.avi
2014-06-03 02:48 - 2014-06-03 02:48 - 00001050 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-03 02:25 - 2014-06-03 02:47 - 00000000 ____D () C:\Users\Flo\Desktop\blade
2014-05-28 00:37 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-28 00:36 - 2014-05-15 01:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-28 00:33 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-28 00:33 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-28 00:33 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-28 00:05 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-28 00:05 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-19 21:42 - 2014-05-19 21:44 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\GameMaker-Studio
2014-05-16 03:02 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 03:02 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 03:02 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 03:02 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 03:02 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 03:02 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 13:44 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 13:44 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 13:44 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:44 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:44 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:44 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:44 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:44 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:43 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:43 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:43 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:43 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:43 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:43 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:43 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:43 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:43 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:43 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:43 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:43 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:37 - 2014-05-14 18:37 - 00000668 _____ () C:\Users\Public\Desktop\Guitar Pro 6.lnk
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2014-05-14 18:34 - 2014-05-14 18:36 - 149385851 _____ (Arobas Music ) C:\Users\Flo\Downloads\Guitar_Pro_6.exe

==================== One Month Modified Files and Folders =======

2014-06-06 16:52 - 2014-06-06 16:52 - 00010044 _____ () C:\Users\Flo\Desktop\FRST.txt
2014-06-06 16:52 - 2014-06-04 13:44 - 00000000 ____D () C:\FRST
2014-06-06 16:52 - 2013-06-21 15:30 - 00000000 ____D () C:\Users\Flo\AppData\Local\Temp
2014-06-06 16:51 - 2014-06-06 16:51 - 00000733 _____ () C:\Users\Flo\Desktop\checkup.txt
2014-06-06 16:51 - 2014-06-06 16:51 - 00000000 ____D () C:\Users\Flo\Desktop\FRST-OlderVersion
2014-06-06 16:51 - 2014-06-04 13:43 - 02072576 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe
2014-06-06 16:47 - 2014-06-06 16:47 - 00854367 _____ () C:\Users\Flo\Desktop\SecurityCheck.exe
2014-06-06 16:25 - 2013-09-26 17:49 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 14:36 - 2009-07-14 19:58 - 00709884 _____ () C:\Windows\system32\perfh007.dat
2014-06-06 14:36 - 2009-07-14 19:58 - 00154320 _____ () C:\Windows\system32\perfc007.dat
2014-06-06 14:36 - 2009-07-14 07:13 - 01649420 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-06 14:21 - 2013-06-21 15:26 - 01163198 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 14:16 - 2014-06-06 14:16 - 02347384 _____ (ESET) C:\Users\Flo\Downloads\esetsmartinstaller_deu.exe
2014-06-06 14:13 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 14:13 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 14:06 - 2014-06-03 23:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 14:05 - 2013-09-26 17:49 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 14:05 - 2013-06-21 16:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-06 14:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 14:05 - 2009-07-14 06:51 - 00099520 _____ () C:\Windows\setupact.log
2014-06-05 15:20 - 2013-06-21 16:50 - 00293808 _____ () C:\Windows\PFRO.log
2014-06-05 15:19 - 2014-06-04 00:12 - 00000000 ____D () C:\AdwCleaner
2014-06-05 04:11 - 2014-03-22 17:33 - 00000466 _____ () C:\Users\Flo\Documents\PhoenixLauncher.log
2014-06-04 17:14 - 2014-06-04 17:14 - 00019234 _____ () C:\ComboFix.txt
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-04 17:14 - 2014-06-04 17:00 - 00000000 ____D () C:\Qoobox
2014-06-04 17:13 - 2014-06-04 17:00 - 00000000 ____D () C:\Windows\erdnt
2014-06-04 17:12 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-04 16:57 - 2014-06-04 16:57 - 05205146 ____R (Swearware) C:\Users\Flo\Desktop\ComboFix.exe
2014-06-04 16:42 - 2014-06-04 16:42 - 00001268 _____ () C:\Users\Flo\Desktop\Revo Uninstaller.lnk
2014-06-04 16:42 - 2014-06-04 16:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-04 16:41 - 2014-06-04 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Flo\Downloads\revosetup95.exe
2014-06-04 14:37 - 2014-06-04 14:37 - 01110476 _____ () C:\Users\Flo\Downloads\7z920.exe
2014-06-04 14:37 - 2014-06-04 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-04 13:46 - 2014-06-04 13:46 - 00380416 _____ () C:\Users\Flo\Desktop\Gmer-19357.exe
2014-06-04 13:41 - 2014-06-04 13:41 - 00000000 _____ () C:\Users\Flo\defogger_reenable
2014-06-04 13:41 - 2013-06-21 15:30 - 00000000 ____D () C:\Users\Flo
2014-06-04 13:39 - 2014-06-04 13:39 - 00050477 _____ () C:\Users\Flo\Desktop\Defogger.exe
2014-06-04 00:17 - 2014-06-04 00:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 00:09 - 2014-06-04 00:10 - 01327971 _____ () C:\Users\Flo\Desktop\adwcleaner_3.211.exe
2014-06-04 00:09 - 2014-06-04 00:10 - 01016261 _____ (Thisisu) C:\Users\Flo\Desktop\JRT.exe
2014-06-03 23:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-06-03 23:41 - 2014-06-03 04:04 - 00000000 ____D () C:\temp
2014-06-03 23:27 - 2014-06-03 23:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 23:27 - 2014-06-03 23:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 23:26 - 2014-06-03 23:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Flo\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 23:12 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-03 05:28 - 2014-06-03 04:36 - 00027596 _____ () C:\Users\Flo\Documents\Mein Film.wlmp
2014-06-03 04:13 - 2014-06-03 04:13 - 00000000 ____D () C:\Windows\de
2014-06-03 04:13 - 2014-06-03 04:09 - 00000000 ____D () C:\Users\Flo\AppData\Local\Windows Live
2014-06-03 04:12 - 2014-06-03 04:12 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-03 04:12 - 2014-06-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-03 04:12 - 2014-06-03 04:11 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-03 04:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-03 04:10 - 2013-11-13 02:48 - 00027748 _____ () C:\Windows\DirectX.log
2014-06-03 03:10 - 2014-05-04 00:47 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\XnView
2014-06-03 03:01 - 2013-06-26 02:33 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\vlc
2014-06-03 02:48 - 2014-06-03 02:48 - 00001050 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft
2014-06-03 02:48 - 2014-06-03 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-03 02:47 - 2014-06-03 02:25 - 00000000 ____D () C:\Users\Flo\Desktop\blade
2014-05-28 00:37 - 2013-06-21 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-28 00:37 - 2013-06-21 16:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-22 15:37 - 2013-09-26 17:50 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 00:54 - 2014-03-22 17:34 - 00002632 _____ () C:\Users\Flo\Documents\PhoenixUpdateInstaller.log
2014-05-21 00:00 - 2013-06-23 04:08 - 00000000 ____D () C:\Users\Flo\AppData\Local\PokerStars.EU
2014-05-20 04:44 - 2014-05-28 00:33 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-28 00:33 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-28 00:33 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-01-25 19:51 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2013-07-02 22:39 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2013-07-02 22:39 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 04:44 - 2013-06-21 16:29 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 04:44 - 2013-02-26 00:32 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2009-07-13 23:59 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2013-06-21 16:29 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2013-06-21 16:29 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-28 00:37 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 21:44 - 2014-05-19 21:42 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\GameMaker-Studio
2014-05-19 21:43 - 2013-10-02 00:57 - 00000000 ____D () C:\Users\Flo\AppData\Local\GameMaker-Studio
2014-05-17 17:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 22:51 - 2014-04-28 23:19 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 20:14 - 2013-06-21 15:30 - 00000000 ___RD () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 20:14 - 2013-06-21 15:30 - 00000000 ___RD () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 03:47 - 2014-05-06 15:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 03:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-16 03:02 - 2013-07-31 10:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 03:01 - 2013-06-23 02:17 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 01:49 - 2014-05-28 00:36 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 18:37 - 2014-05-14 18:37 - 00000668 _____ () C:\Users\Public\Desktop\Guitar Pro 6.lnk
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2014-05-14 18:37 - 2014-05-14 18:37 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2014-05-14 18:36 - 2014-05-14 18:34 - 149385851 _____ (Arobas Music ) C:\Users\Flo\Downloads\Guitar_Pro_6.exe
2014-05-12 07:26 - 2014-06-03 23:27 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 23:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 23:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 00:02 - 2014-04-01 14:13 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Awesomium
2014-05-09 08:14 - 2014-05-15 13:44 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 13:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 19:49 - 2013-11-10 04:56 - 00000000 ____D () C:\Users\Flo\Desktop\ds
2014-05-07 17:20 - 2013-09-26 17:49 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 17:20 - 2013-09-26 17:49 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:10

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 07.06.2014 11:09
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

EizFlo 07.06.2014 21:36
Servus:)

Hat alles geklappt
nochmal vielen Dank für die Hilfe:)

Gruß Flo

schrauber 08.06.2014 09:59
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131