Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""." (https://www.trojaner-board.de/154988-windows-7-fehlermeldung-systemstart-regsvr32-fehler-beim-laden-moduls.html)

pcguy10 09.06.2014 19:46
Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
 
Hallo zusammen,

nachdem ich am Sonntag, dem 08.06.2014, meinen Laptop gestartet habe, bemerkte ich folgende Fehlermeldung:

"Fehler beim Laden des Moduls "".

Stellen Sie sicher, dass die Binärdatei am angegebenen
Pfad gespeichert ist, oder debuggen Sie die Datei, um
Probleme mit der binären Datei oder abhängigen
DLL-Dateien auszuschließen.

Das angegebene Modul wurde nicht gefunden."

Zunächst habe ich diese Meldung ignoriert. Ich habe mir lediglich einige Videos auf Youtube angesehen und meinen Laptop wieder heruntergefahren, da ich ihn nicht mehr benötigte. Später habe ich ihn aber erneut eingeschaltet und die Fehlermeldung erschien wieder. Daraufhin habe ich mich darüber informiert und erfahren, dass ich mir möglicherweise einen Virus eingefangen haben könnte.

Während ich mich dahingehend informierte, wie ich diesen entfernen könne, erschien die Meldung:

"In der Datei 'C:\Users\Elias\AppData\Local\Temp\mstsc.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden."

Ich habe den Zugriff verweigert und mich nicht weiter darum gekümmert, da ich bereits seit längerer Zeit stets eine ähnliche Warnung erhalte:

"In der Datei 'C:\Users\Elias\AppData\Local\Temp\mstsc.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden."

Ich habe dazu einen Freund befragt und er sagte mir, dass diese Warnung unbedenklich sei und ignoriert werden könne.

Später an besagtem Sonntag erhielt ich erneut eine Meldung von Avira:

"Die Datei 'C:\ProgramData\ActosKezej.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.68846' [trojan]."

Ich konnte bisher noch keine Einschränkungen in der Leistung meines PCs feststellen und habe bis auf die besagten Meldungen nichts Ungewöhnliches bemerkt.

Hier sind die angefertigten Log-Files:

defogger_disable.txt:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:38 on 09/06/2014 (Elias)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
FRST.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2014 01
Ran by Elias (administrator) on PC-ELIAS on 09-06-2014 15:03:20
Running from C:\Users\Elias\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(Akamai Technologies, Inc.) C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-12] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-10] ()
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Facebook Update] => C:\Users\Elias\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [GoogleChromeAutoLaunch_ADF2EF7A9169565BE50E52E39FE78F03] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [ActosKezej] => regsvr32.exe "
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
ShortcutTarget: Warner Bros.lnk -> C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2169D8548899CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default
FF NewTab: about:blank
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Elias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Elias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-09]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: de.yahoo.com
CHR DefaultSearchProvider: Yahoo! Deutschland
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Elias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-11-02]
CHR Extension: (Google Wallet) - C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
S2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-08-30] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-08-30] ()
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-07-20] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-07-20] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [66560 2005-05-17] (Protection Technology) [File not signed]
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-11-04] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2012-10-27] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-01-23] (WinISO.com)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\Elias\AppData\Local\Temp\0053A90.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 15:03 - 2014-06-09 15:06 - 00018267 _____ () C:\Users\Elias\Desktop\FRST.txt
2014-06-09 15:02 - 2014-06-09 15:03 - 00000000 ____D () C:\FRST
2014-06-09 14:38 - 2014-06-09 14:38 - 00000652 _____ () C:\Users\Elias\Desktop\defogger_disable.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000188 _____ () C:\Users\Elias\defogger_reenable
2014-06-09 12:29 - 2014-06-09 14:37 - 00000000 ____D () C:\Users\Elias\Desktop\SystemRestore
2014-06-09 12:28 - 2014-06-09 12:28 - 00380416 _____ () C:\Users\Elias\Desktop\Gmer-19357.exe
2014-06-09 12:26 - 2014-06-09 12:26 - 02080768 _____ (Farbar) C:\Users\Elias\Desktop\FRST64.exe
2014-06-09 12:25 - 2014-06-09 12:25 - 00050477 _____ () C:\Users\Elias\Desktop\Defogger.exe
2014-06-08 15:24 - 2014-06-08 18:00 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-06-08 15:24 - 2014-06-08 15:24 - 00003132 _____ () C:\Windows\System32\Tasks\ParetoLogic Registration3
2014-06-08 15:24 - 2014-06-08 15:24 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\ParetoLogic
2014-06-08 15:24 - 2014-06-08 15:24 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\DriverCure
2014-06-08 15:23 - 2014-06-09 10:49 - 00000442 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-06-08 15:23 - 2014-06-09 10:49 - 00000400 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-06-08 15:23 - 2014-06-09 10:49 - 00000382 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-06-08 15:23 - 2014-06-08 15:23 - 00003296 _____ () C:\Windows\System32\Tasks\PC Health Advisor
2014-06-08 15:23 - 2014-06-08 15:23 - 00003276 _____ () C:\Windows\System32\Tasks\PC Health Advisor Defrag
2014-06-08 15:23 - 2014-06-08 15:23 - 00003256 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3
2014-06-08 15:23 - 2014-06-08 15:23 - 00001103 _____ () C:\Users\Elias\Desktop\ParetoLogic PC Health Advisor.lnk
2014-06-08 15:23 - 2014-06-08 15:23 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-06-08 15:21 - 2014-06-08 15:21 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Elias\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 14:21 - 2014-06-09 14:41 - 00003106 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-06-01 21:23 - 2014-06-01 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2014-05-28 23:31 - 2014-05-28 23:31 - 00000000 ____D () C:\ProgramData\The Learning Company
2014-05-28 23:31 - 2002-05-07 07:09 - 00274432 _____ (Riverdeep Interactive Learning Limited) C:\Windows\TLCUNINSTALL.EXE
2014-05-28 23:29 - 2014-05-28 23:29 - 00000000 _____ () C:\Windows\SETUP32.INI
2014-05-26 14:01 - 2014-05-26 14:01 - 00000969 _____ () C:\Users\Elias\Desktop\Batman - Vengeance.lnk
2014-05-23 20:10 - 2014-05-23 20:12 - 23424432 _____ (Windows 7 - Codec Pack) C:\Users\Elias\Downloads\windows.7.codec.pack.v4.0.9.setup.exe
2014-05-20 15:02 - 2014-05-20 15:02 - 00045384 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-19 22:37 - 2014-05-19 22:40 - 39620653 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad - The Infinity Gauntlet.7z
2014-05-19 22:32 - 2014-05-19 22:34 - 11027425 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad.7z
2014-05-18 21:27 - 2014-05-18 21:27 - 00004096 _____ () C:\Windows\d3dx.dat
2014-05-18 20:48 - 2014-05-18 20:48 - 00004161 _____ () C:\Users\Elias\AppData\Local\recently-used.xbel
2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Elias\.thumbnails
2014-05-17 23:57 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 23:57 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 23:57 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 23:57 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 23:57 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 23:57 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 13:48 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 13:48 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 13:48 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 13:48 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 13:48 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-17 13:48 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-17 13:48 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-17 13:48 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-17 13:48 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 13:48 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 13:48 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 13:48 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 13:48 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 13:48 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-17 13:48 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 04374528 _____ () C:\Windows\system32\ffdshow.ax
2014-05-13 17:05 - 2014-05-13 17:05 - 04009984 _____ () C:\Windows\system32\ffmpeg.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 00474624 _____ () C:\Windows\system32\ff_kernelDeint.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 01532928 _____ () C:\Windows\system32\ff_samplerate.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00631296 _____ () C:\Windows\system32\TomsMoComp_ff.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00222720 _____ () C:\Windows\system32\ff_libdts.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00190464 _____ () C:\Windows\system32\libmpeg2_ff.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00183296 _____ () C:\Windows\system32\ff_unrar.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00156672 _____ () C:\Windows\system32\ff_libmad.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00116224 _____ () C:\Windows\system32\ff_liba52.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00114688 _____ () C:\Windows\system32\ff_wmv9.dll
2014-05-13 17:02 - 2014-05-13 17:02 - 03916288 _____ () C:\Windows\SysWOW64\ffmpeg.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 03502592 _____ () C:\Windows\SysWOW64\ffdshow.ax
2014-05-13 17:01 - 2014-05-13 17:01 - 00271360 _____ () C:\Windows\SysWOW64\TomsMoComp_ff.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 01525760 _____ () C:\Windows\SysWOW64\ff_samplerate.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00211968 _____ () C:\Windows\SysWOW64\ff_libdts.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00157184 _____ () C:\Windows\SysWOW64\ff_unrar.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00147456 _____ () C:\Windows\SysWOW64\ff_libmad.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00136704 _____ () C:\Windows\SysWOW64\libmpeg2_ff.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00114688 _____ () C:\Windows\SysWOW64\ff_liba52.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00099840 _____ () C:\Windows\SysWOW64\ff_wmv9.dll

==================== One Month Modified Files and Folders =======

2014-06-09 15:06 - 2014-06-09 15:03 - 00018267 _____ () C:\Users\Elias\Desktop\FRST.txt
2014-06-09 15:06 - 2011-11-10 21:30 - 00000000 ____D () C:\Users\Elias\AppData\Local\PMB Files
2014-06-09 15:06 - 2011-11-02 19:30 - 00000000 ____D () C:\Users\Elias\AppData\Local\Temp
2014-06-09 15:03 - 2014-06-09 15:02 - 00000000 ____D () C:\FRST
2014-06-09 15:00 - 2013-12-26 23:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-09 14:53 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 14:53 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 14:50 - 2011-11-03 02:35 - 01627818 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 14:49 - 2011-11-07 22:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 14:49 - 2011-11-07 22:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 14:41 - 2014-06-05 14:21 - 00003106 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-06-09 14:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 14:40 - 2009-07-14 06:51 - 00395949 _____ () C:\Windows\setupact.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000652 _____ () C:\Users\Elias\Desktop\defogger_disable.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000188 _____ () C:\Users\Elias\defogger_reenable
2014-06-09 14:38 - 2011-11-02 19:30 - 00000000 ____D () C:\Users\Elias
2014-06-09 14:37 - 2014-06-09 12:29 - 00000000 ____D () C:\Users\Elias\Desktop\SystemRestore
2014-06-09 13:40 - 2011-11-11 20:28 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000UA.job
2014-06-09 12:28 - 2014-06-09 12:28 - 00380416 _____ () C:\Users\Elias\Desktop\Gmer-19357.exe
2014-06-09 12:26 - 2014-06-09 12:26 - 02080768 _____ (Farbar) C:\Users\Elias\Desktop\FRST64.exe
2014-06-09 12:25 - 2014-06-09 12:25 - 00050477 _____ () C:\Users\Elias\Desktop\Defogger.exe
2014-06-09 10:49 - 2014-06-08 15:23 - 00000442 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-06-09 10:49 - 2014-06-08 15:23 - 00000400 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-06-09 10:49 - 2014-06-08 15:23 - 00000382 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-06-08 18:00 - 2014-06-08 15:24 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-06-08 16:40 - 2011-11-11 20:28 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000Core.job
2014-06-08 15:24 - 2014-06-08 15:24 - 00003132 _____ () C:\Windows\System32\Tasks\ParetoLogic Registration3
2014-06-08 15:24 - 2014-06-08 15:24 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\ParetoLogic
2014-06-08 15:24 - 2014-06-08 15:24 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\DriverCure
2014-06-08 15:23 - 2014-06-08 15:23 - 00003296 _____ () C:\Windows\System32\Tasks\PC Health Advisor
2014-06-08 15:23 - 2014-06-08 15:23 - 00003276 _____ () C:\Windows\System32\Tasks\PC Health Advisor Defrag
2014-06-08 15:23 - 2014-06-08 15:23 - 00003256 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3
2014-06-08 15:23 - 2014-06-08 15:23 - 00001103 _____ () C:\Users\Elias\Desktop\ParetoLogic PC Health Advisor.lnk
2014-06-08 15:23 - 2014-06-08 15:23 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-06-08 15:23 - 2014-04-25 12:59 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-06-08 15:23 - 2014-04-25 12:59 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2014-06-08 15:21 - 2014-06-08 15:21 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Elias\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-06 21:06 - 2011-11-10 00:12 - 00000000 ____D () C:\Users\Elias\Documents\1.) Eigene Dokumente
2014-06-06 21:06 - 2009-08-04 11:51 - 00709252 _____ () C:\Windows\system32\perfh007.dat
2014-06-06 21:06 - 2009-08-04 11:51 - 00153852 _____ () C:\Windows\system32\perfc007.dat
2014-06-06 21:06 - 2009-07-14 07:13 - 01642148 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 19:50 - 2013-08-27 23:17 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\FreeVideoConverter
2014-06-05 15:43 - 2013-12-27 00:08 - 00000000 ____D () C:\ProgramData\Origin
2014-06-05 15:29 - 2013-12-27 00:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-05 14:19 - 2011-11-02 20:37 - 00047860 _____ () C:\Windows\PFRO.log
2014-06-01 22:39 - 2011-11-05 17:17 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 22:38 - 2011-11-30 18:36 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-01 22:38 - 2011-11-30 18:36 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-01 22:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 21:39 - 2014-06-01 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2014-06-01 19:34 - 2013-11-02 18:31 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-06-01 19:34 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 02:16 - 2014-04-25 13:00 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-05-29 00:33 - 2014-04-25 13:00 - 00003254 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version2
2014-05-28 23:31 - 2014-05-28 23:31 - 00000000 ____D () C:\ProgramData\The Learning Company
2014-05-28 23:29 - 2014-05-28 23:29 - 00000000 _____ () C:\Windows\SETUP32.INI
2014-05-28 23:24 - 2011-11-03 02:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-27 15:26 - 2013-08-09 15:51 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 15:26 - 2013-08-09 15:51 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 23:12 - 2012-01-28 17:56 - 00000000 ____D () C:\Users\Elias\Filme
2014-05-26 14:01 - 2014-05-26 14:01 - 00000969 _____ () C:\Users\Elias\Desktop\Batman - Vengeance.lnk
2014-05-23 20:12 - 2014-05-23 20:10 - 23424432 _____ (Windows 7 - Codec Pack) C:\Users\Elias\Downloads\windows.7.codec.pack.v4.0.9.setup.exe
2014-05-20 15:02 - 2014-05-20 15:02 - 00045384 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-19 22:40 - 2014-05-19 22:37 - 39620653 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad - The Infinity Gauntlet.7z
2014-05-19 22:34 - 2014-05-19 22:32 - 11027425 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad.7z
2014-05-18 21:27 - 2014-05-18 21:27 - 00004096 _____ () C:\Windows\d3dx.dat
2014-05-18 20:48 - 2014-05-18 20:48 - 00004161 _____ () C:\Users\Elias\AppData\Local\recently-used.xbel
2014-05-18 20:48 - 2013-08-30 18:40 - 00000000 ____D () C:\Users\Elias\.gimp-2.8
2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Elias\.thumbnails
2014-05-18 12:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 09:39 - 2011-11-02 19:36 - 00000000 ___RD () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 09:39 - 2011-11-02 19:36 - 00000000 ___RD () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 23:57 - 2011-11-05 10:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 14:09 - 2012-04-03 14:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 14:09 - 2011-11-05 11:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 13:07 - 2012-09-27 17:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 17:05 - 2014-05-13 17:05 - 04374528 _____ () C:\Windows\system32\ffdshow.ax
2014-05-13 17:05 - 2014-05-13 17:05 - 04009984 _____ () C:\Windows\system32\ffmpeg.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 00474624 _____ () C:\Windows\system32\ff_kernelDeint.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 01532928 _____ () C:\Windows\system32\ff_samplerate.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00631296 _____ () C:\Windows\system32\TomsMoComp_ff.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00222720 _____ () C:\Windows\system32\ff_libdts.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00190464 _____ () C:\Windows\system32\libmpeg2_ff.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00183296 _____ () C:\Windows\system32\ff_unrar.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00156672 _____ () C:\Windows\system32\ff_libmad.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00116224 _____ () C:\Windows\system32\ff_liba52.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00114688 _____ () C:\Windows\system32\ff_wmv9.dll
2014-05-13 17:02 - 2014-05-13 17:02 - 03916288 _____ () C:\Windows\SysWOW64\ffmpeg.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 03502592 _____ () C:\Windows\SysWOW64\ffdshow.ax
2014-05-13 17:01 - 2014-05-13 17:01 - 00271360 _____ () C:\Windows\SysWOW64\TomsMoComp_ff.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 01525760 _____ () C:\Windows\SysWOW64\ff_samplerate.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00211968 _____ () C:\Windows\SysWOW64\ff_libdts.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00157184 _____ () C:\Windows\SysWOW64\ff_unrar.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00147456 _____ () C:\Windows\SysWOW64\ff_libmad.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00136704 _____ () C:\Windows\SysWOW64\libmpeg2_ff.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00114688 _____ () C:\Windows\SysWOW64\ff_liba52.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00099840 _____ () C:\Windows\SysWOW64\ff_wmv9.dll

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Windows\System32\consrv.dll

ZeroAccess:
C:\Users\Elias\AppData\Local\7fe5b999
C:\Users\Elias\AppData\Local\7fe5b999\@
C:\Users\Elias\AppData\Local\7fe5b999\loader.tlb
C:\Users\Elias\AppData\Local\7fe5b999\U\80000000.@
C:\Users\Elias\AppData\Local\7fe5b999\U\800000cb.@
C:\Users\Elias\AppData\Local\7fe5b999\U\800000cf.@

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe


Some content of TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\AskSLib.dll
C:\Users\Benjamin\AppData\Local\Temp\CmdLineExt.dll
C:\Users\Benjamin\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Benjamin\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Benjamin\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Benjamin\AppData\Local\Temp\_is640.exe
C:\Users\Elias\AppData\Local\Temp\1402.dll
C:\Users\Elias\AppData\Local\Temp\1_Offer_5.exe
C:\Users\Elias\AppData\Local\Temp\1_Offer_6.exe
C:\Users\Elias\AppData\Local\Temp\1_Offer_7.exe
C:\Users\Elias\AppData\Local\Temp\AskSLib.dll
C:\Users\Elias\AppData\Local\Temp\AutoRun.exe
C:\Users\Elias\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Elias\AppData\Local\Temp\avgnt.exe
C:\Users\Elias\AppData\Local\Temp\CojLauncher.exe
C:\Users\Elias\AppData\Local\Temp\cres.dll
C:\Users\Elias\AppData\Local\Temp\cshell.dll
C:\Users\Elias\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Elias\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Elias\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Elias\AppData\Local\Temp\drm_dyndata_7370008.dll
C:\Users\Elias\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Elias\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Elias\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Elias\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Elias\AppData\Local\Temp\eauninstall.exe
C:\Users\Elias\AppData\Local\Temp\evvkhcil.dll
C:\Users\Elias\AppData\Local\Temp\ffunzip.exe
C:\Users\Elias\AppData\Local\Temp\First15.exe
C:\Users\Elias\AppData\Local\Temp\FreemakeVideoDownloader_3.1.0.2.exe
C:\Users\Elias\AppData\Local\Temp\GLF38E8.tmp.ConduitEngineSetup.exe
C:\Users\Elias\AppData\Local\Temp\GLF7156.tmp.ConduitEngineSetup.exe
C:\Users\Elias\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Elias\AppData\Local\Temp\i4jdel0.exe
C:\Users\Elias\AppData\Local\Temp\iiuninst.exe
C:\Users\Elias\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Elias\AppData\Local\Temp\instructions.exe
C:\Users\Elias\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Elias\AppData\Local\Temp\menu.exe
C:\Users\Elias\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Elias\AppData\Local\Temp\mstsc.exe
C:\Users\Elias\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe
C:\Users\Elias\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe
C:\Users\Elias\AppData\Local\Temp\old haloupdate.exe
C:\Users\Elias\AppData\Local\Temp\ose00000.exe
C:\Users\Elias\AppData\Local\Temp\prxGLF38E8.tmp.tbDVDV.dll
C:\Users\Elias\AppData\Local\Temp\prxGLF7156.tmp.tbDVDV.dll
C:\Users\Elias\AppData\Local\Temp\Quarantine.exe
C:\Users\Elias\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Elias\AppData\Local\Temp\SecuExp.exe
C:\Users\Elias\AppData\Local\Temp\Shortcut_SweetIMSetup.exe
C:\Users\Elias\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Elias\AppData\Local\Temp\SIntf16.dll
C:\Users\Elias\AppData\Local\Temp\SIntf32.dll
C:\Users\Elias\AppData\Local\Temp\SIntfNT.dll
C:\Users\Elias\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Elias\AppData\Local\Temp\SweetIESetup.exe
C:\Users\Elias\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Elias\AppData\Local\Temp\TB_E746.exe
C:\Users\Elias\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Elias\AppData\Local\Temp\VP6Install.exe
C:\Users\Elias\AppData\Local\Temp\VP6VFW.dll
C:\Users\Elias\AppData\Local\Temp\_is6BEF.exe
C:\Users\Elias\AppData\Local\Temp\_isA3BE.exe
C:\Users\Elias\AppData\Local\Temp\_niyj842.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 10:23

==================== End Of Log ============================
--- --- ---


Addition.txt:
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2014 01
Ran by Elias at 2014-06-09 15:07:15
Running from C:\Users\Elias\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
«Aliens versus Predator» version 1.0 (HKLM-x32\...\«Aliens versus Predator»_is1) (Version: 1.0 - R.G. Catalyst)
«Rune» 1.07 (HKLM-x32\...\Rune_is1) (Version: 1.07 - R.G. Catalyst)
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version:  - )
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.25001 - Alcor Micro Corp.) Hidden
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.4 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{60D6618B-153F-4353-8185-908E676E5888}) (Version: 1.0.5 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.19 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)
Asus_Camera_ScreenSaver (HKLM-x32\...\Asus_Camera_ScreenSaver) (Version: 2.0.0009 - ASUS)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0051 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0005 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0005 - ASUS)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.2 - Activision)
Call of Duty(R) 2 (x32 Version: 1.2 - Activision) Hidden
CardRecovery 6.00 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version:  - WinRecovery Software)
CardRecoveryPro 2.5.5 (HKLM-x32\...\{D4F48A8F-8E81-43E0-847F-04318383476F}_is1) (Version: 2.5.5 - LionSea SoftWare)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.0 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version:  - )
Der Herr der Ringe Online v03.03.06.8008 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.03.06.8008 - Turbine, Inc.)
Die ersten 10 Jahre (HKLM-x32\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - )
Die Schlacht um Mittelerde(tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version:  - )
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.7.0.6 - DVDVideoSoftTB)
EA SPORTS online 2008 (HKLM-x32\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version:  - )
ETDWare PS/2-x64 7.0.5.5_WHQL (HKLM\...\Elantech) (Version:  - )
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fast Boot (HKLM-x32\...\{A16656CE-4B17-4484-A13F-22B9500E5223}) (Version: 1.0.0 - ASUS)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
FormatFactory 2.70 (HKLM-x32\...\FormatFactory) (Version: 2.70 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free YouTube Download version 3.2.27.225 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.27.225 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 07 - Verlängerung (HKLM-x32\...\{3EE2F527-F306-49E9-0086-662C337ADD3B}) (Version:  - )
FUSSBALL MANAGER 09 (HKLM-x32\...\FUSSBALL MANAGER 09) (Version:  - Electronic Arts)
G DATA Logox4 Speechengine (HKLM-x32\...\lgx4.lgx.server) (Version:  - G DATA Software AG)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
GT Interactive - Driver (HKLM-x32\...\GT Interactive - Driver) (Version:  - )
GUN (TM) (HKLM-x32\...\InstallShield_{2DFF2906-52BB-4222-8062-1509259FC013}) (Version: 1.00.0000 - Activision)
GUN (TM) (x32 Version: 1.00.0000 - Activision) Hidden
HdR Die Rückkehr des Königs tm (HKLM-x32\...\{6E298B0A-558C-4138-0096-740677B382CD}) (Version:  - )
Hype The Time Quest 3Dfx Patch (HKLM\...\{f6476ad0-bb68-44e8-9380-6b69e2253eab}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LEGO Island 2 (HKLM-x32\...\{85967580-EBC2-11D4-AEA3-0050046A88ED}) (Version:  - )
LEGO Star Wars II (HKLM-x32\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
Medal of Honor Pacific Assault(tm) (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Virtual PC 2007 SP1 (HKLM\...\{AD483998-2E9A-4405-83FF-6E503AF49CBB}) (Version: 6.0.192.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Moto Racer (HKLM-x32\...\Moto Racer) (Version:  - DotEmu)
Moto Racer 2 (HKLM-x32\...\Moto Racer 2) (Version:  - DotEmu)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (7.0.1) (HKLM-x32\...\Mozilla Thunderbird (7.0.1)) (Version: 7.0.1 (de) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.776 - Electronic Arts)
nGlide 1.02 (HKLM-x32\...\nGlide) (Version: 1.02 - Zeus Software)
Nitronic Rush (2011-12-25) version 20111225.0 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20111225.0 - DigiPen)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA PhysX v8.05.26 (HKLM-x32\...\{11AE6807-50D2-4F59-82B3-2C3E695E94C2}) (Version: 8.05.26 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Orca (HKLM-x32\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)
ParaWorld (HKLM-x32\...\{EAA01BA0-6991-4296-A404-4FFF2DAC2225}) (Version: 1.00 - Sunflowers)
ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic)
ParetoLogic PC Health Advisor (HKLM-x32\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.0.0 - ParetoLogic, Inc.)
PCGH Oblivion-Tuner (HKLM-x32\...\ST6UNST #1) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pirates of the Caribbean - At Worlds End (HKLM-x32\...\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}) (Version: 1.0 - Disney Interactive Studios)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version:  - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prince of Persia The Sands of Time (HKLM-x32\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - )
Prince of Persia Warrior Within (HKLM-x32\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Rayman 3 (HKLM-x32\...\{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}) (Version: 1.00.000 - )
Rayman Raving Rabbids (HKLM-x32\...\{111E336D-30BF-4CD4-8D69-4541732AFB27}) (Version: 1.00.0000 - Ubisoft)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RESIDENT EVIL (HKLM-x32\...\RESIDENT EVIL) (Version:  - )
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.1 - Roxio) Hidden
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.3 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
Roxio WinOnCD 2010 (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio WinOnCD 2010 (x32 Version: 1.2.193 - Roxio) Hidden
Roxio WinOnCD 2010 (x32 Version: 5.0.0 - Roxio) Hidden
Roxio WinOnCD 2010 Content (x32 Version: 12.0.013 - Roxio) Hidden
SecuROM Diagnostic Tool (HKLM-x32\...\SecuROM Diagnostic Tool) (Version:  - Sony DADC Austria)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Smokin' Guns 1.0 (HKLM-x32\...\Smokin' Guns_is1) (Version:  - Smokin' Guns Productions)
Spider-Man(TM) - Freund oder Feind (HKLM-x32\...\InstallShield_{BDA6A019-2695-4AE1-88CE-EE7801BD41AA}) (Version: 1.00.0000 - Activision)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
The Simpsons Hit & Run(TM) (HKLM-x32\...\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}) (Version: 1.00.000 - )
TrackMania Sunrise Extreme 1.5.1 (HKLM-x32\...\TmSunrise_is1) (Version:  - Nadeo)
Trespasser (HKLM-x32\...\DreamWorks Interactive: Trespasser) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Warner Bros. Digital Copy Manager (HKLM-x32\...\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1) (Version: 1.70 - Warner Bros. Entertainment Inc.)
Warner Bros. Digital Copy Manager (x32 Version: 1.70 - Warner Bros. Entertainment Inc.) Hidden
Windows 7 Codec Pack 4.0.9 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.9 - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5136 - WinISO Computing Inc.)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Restore Points  =========================

07-06-2014 07:38:25 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {367D53DD-185F-4C26-855A-BAA94E10FCE1} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {3763303D-128A-4D85-B94D-39E2030E25AA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000UA => C:\Users\Elias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {3E9D76B6-1C13-4F9B-98B6-5A9F6AE8D4CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-07] (Google Inc.)
Task: {476B5389-B209-4249-8002-91A2870BCD7C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {5326B591-656D-4301-AB6E-46B7EFBFC78E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {6F606438-1499-47AD-B824-E91D901947B8} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {74190666-B6B8-487B-A94D-DD8F822F3F06} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000Core => C:\Users\Elias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {795FA79F-1126-4F1D-8F74-F3731E6B1E70} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-24] ()
Task: {7D04CC43-27DF-44DC-8518-3343742CB695} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-30] (ParetoLogic, Inc.)
Task: {8799444A-32D3-461F-9036-C50A18E8BEED} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {8BC53019-4433-48BE-BD91-05A80A07C075} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-07-23] ()
Task: {94EFA5C3-E040-456A-9EC5-DB2D7B9A95F5} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {A2B1F7DE-372F-44CF-BD79-97BCD2B6C803} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A66131EE-CBC9-40E8-96CC-D75FA062A6A6} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-07-29] (ATK)
Task: {AA0AD387-58B3-493D-B1BA-2D0299B18474} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2009-06-02] (ASUSTek Computer Inc.)
Task: {AC754C54-AA6D-47A7-BE31-6F443F495C77} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-30] (ParetoLogic Inc.)
Task: {BCB080B8-E08F-4AB8-8D65-391EC44B02C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-07] (Google Inc.)
Task: {C487C1AE-04B7-4C61-860E-AEEB9492D44E} - System32\Tasks\{BA5FD329-FFB2-4F4C-94CA-EB4512BCB33D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {D0BB6F58-27A1-4091-BE2C-8546DBD1BA55} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22] ()
Task: {DF85F1FA-F4F2-4323-8858-4D0E96C743C8} - System32\Tasks\task36153668 => C:\Windows\Temp\_ex-08.exe
Task: {EC302777-84E1-4C34-82E8-AC981D234CCA} - System32\Tasks\PC Health Advisor => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-30] (ParetoLogic, Inc.)
Task: {F4DBC61D-0640-4C27-9E40-25995007EB6F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000Core.job => C:\Users\Elias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000UA.job => C:\Users\Elias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe

==================== Loaded Modules (whitelisted) =============

2011-11-03 02:51 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2012-02-14 18:14 - 2012-08-30 00:50 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-02-14 18:14 - 2012-08-30 00:51 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2009-07-23 02:58 - 2009-07-23 02:58 - 00017976 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-05-05 19:00 - 2009-05-05 19:00 - 00041472 _____ () C:\Program Files\P4G\DevMng.dll
2009-07-27 19:12 - 2009-07-27 19:12 - 00026624 _____ () C:\Program Files\P4G\OvrClk.dll
2011-11-03 02:51 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-07-24 19:32 - 2009-07-24 19:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2011-11-10 21:25 - 2011-11-10 21:30 - 03077528 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2013-12-17 03:24 - 2013-12-17 03:24 - 00699392 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe
2011-11-03 02:51 - 2009-05-07 10:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-11-03 02:51 - 2009-05-07 10:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-11-03 02:51 - 2008-01-18 08:50 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-11-03 02:51 - 2009-07-06 08:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2009-07-21 12:50 - 2009-07-21 12:50 - 00084464 _____ () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
2009-06-23 02:18 - 2009-06-23 02:18 - 00494064 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
2013-11-02 14:03 - 2013-11-02 14:03 - 00142336 _____ () C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
2013-11-02 14:04 - 2009-04-07 14:53 - 00030440 _____ () C:\Program Files (x86)\dcmsvc\dcmsvc.exe
2011-01-17 17:19 - 2011-11-06 11:02 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-05-09 21:23 - 2014-05-09 21:23 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-17 14:09 - 2014-05-17 14:09 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2014 02:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Name des fehlerhaften Moduls: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f2b1
ID des fehlerhaften Prozesses: 0x660
Startzeit der fehlerhaften Anwendung: 0xFastBootAgent.exe0
Pfad der fehlerhaften Anwendung: FastBootAgent.exe1
Pfad des fehlerhaften Moduls: FastBootAgent.exe2
Berichtskennung: FastBootAgent.exe3

Error: (06/09/2014 10:50:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Name des fehlerhaften Moduls: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f2b1
ID des fehlerhaften Prozesses: 0x698
Startzeit der fehlerhaften Anwendung: 0xFastBootAgent.exe0
Pfad der fehlerhaften Anwendung: FastBootAgent.exe1
Pfad des fehlerhaften Moduls: FastBootAgent.exe2
Berichtskennung: FastBootAgent.exe3

Error: (06/08/2014 02:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Name des fehlerhaften Moduls: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f2b1
ID des fehlerhaften Prozesses: 0x694
Startzeit der fehlerhaften Anwendung: 0xFastBootAgent.exe0
Pfad der fehlerhaften Anwendung: FastBootAgent.exe1
Pfad des fehlerhaften Moduls: FastBootAgent.exe2
Berichtskennung: FastBootAgent.exe3

Error: (06/08/2014 09:04:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWHELP~1.EXE, Version: 10.2.0.22, Zeitstempel: 0x4635da9e
Name des fehlerhaften Moduls: SWHELP~1.EXE, Version: 10.2.0.22, Zeitstempel: 0x4635da9e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007b1b
ID des fehlerhaften Prozesses: 0x468
Startzeit der fehlerhaften Anwendung: 0xSWHELP~1.EXE0
Pfad der fehlerhaften Anwendung: SWHELP~1.EXE1
Pfad des fehlerhaften Moduls: SWHELP~1.EXE2
Berichtskennung: SWHELP~1.EXE3

Error: (06/08/2014 07:31:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Name des fehlerhaften Moduls: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f2b1
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xFastBootAgent.exe0
Pfad der fehlerhaften Anwendung: FastBootAgent.exe1
Pfad des fehlerhaften Moduls: FastBootAgent.exe2
Berichtskennung: FastBootAgent.exe3

Error: (06/07/2014 06:19:24 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: Pando_WinPando-1

Error: (06/07/2014 08:49:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Name des fehlerhaften Moduls: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f2b1
ID des fehlerhaften Prozesses: 0x690
Startzeit der fehlerhaften Anwendung: 0xFastBootAgent.exe0
Pfad der fehlerhaften Anwendung: FastBootAgent.exe1
Pfad des fehlerhaften Moduls: FastBootAgent.exe2
Berichtskennung: FastBootAgent.exe3

Error: (06/06/2014 10:34:51 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: Pando_WinPando-1

Error: (06/06/2014 04:50:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Name des fehlerhaften Moduls: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f2b1
ID des fehlerhaften Prozesses: 0x664
Startzeit der fehlerhaften Anwendung: 0xFastBootAgent.exe0
Pfad der fehlerhaften Anwendung: FastBootAgent.exe1
Pfad des fehlerhaften Moduls: FastBootAgent.exe2
Berichtskennung: FastBootAgent.exe3

Error: (06/05/2014 02:21:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Name des fehlerhaften Moduls: FastBootAgent.exe, Version: 1.0.0.0, Zeitstempel: 0x4a68233e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f2b1
ID des fehlerhaften Prozesses: 0x66c
Startzeit der fehlerhaften Anwendung: 0xFastBootAgent.exe0
Pfad der fehlerhaften Anwendung: FastBootAgent.exe1
Pfad des fehlerhaften Moduls: FastBootAgent.exe2
Berichtskennung: FastBootAgent.exe3


System errors:
=============
Error: (06/09/2014 02:43:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FastBootAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/09/2014 02:42:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01a
sfsync02

Error: (06/09/2014 02:41:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Hard Drive Watcher 12 erreicht.

Error: (06/09/2014 02:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/09/2014 02:39:30 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01a.sys konnte nicht geladen werden.

Error: (06/09/2014 02:39:30 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.

Error: (06/09/2014 11:50:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/09/2014 11:50:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Volumeschattenkopie erreicht.

Error: (06/09/2014 11:50:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/09/2014 10:55:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-20 13:49:24.337
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-20 13:49:24.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 4061.09 MB
Available physical RAM: 2513.45 MB
Total Pagefile: 8120.35 MB
Available Pagefile: 6275.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.88 GB) (Free:87.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:218.23 GB) (Free:57.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=OF Extended)

==================== End Of Log ============================
--- --- ---


Gmer.txt:
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-09 15:53:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Elias\AppData\Local\Temp\kxldapow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\PnkBstrA.exe[1796] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                        0000000075191a22 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1796] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                        0000000075191ad0 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1796] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                        0000000075191b08 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1796] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                        0000000075191bba 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1796] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                        0000000075191bda 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                        0000000075191a22 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                        0000000075191ad0 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                        0000000075191b08 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                        0000000075191bba 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                        0000000075191bda 2 bytes [19, 75]
.text  C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                0000000077ac1465 2 bytes [AC, 77]
.text  C:\Windows\SysWOW64\PnkBstrB.exe[1820] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                0000000077ac14bb 2 bytes [AC, 77]
.text  ...                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1384] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                0000000076008791 5 bytes [33, C0, C2, 04, 00]
.text  C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000077ac1465 2 bytes [AC, 77]
.text  C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000077ac14bb 2 bytes [AC, 77]
.text  ...                                                                                                                                                            * 2
.text  C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000077ac1465 2 bytes [AC, 77]
.text  C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          0000000077ac14bb 2 bytes [AC, 77]
.text  ...                                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\C2MP\TrayMenu.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000077ac1465 2 bytes [AC, 77]
.text  C:\Windows\SysWOW64\C2MP\TrayMenu.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          0000000077ac14bb 2 bytes [AC, 77]
.text  ...                                                                                                                                                            * 2
.text  C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000077ac1465 2 bytes [AC, 77]
.text  C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          0000000077ac14bb 2 bytes [AC, 77]
.text  ...                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000077ac1465 2 bytes [AC, 77]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000077ac14bb 2 bytes [AC, 77]
.text  ...                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000077ac1465 2 bytes [AC, 77]
.text  C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077ac14bb 2 bytes [AC, 77]
.text  ...                                                                                                                                                            * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000077ac1465 2 bytes [AC, 77]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000077ac14bb 2 bytes [AC, 77]
.text  ...                                                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3276:2336]                                                                                                000007fefb602a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3276:3856]                                                                                                000007feeff5d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3276:4092]                                                                                                000007fef9b25124

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                            C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                            0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                            0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                        0xF4 0xFC 0x6D 0xEF ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                  0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                0xF2 0x01 0xAC 0xB4 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                          0xD3 0xBB 0x4E 0xD0 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                          0x81 0xA0 0x9C 0xBF ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                            0xF4 0xFC 0x6D 0xEF ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                      0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                    0xF2 0x01 0xAC 0xB4 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                           
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                              0xD3 0xBB 0x4E 0xD0 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                                           
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                              0x81 0xA0 0x9C 0xBF ...

---- EOF - GMER 2.1 ----
--- --- ---


Sollten die Log-Files von Avira noch zur Bearbeitung erforderlich sein, dann bitte ich um eine genauere Beschreibung, wie ich diese hier posten kann. Die Anleitung hat mir dabei leider nicht weiterhelfen können.

Ich hoffe, ich konnte mein Problem ausreichend schildern.

Wie sollte ich nun am besten vorgehen?

Ich bin für jede Hilfe sehr dankbar.

Mit freundlichen Grüßen,
pcguy10

schrauber 09.06.2014 19:49
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

pcguy10 09.06.2014 22:09
Hallo,

zunächst erstmal vielen, vielen Dank für die schnelle Bearbeitung. Ich hatte wirklich nicht damit gerechnet, heute noch eine Antwort zu bekommen. Das ist wirklich großartig.

Ich habe die Schritte wie beschrieben ausgeführt. Tatsächlich erschien beim Start von CombiFix eine Fehlermeldung, dass Avira noch aktiviert sei, obwohl ich es abgeschaltet hatte.

Sie sah folgendermaßen aus:
"CombiFix hat festgestellt das folgende Real-Time-Scanner aktiv sind:
antivirus: Avira Desktop
antispyware: Avira Desktop

Antivirus und Eindringling Schutzprogramme sind dafuer bekannt,
dass sie die Arbeit von ComboFix behindern. Dies kann zu
unvorhersehbaren Ergebnissen oder eventuellen. PC Schaden fuehren.
Bitte deaktiviere diese Scanner, bevor Du auf 'OK' klickst."

Wie in der Anleitung beschrieben habe ich diese Meldung missachtet und auf OK geklickt. Das Programm hat daraufhin seine Arbeit ohne Zwischenfälle verrichtet. Die zweite in der Beschreibung angegebene Fehlermeldung erschien nicht.

Wie gewünscht ist hier die entstandene Log-File:
Combofix Logfile:
Code:
ComboFix 14-06-09.01 - Elias 09.06.2014  21:57:38.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4061.2687 [GMT 2:00]
ausgeführt von:: c:\users\Elias\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
c:\users\Elias\AppData\Local\7fe5b999\U
c:\users\Elias\AppData\Local\7fe5b999\U\80000000.@
c:\users\Elias\AppData\Local\7fe5b999\U\800000cb.@
c:\users\Elias\AppData\Local\7fe5b999\U\800000cf.@
c:\users\Elias\AppData\Local\lame_enc.dll
c:\users\Elias\AppData\Local\no23xwrapper.dll
c:\users\Elias\AppData\Local\ogg.dll
c:\users\Elias\AppData\Local\vorbis.dll
c:\users\Elias\AppData\Local\vorbisenc.dll
c:\users\Elias\AppData\Local\vorbisfile.dll
c:\users\Elias\AppData\Roaming\MafiaSetup.exe
c:\users\Public\invokesi.exe
c:\windows\assembly\tmp\U
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\SysWOW64\C2MP\TrayMenu.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
D:\install.exe
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!SysWOW64!userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-09 bis 2014-06-09  ))))))))))))))))))))))))))))))
.
.
2014-06-09 20:12 . 2014-06-09 20:12        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-06-09 20:12 . 2014-06-09 20:12        --------        d-----w-        c:\users\Benjamin\AppData\Local\temp
2014-06-09 13:02 . 2014-06-09 13:08        --------        d-----w-        C:\FRST
2014-06-08 13:24 . 2014-06-08 13:24        --------        d-----w-        c:\users\Elias\AppData\Roaming\ParetoLogic
2014-06-08 13:24 . 2014-06-08 13:24        --------        d-----w-        c:\users\Elias\AppData\Roaming\DriverCure
2014-05-28 21:31 . 2014-05-28 21:31        --------        d-----w-        c:\programdata\The Learning Company
2014-05-28 21:31 . 2002-05-07 05:09        274432        ----a-w-        c:\windows\TLCUNINSTALL.EXE
2014-05-20 13:02 . 2014-05-20 13:02        45384        ----a-w-        c:\windows\SysWow64\DiscHandler.exe
2014-05-18 12:35 . 2014-05-18 12:35        --------        d-----w-        c:\users\Elias\.thumbnails
2014-05-17 21:57 . 2014-05-06 04:40        23544320        ----a-w-        c:\windows\system32\mshtml.dll
2014-05-17 21:57 . 2014-05-06 03:00        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2014-05-17 21:57 . 2014-05-06 04:17        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-13 15:05 . 2014-05-13 15:05        4009984        ----a-w-        c:\windows\system32\ffmpeg.dll
2014-05-13 15:05 . 2014-05-13 15:05        474624        ----a-w-        c:\windows\system32\ff_kernelDeint.dll
2014-05-13 15:05 . 2014-05-13 15:05        127488        ----a-w-        c:\windows\system32\ff_vfw.dll
2014-05-13 15:05 . 2014-05-13 15:05        4374528        ----a-w-        c:\windows\system32\ffdshow.ax
2014-05-13 15:04 . 2014-05-13 15:04        631296        ----a-w-        c:\windows\system32\TomsMoComp_ff.dll
2014-05-13 15:04 . 2014-05-13 15:04        222720        ----a-w-        c:\windows\system32\ff_libdts.dll
2014-05-13 15:04 . 2014-05-13 15:04        156672        ----a-w-        c:\windows\system32\ff_libmad.dll
2014-05-13 15:04 . 2014-05-13 15:04        116224        ----a-w-        c:\windows\system32\ff_liba52.dll
2014-05-13 15:04 . 2014-05-13 15:04        114688        ----a-w-        c:\windows\system32\ff_wmv9.dll
2014-05-13 15:04 . 2014-05-13 15:04        190464        ----a-w-        c:\windows\system32\libmpeg2_ff.dll
2014-05-13 15:04 . 2014-05-13 15:04        183296        ----a-w-        c:\windows\system32\ff_unrar.dll
2014-05-13 15:04 . 2014-05-13 15:04        1532928        ----a-w-        c:\windows\system32\ff_samplerate.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-27 13:26 . 2013-08-09 13:51        130584        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-05-27 13:26 . 2013-08-09 13:51        112080        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-05-17 12:09 . 2012-04-03 12:59        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-17 12:09 . 2011-11-05 09:48        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 15:02 . 2014-05-13 15:02        3916288        ----a-w-        c:\windows\SysWow64\ffmpeg.dll
2014-05-13 15:01 . 2014-05-13 15:01        112640        ----a-w-        c:\windows\SysWow64\ff_vfw.dll
2014-05-13 15:01 . 2014-05-13 15:01        3502592        ----a-w-        c:\windows\SysWow64\ffdshow.ax
2014-05-13 15:01 . 2014-05-13 15:01        271360        ----a-w-        c:\windows\SysWow64\TomsMoComp_ff.dll
2014-05-13 15:00 . 2014-05-13 15:00        99840        ----a-w-        c:\windows\SysWow64\ff_wmv9.dll
2014-05-13 15:00 . 2014-05-13 15:00        157184        ----a-w-        c:\windows\SysWow64\ff_unrar.dll
2014-05-13 15:00 . 2014-05-13 15:00        211968        ----a-w-        c:\windows\SysWow64\ff_libdts.dll
2014-05-13 15:00 . 2014-05-13 15:00        1525760        ----a-w-        c:\windows\SysWow64\ff_samplerate.dll
2014-05-13 15:00 . 2014-05-13 15:00        147456        ----a-w-        c:\windows\SysWow64\ff_libmad.dll
2014-05-13 15:00 . 2014-05-13 15:00        114688        ----a-w-        c:\windows\SysWow64\ff_liba52.dll
2014-05-13 15:00 . 2014-05-13 15:00        136704        ----a-w-        c:\windows\SysWow64\libmpeg2_ff.dll
2014-05-06 03:07 . 2014-05-17 21:57        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-05-01 16:02 . 2014-05-01 16:02        428792        ----a-w-        c:\windows\system32\cdxareader.ax
2014-05-01 15:56 . 2014-05-01 15:56        368888        ----a-w-        c:\windows\SysWow64\cdxareader.ax
2014-04-12 02:12 . 2014-05-17 11:48        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-17 11:48        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-04-08 20:50 . 2014-04-08 20:50        235520        ----a-w-        c:\windows\SysWow64\xvidvfw.dll
2014-04-08 20:50 . 2014-04-08 20:50        632320        ----a-w-        c:\windows\SysWow64\xvidcore.dll
2014-04-08 15:30 . 2014-04-08 15:30        7682192        ----a-w-        c:\windows\system32\avcodec-lav-55.dll
2014-04-08 15:30 . 2014-04-08 15:30        570512        ----a-w-        c:\windows\system32\LAVSplitter.ax
2014-04-08 15:30 . 2014-04-08 15:30        441488        ----a-w-        c:\windows\system32\IntelQuickSyncDecoder.dll
2014-04-08 15:30 . 2014-04-08 15:30        430736        ----a-w-        c:\windows\system32\swscale-lav-2.dll
2014-04-08 15:30 . 2014-04-08 15:30        401040        ----a-w-        c:\windows\system32\avutil-lav-52.dll
2014-04-08 15:30 . 2014-04-08 15:30        302224        ----a-w-        c:\windows\system32\LAVAudio.ax
2014-04-08 15:30 . 2014-04-08 15:30        286352        ----a-w-        c:\windows\system32\libbluray.dll
2014-04-08 15:30 . 2014-04-08 15:30        250512        ----a-w-        c:\windows\system32\avfilter-lav-4.dll
2014-04-08 15:30 . 2014-04-08 15:30        161424        ----a-w-        c:\windows\system32\avresample-lav-1.dll
2014-04-08 15:30 . 2014-04-08 15:30        1251984        ----a-w-        c:\windows\system32\avformat-lav-55.dll
2014-04-08 15:30 . 2014-04-08 15:30        1109136        ----a-w-        c:\windows\system32\LAVVideo.ax
2014-04-08 15:29 . 2014-04-08 15:29        411280        ----a-w-        c:\windows\SysWow64\swscale-lav-2.dll
2014-04-08 15:29 . 2014-04-08 15:29        238736        ----a-w-        c:\windows\SysWow64\libbluray.dll
2014-04-08 15:29 . 2014-04-08 15:29        934544        ----a-w-        c:\windows\SysWow64\LAVVideo.ax
2014-04-08 15:29 . 2014-04-08 15:29        7186064        ----a-w-        c:\windows\SysWow64\avcodec-lav-55.dll
2014-04-08 15:29 . 2014-04-08 15:29        478864        ----a-w-        c:\windows\SysWow64\LAVSplitter.ax
2014-04-08 15:29 . 2014-04-08 15:29        412304        ----a-w-        c:\windows\SysWow64\avutil-lav-52.dll
2014-04-08 15:29 . 2014-04-08 15:29        344720        ----a-w-        c:\windows\SysWow64\IntelQuickSyncDecoder.dll
2014-04-08 15:29 . 2014-04-08 15:29        263824        ----a-w-        c:\windows\SysWow64\LAVAudio.ax
2014-04-08 15:29 . 2014-04-08 15:29        241296        ----a-w-        c:\windows\SysWow64\avfilter-lav-4.dll
2014-04-08 15:29 . 2014-04-08 15:29        152208        ----a-w-        c:\windows\SysWow64\avresample-lav-1.dll
2014-04-08 15:29 . 2014-04-08 15:29        1293456        ----a-w-        c:\windows\SysWow64\avformat-lav-55.dll
2014-03-31 20:46 . 2014-03-31 20:46        130712        ----a-w-        c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46        1070232        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2009-04-08 17:31 . 2009-04-08 17:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-29 18:45        220632        ----a-w-        c:\users\Elias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-29 18:45        220632        ----a-w-        c:\users\Elias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-29 18:45        220632        ----a-w-        c:\users\Elias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-10 3077528]
"Akamai NetSession Interface"="c:\users\Elias\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"GoogleChromeAutoLaunch_ADF2EF7A9169565BE50E52E39FE78F03"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-05-13 860488]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-27 737872]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
.
c:\users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2014-5-20 48688]
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe -d [2011-11-3 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2011-11-03 00:52        72248        ----a-w-        c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2011-11-03 00:52        3054136        ----a-w-        c:\windows\AsScrPro.exe
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [x]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 X6va005;X6va005;c:\users\Elias\AppData\Local\Temp\0053A90.tmp;c:\users\Elias\AppData\Local\Temp\0053A90.tmp [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys;c:\windows\SYSNATIVE\drivers\WinisoCDBus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 17:54        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000Core.job
- c:\users\Elias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 14:35]
.
2014-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000UA.job
- c:\users\Elias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 14:35]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-07 20:52]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-07 20:52]
.
2014-06-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-05-29 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 10:25]
.
2014-06-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:51]
.
2014-06-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2014-06-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-29 18:45        244696        ----a-w-        c:\users\Elias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-29 18:45        244696        ----a-w-        c:\users\Elias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-29 18:45        244696        ----a-w-        c:\users\Elias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - ExtSQL: !HIDDEN! 2012-12-16 20:42; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ActosKezej - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk - c:\windows\SysWOW64\C2MP\TrayMenu.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-Akamai - c:\program files (x86)\Common Files\Akamai\uninstall.exe
AddRemove-DVDVideoSoftTB Toolbar - c:\program files (x86)\DVDVideoSoftTB\uninstall.exe
AddRemove-RESIDENT EVIL - d:\resident evil\Uninstall.exe
AddRemove-Rune_is1 - d:\r.g. catalyst\Rune\uninstall\unins000.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-«Aliens versus Predator»_is1 - d:\games\R.G. Catalyst\Aliens versus Predator\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Elias\AppData\Local\Temp\0053A90.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,cf,bf,6a,cb,5a,76,49,a6,33,e2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,cf,bf,6a,cb,5a,76,49,a6,33,e2,\
.
[HKEY_USERS\S-1-5-21-1230764542-2489123228-2413629413-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:cf,06,5f,64,45,cb,d7,83,1f,39,9e,77,3b,bc,7f,91,ce,7d,81,11,6d,7e,37,
  07,7b,3b,e0,e3,61,58,d3,45,f7,19,8a,b3,62,5c,da,7b,fc,fa,b8,22,12,ea,6e,d7,\
"??"=hex:3d,de,ff,80,7e,74,6c,e6,85,f2,79,6e,25,b0,a9,db
.
[HKEY_USERS\S-1-5-21-1230764542-2489123228-2413629413-1000\Software\SecuROM\License information*]
"datasecu"=hex:bd,52,19,d1,ff,9c,ff,68,c8,9f,cd,d6,e3,5f,32,71,fb,ff,b7,f5,d0,
  d9,06,af,93,99,d2,7c,42,a1,64,95,cd,36,d5,0b,a2,0f,e5,76,4b,0f,53,04,ce,14,\
"rkeysecu"=hex:78,95,80,70,3c,f2,af,47,c4,73,23,4b,d9,0d,08,c5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-09  22:36:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-09 20:36
.
Vor Suchlauf: 14 Verzeichnis(se), 93.274.238.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 103.724.564.480 Bytes frei
.
- - End Of File - - 2F8DE4BAC608391F2462AD8C07380F37
--- --- ---
5C616939100B85E558DA92B899A0FC36

[/CODE]

Wie soll ich nun mit der angezeigten Log-File verfahren? Kann ich sie einfach schließen oder soll ich sie abspeichern?

Mit freundlichen Grüßen,
pcguy10

schrauber 10.06.2014 18:35
einfach schliessen :)

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

pcguy10 11.06.2014 09:40
Hallo schrauber,

hier sind die angeforderten Log-Files:

mbam.txt:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.06.2014
Suchlauf-Zeit: 23:01:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.10.07
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Elias

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 322211
Verstrichene Zeit: 40 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
PUP.Optional.Softonic.A, HKU\S-1-5-21-1230764542-2489123228-2413629413-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, In Quarantäne, [0cc388ee90eb64d26d10ad8fcf33cc34],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1230764542-2489123228-2413629413-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, In Quarantäne, [0cc388ee90eb64d26d10ad8fcf33cc34],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1230764542-2489123228-2413629413-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, In Quarantäne, [c708185e3546063097e755e728dae020],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1230764542-2489123228-2413629413-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, In Quarantäne, [c708185e3546063097e755e728dae020],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner[S1].txt:
AdwCleaner Logfile:
Code:
# AdwCleaner v3.212 - Bericht erstellt am 11/06/2014 um 00:02:50
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Elias - PC-ELIAS
# Gestartet von : C:\Users\Elias\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\Elias\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Elias\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Windows\Tasks\paretologic registration3.job
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic registration3
Datei Gelöscht : C:\Windows\Tasks\paretologic update version3.job
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic update version3
Datei Gelöscht : C:\Windows\Tasks\PC Health Advisor Defrag.job
Datei Gelöscht : C:\Windows\System32\Tasks\PC Health Advisor Defrag
Datei Gelöscht : C:\Windows\Tasks\PC Health Advisor.job
Datei Gelöscht : C:\Windows\System32\Tasks\PC Health Advisor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\rpcmhgal.default\prefs.js ]


[ Datei : C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp

*************************

AdwCleaner[R0].txt - [24235 octets] - [25/04/2014 12:06:11]
AdwCleaner[R1].txt - [2706 octets] - [10/06/2014 23:59:23]
AdwCleaner[S0].txt - [22411 octets] - [25/04/2014 12:11:48]
AdwCleaner[S1].txt - [2573 octets] - [11/06/2014 00:02:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2633 octets] ##########
--- --- ---

[/CODE]

JRT.txt:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Elias on 11.06.2014 at 10:11:39,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Elias\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Elias\AppData\Roaming\mozilla\firefox\profiles\2frlzdjb.default\minidumps [401 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2014 at 10:22:33,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
Ran by Elias (administrator) on PC-ELIAS on 11-06-2014 10:26:39
Running from C:\Users\Elias\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Akamai Technologies, Inc.) C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-12] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-10] ()
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [GoogleChromeAutoLaunch_ADF2EF7A9169565BE50E52E39FE78F03] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2169D8548899CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default
FF NewTab: about:blank
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Elias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Elias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-09]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: de.yahoo.com
CHR DefaultSearchProvider: Yahoo! Deutschland
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Elias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (No Name) - C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-11-02]
CHR Extension: (Google Wallet) - C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
S2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-08-30] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-08-30] ()
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-07-20] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-07-20] ()
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [66560 2005-05-17] (Protection Technology) [File not signed]
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-11-04] (Duplex Secure Ltd.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2012-10-27] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-01-23] (WinISO.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\Elias\AppData\Local\Temp\0053A90.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 10:26 - 2014-06-11 10:26 - 00016761 _____ () C:\Users\Elias\Desktop\FRST.txt
2014-06-11 10:25 - 2014-06-11 10:25 - 00000000 ____D () C:\Users\Elias\Desktop\FRST-OlderVersion
2014-06-11 10:22 - 2014-06-11 10:22 - 00000957 _____ () C:\Users\Elias\Desktop\JRT.txt
2014-06-11 10:11 - 2014-06-11 10:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-10 23:58 - 2014-06-10 23:58 - 00002182 _____ () C:\Users\Elias\Desktop\mbam.txt
2014-06-10 22:57 - 2014-06-10 23:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:57 - 2014-06-10 22:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:57 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Elias\Desktop\Programme
2014-06-10 22:48 - 2014-06-10 22:48 - 01016261 _____ (Thisisu) C:\Users\Elias\Desktop\JRT.exe
2014-06-10 22:47 - 2014-06-10 22:47 - 01333465 _____ () C:\Users\Elias\Desktop\adwcleaner_3.212.exe
2014-06-10 22:45 - 2014-06-10 22:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Elias\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 22:36 - 2014-06-09 22:36 - 00027538 _____ () C:\ComboFix.txt
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\temp
2014-06-09 21:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-09 21:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-09 21:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-09 21:49 - 2014-06-09 22:36 - 00000000 ____D () C:\Qoobox
2014-06-09 21:48 - 2014-06-09 22:33 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 21:19 - 2014-06-09 21:20 - 05205664 ____R (Swearware) C:\Users\Elias\Desktop\ComboFix.exe
2014-06-09 15:53 - 2014-06-09 15:53 - 00012230 _____ () C:\Users\Elias\Desktop\Gmer.txt
2014-06-09 15:02 - 2014-06-11 10:26 - 00000000 ____D () C:\FRST
2014-06-09 14:38 - 2014-06-09 14:38 - 00000652 _____ () C:\Users\Elias\Desktop\defogger_disable.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000188 _____ () C:\Users\Elias\defogger_reenable
2014-06-09 12:29 - 2014-06-11 00:40 - 00000000 ____D () C:\Users\Elias\Desktop\SystemRestore
2014-06-09 12:28 - 2014-06-09 12:28 - 00380416 _____ () C:\Users\Elias\Desktop\Gmer-19357.exe
2014-06-09 12:26 - 2014-06-11 10:25 - 02081792 _____ (Farbar) C:\Users\Elias\Desktop\FRST64.exe
2014-06-09 12:25 - 2014-06-09 12:25 - 00050477 _____ () C:\Users\Elias\Desktop\Defogger.exe
2014-06-08 15:23 - 2014-06-08 15:23 - 00001103 _____ () C:\Users\Elias\Desktop\ParetoLogic PC Health Advisor.lnk
2014-06-08 15:21 - 2014-06-08 15:21 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Elias\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 14:21 - 2014-06-09 22:16 - 00003106 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-06-01 21:23 - 2014-06-01 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2014-05-28 23:31 - 2014-05-28 23:31 - 00000000 ____D () C:\ProgramData\The Learning Company
2014-05-28 23:31 - 2002-05-07 07:09 - 00274432 _____ (Riverdeep Interactive Learning Limited) C:\Windows\TLCUNINSTALL.EXE
2014-05-28 23:29 - 2014-05-28 23:29 - 00000000 _____ () C:\Windows\SETUP32.INI
2014-05-26 14:01 - 2014-05-26 14:01 - 00000969 _____ () C:\Users\Elias\Desktop\Batman - Vengeance.lnk
2014-05-23 20:10 - 2014-05-23 20:12 - 23424432 _____ (Windows 7 - Codec Pack) C:\Users\Elias\Downloads\windows.7.codec.pack.v4.0.9.setup.exe
2014-05-20 15:02 - 2014-05-20 15:02 - 00045384 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-19 22:37 - 2014-05-19 22:40 - 39620653 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad - The Infinity Gauntlet.7z
2014-05-19 22:32 - 2014-05-19 22:34 - 11027425 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad.7z
2014-05-18 21:27 - 2014-05-18 21:27 - 00004096 _____ () C:\Windows\d3dx.dat
2014-05-18 20:48 - 2014-05-18 20:48 - 00004161 _____ () C:\Users\Elias\AppData\Local\recently-used.xbel
2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Elias\.thumbnails
2014-05-17 23:57 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 23:57 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 23:57 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 23:57 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 23:57 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 23:57 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 13:48 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 13:48 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 13:48 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 13:48 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 13:48 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-17 13:48 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-17 13:48 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-17 13:48 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-17 13:48 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 13:48 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 13:48 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 13:48 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 13:48 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 13:48 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-17 13:48 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 04374528 _____ () C:\Windows\system32\ffdshow.ax
2014-05-13 17:05 - 2014-05-13 17:05 - 04009984 _____ () C:\Windows\system32\ffmpeg.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 00474624 _____ () C:\Windows\system32\ff_kernelDeint.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 01532928 _____ () C:\Windows\system32\ff_samplerate.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00631296 _____ () C:\Windows\system32\TomsMoComp_ff.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00222720 _____ () C:\Windows\system32\ff_libdts.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00190464 _____ () C:\Windows\system32\libmpeg2_ff.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00183296 _____ () C:\Windows\system32\ff_unrar.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00156672 _____ () C:\Windows\system32\ff_libmad.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00116224 _____ () C:\Windows\system32\ff_liba52.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00114688 _____ () C:\Windows\system32\ff_wmv9.dll
2014-05-13 17:02 - 2014-05-13 17:02 - 03916288 _____ () C:\Windows\SysWOW64\ffmpeg.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 03502592 _____ () C:\Windows\SysWOW64\ffdshow.ax
2014-05-13 17:01 - 2014-05-13 17:01 - 00271360 _____ () C:\Windows\SysWOW64\TomsMoComp_ff.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 01525760 _____ () C:\Windows\SysWOW64\ff_samplerate.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00211968 _____ () C:\Windows\SysWOW64\ff_libdts.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00157184 _____ () C:\Windows\SysWOW64\ff_unrar.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00147456 _____ () C:\Windows\SysWOW64\ff_libmad.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00136704 _____ () C:\Windows\SysWOW64\libmpeg2_ff.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00114688 _____ () C:\Windows\SysWOW64\ff_liba52.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00099840 _____ () C:\Windows\SysWOW64\ff_wmv9.dll

==================== One Month Modified Files and Folders =======

2014-06-11 10:27 - 2014-06-11 10:26 - 00016761 _____ () C:\Users\Elias\Desktop\FRST.txt
2014-06-11 10:27 - 2011-11-02 19:30 - 00000000 ____D () C:\Users\Elias\AppData\Local\Temp
2014-06-11 10:26 - 2014-06-09 15:02 - 00000000 ____D () C:\FRST
2014-06-11 10:25 - 2014-06-11 10:25 - 00000000 ____D () C:\Users\Elias\Desktop\FRST-OlderVersion
2014-06-11 10:25 - 2014-06-09 12:26 - 02081792 _____ (Farbar) C:\Users\Elias\Desktop\FRST64.exe
2014-06-11 10:22 - 2014-06-11 10:22 - 00000957 _____ () C:\Users\Elias\Desktop\JRT.txt
2014-06-11 10:11 - 2014-06-11 10:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 09:49 - 2011-11-07 22:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 09:40 - 2011-11-11 20:28 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000UA.job
2014-06-11 09:39 - 2011-11-10 21:30 - 00000000 ____D () C:\Users\Elias\AppData\Local\PMB Files
2014-06-11 00:40 - 2014-06-09 12:29 - 00000000 ____D () C:\Users\Elias\Desktop\SystemRestore
2014-06-11 00:38 - 2013-12-26 23:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-11 00:25 - 2011-11-03 02:35 - 01820768 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 00:21 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 00:21 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 00:07 - 2011-11-07 22:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 00:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 00:06 - 2009-07-14 06:51 - 00396061 _____ () C:\Windows\setupact.log
2014-06-11 00:05 - 2011-11-02 20:37 - 00048890 _____ () C:\Windows\PFRO.log
2014-06-11 00:03 - 2014-04-25 12:06 - 00000000 ____D () C:\AdwCleaner
2014-06-10 23:58 - 2014-06-10 23:58 - 00002182 _____ () C:\Users\Elias\Desktop\mbam.txt
2014-06-10 23:54 - 2014-06-10 22:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:57 - 2014-06-10 22:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Elias\Desktop\Programme
2014-06-10 22:48 - 2014-06-10 22:48 - 01016261 _____ (Thisisu) C:\Users\Elias\Desktop\JRT.exe
2014-06-10 22:47 - 2014-06-10 22:47 - 01333465 _____ () C:\Users\Elias\Desktop\adwcleaner_3.212.exe
2014-06-10 22:46 - 2014-06-10 22:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Elias\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-10 22:22 - 2011-11-11 20:28 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000Core.job
2014-06-09 22:36 - 2014-06-09 22:36 - 00027538 _____ () C:\ComboFix.txt
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 21:49 - 00000000 ____D () C:\Qoobox
2014-06-09 22:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-09 22:33 - 2014-06-09 21:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 22:33 - 2011-11-02 19:36 - 00000000 ___RD () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 22:33 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 22:21 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-09 22:16 - 2014-06-05 14:21 - 00003106 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-06-09 22:11 - 2013-11-02 18:31 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-06-09 22:11 - 2013-11-02 14:04 - 00000000 ____D () C:\Program Files (x86)\Warner Bros. Digital Copy Manager
2014-06-09 22:11 - 2012-02-25 19:15 - 00000000 __SHD () C:\Users\Elias\AppData\Local\7fe5b999
2014-06-09 21:20 - 2014-06-09 21:19 - 05205664 ____R (Swearware) C:\Users\Elias\Desktop\ComboFix.exe
2014-06-09 15:53 - 2014-06-09 15:53 - 00012230 _____ () C:\Users\Elias\Desktop\Gmer.txt
2014-06-09 14:38 - 2014-06-09 14:38 - 00000652 _____ () C:\Users\Elias\Desktop\defogger_disable.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000188 _____ () C:\Users\Elias\defogger_reenable
2014-06-09 14:38 - 2011-11-02 19:30 - 00000000 ____D () C:\Users\Elias
2014-06-09 12:28 - 2014-06-09 12:28 - 00380416 _____ () C:\Users\Elias\Desktop\Gmer-19357.exe
2014-06-09 12:25 - 2014-06-09 12:25 - 00050477 _____ () C:\Users\Elias\Desktop\Defogger.exe
2014-06-08 15:23 - 2014-06-08 15:23 - 00001103 _____ () C:\Users\Elias\Desktop\ParetoLogic PC Health Advisor.lnk
2014-06-08 15:21 - 2014-06-08 15:21 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Elias\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-06 21:06 - 2011-11-10 00:12 - 00000000 ____D () C:\Users\Elias\Documents\1.) Eigene Dokumente
2014-06-06 21:06 - 2009-08-04 11:51 - 00709252 _____ () C:\Windows\system32\perfh007.dat
2014-06-06 21:06 - 2009-08-04 11:51 - 00153852 _____ () C:\Windows\system32\perfc007.dat
2014-06-06 21:06 - 2009-07-14 07:13 - 01642148 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 19:50 - 2013-08-27 23:17 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\FreeVideoConverter
2014-06-05 15:43 - 2013-12-27 00:08 - 00000000 ____D () C:\ProgramData\Origin
2014-06-05 15:29 - 2013-12-27 00:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-01 22:39 - 2011-11-05 17:17 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 22:38 - 2011-11-30 18:36 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-01 22:38 - 2011-11-30 18:36 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-01 22:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 21:39 - 2014-06-01 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2014-05-29 02:16 - 2014-04-25 13:00 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-05-29 00:33 - 2014-04-25 13:00 - 00003254 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version2
2014-05-28 23:31 - 2014-05-28 23:31 - 00000000 ____D () C:\ProgramData\The Learning Company
2014-05-28 23:29 - 2014-05-28 23:29 - 00000000 _____ () C:\Windows\SETUP32.INI
2014-05-28 23:24 - 2011-11-03 02:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-27 15:26 - 2013-08-09 15:51 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 15:26 - 2013-08-09 15:51 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 23:12 - 2012-01-28 17:56 - 00000000 ____D () C:\Users\Elias\Filme
2014-05-26 14:01 - 2014-05-26 14:01 - 00000969 _____ () C:\Users\Elias\Desktop\Batman - Vengeance.lnk
2014-05-23 20:12 - 2014-05-23 20:10 - 23424432 _____ (Windows 7 - Codec Pack) C:\Users\Elias\Downloads\windows.7.codec.pack.v4.0.9.setup.exe
2014-05-20 15:02 - 2014-05-20 15:02 - 00045384 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-19 22:40 - 2014-05-19 22:37 - 39620653 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad - The Infinity Gauntlet.7z
2014-05-19 22:34 - 2014-05-19 22:32 - 11027425 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad.7z
2014-05-18 21:27 - 2014-05-18 21:27 - 00004096 _____ () C:\Windows\d3dx.dat
2014-05-18 20:48 - 2014-05-18 20:48 - 00004161 _____ () C:\Users\Elias\AppData\Local\recently-used.xbel
2014-05-18 20:48 - 2013-08-30 18:40 - 00000000 ____D () C:\Users\Elias\.gimp-2.8
2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Elias\.thumbnails
2014-05-18 12:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 09:39 - 2011-11-02 19:36 - 00000000 ___RD () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 23:57 - 2011-11-05 10:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 14:09 - 2012-04-03 14:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 14:09 - 2011-11-05 11:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 13:07 - 2012-09-27 17:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 17:05 - 2014-05-13 17:05 - 04374528 _____ () C:\Windows\system32\ffdshow.ax
2014-05-13 17:05 - 2014-05-13 17:05 - 04009984 _____ () C:\Windows\system32\ffmpeg.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 00474624 _____ () C:\Windows\system32\ff_kernelDeint.dll
2014-05-13 17:05 - 2014-05-13 17:05 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 01532928 _____ () C:\Windows\system32\ff_samplerate.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00631296 _____ () C:\Windows\system32\TomsMoComp_ff.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00222720 _____ () C:\Windows\system32\ff_libdts.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00190464 _____ () C:\Windows\system32\libmpeg2_ff.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00183296 _____ () C:\Windows\system32\ff_unrar.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00156672 _____ () C:\Windows\system32\ff_libmad.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00116224 _____ () C:\Windows\system32\ff_liba52.dll
2014-05-13 17:04 - 2014-05-13 17:04 - 00114688 _____ () C:\Windows\system32\ff_wmv9.dll
2014-05-13 17:02 - 2014-05-13 17:02 - 03916288 _____ () C:\Windows\SysWOW64\ffmpeg.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 03502592 _____ () C:\Windows\SysWOW64\ffdshow.ax
2014-05-13 17:01 - 2014-05-13 17:01 - 00271360 _____ () C:\Windows\SysWOW64\TomsMoComp_ff.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 01525760 _____ () C:\Windows\SysWOW64\ff_samplerate.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00211968 _____ () C:\Windows\SysWOW64\ff_libdts.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00157184 _____ () C:\Windows\SysWOW64\ff_unrar.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00147456 _____ () C:\Windows\SysWOW64\ff_libmad.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00136704 _____ () C:\Windows\SysWOW64\libmpeg2_ff.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00114688 _____ () C:\Windows\SysWOW64\ff_liba52.dll
2014-05-13 17:00 - 2014-05-13 17:00 - 00099840 _____ () C:\Windows\SysWOW64\ff_wmv9.dll
2014-05-12 07:26 - 2014-06-10 22:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-10 22:57 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-10 22:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

ZeroAccess:
C:\Windows\System32\consrv.dll

ZeroAccess:
C:\Users\Elias\AppData\Local\7fe5b999
C:\Users\Elias\AppData\Local\7fe5b999\@
C:\Users\Elias\AppData\Local\7fe5b999\loader.tlb

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe


Some content of TEMP:
====================
C:\Users\Elias\AppData\Local\Temp\avgnt.exe
C:\Users\Elias\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 10:23

==================== End Of Log ============================
--- --- ---


Mit freundlichen Grüßen,
pcguy10

schrauber 12.06.2014 05:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

pcguy10 13.06.2014 09:33
Hallo schrauber,

bitte entschuldige, dass ich mich jetzt erst melde. Der ESET Online Scan hat einige Zeit in Anspruch genommen. Außerdem ist mir bei der Ausführung des Programms etwas Seltsames passiert. Du hast in der Beschreibung geschrieben, dass ich das Fenster nach der Vollendung des Scans schließen soll. Dazu bekam ich allerdings nicht die Gelegenheit. Wie ich bereits sagte, hat der Scan eine ganze Weile gedauert und ich habe ihn nicht die ganze Zeit beobachtet. Als ich dann einmal nachgesehen habe, hatte sich der Computer neu gestartet. Ist da jetzt etwas schief gelaufen oder kann das vorkommen?

Jedenfalls sind hier die Log-Files:

ESET Online Scanner:
Code:
ESETSmartInstaller@High as downloader log:
all ok
Allerdings finde ich die Aussage "all ok" etwas merkwürdig, da mir während des Scans 34 infizierte Dateien angezeigt wurden. Darunter erkannte ich aber nur irgendwelche Toolbars und Dateien in Quarantäne von AdwCleaner. Ich weiß nicht, ob vielleicht noch was anderes dabei war.

checkup.txt:
Code:
Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 31 
 Java version out of Date!
 Adobe Flash Player 13.0.0.214 
 Adobe Reader XI 
 Mozilla Firefox (29.0.1)
 Mozilla Thunderbird (7.0.1) Thunderbird out of Date! 
 Google Chrome 35.0.1916.114 
 Google Chrome 35.0.1916.153 
 Google Chrome Plugins... 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST.txt:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
Ran by Elias (administrator) on PC-ELIAS on 13-06-2014 10:19:57
Running from C:\Users\Elias\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-12] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-10] ()
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [GoogleChromeAutoLaunch_ADF2EF7A9169565BE50E52E39FE78F03] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2169D8548899CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default
FF NewTab: about:blank
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Elias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Elias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-09]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: de.yahoo.com
CHR DefaultSearchProvider: Yahoo! Deutschland
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Elias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (No Name) - C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-11-02]
CHR Extension: (Google Wallet) - C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
S2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-08-30] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-08-30] ()
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-07-20] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-07-20] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [66560 2005-05-17] (Protection Technology) [File not signed]
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-11-04] (Duplex Secure Ltd.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2012-10-27] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-01-23] (WinISO.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\Elias\AppData\Local\Temp\0053A90.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-13 10:19 - 2014-06-13 10:19 - 00016888 _____ () C:\Users\Elias\Desktop\FRST.txt
2014-06-13 10:19 - 2014-06-13 10:19 - 00000995 _____ () C:\Users\Elias\Desktop\checkup.txt
2014-06-12 14:09 - 2014-06-12 14:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-12 13:23 - 2014-06-12 13:23 - 00854367 _____ () C:\Users\Elias\Desktop\SecurityCheck.exe
2014-06-12 13:22 - 2014-06-12 13:22 - 02347384 _____ (ESET) C:\Users\Elias\Desktop\esetsmartinstaller_deu.exe
2014-06-12 13:05 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:05 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:05 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:05 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:05 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 13:05 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 13:05 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:05 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:05 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 13:05 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:05 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 13:05 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:05 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 13:05 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 13:05 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:05 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 13:05 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 13:05 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 13:05 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:05 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 13:05 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:05 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 13:05 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 13:05 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 13:05 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 13:05 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 13:05 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 13:05 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 13:05 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 13:05 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 13:05 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:05 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 13:05 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 13:05 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:05 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 13:05 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 13:05 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 13:05 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 13:05 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 13:05 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 13:05 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 13:05 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:05 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 13:05 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 13:05 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 13:05 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:05 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 13:05 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:05 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 13:05 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 13:05 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:05 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 13:05 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:05 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 13:05 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:05 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 13:05 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:05 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 13:05 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 13:05 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 13:05 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 13:05 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 13:05 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 13:05 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 13:05 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 10:25 - 2014-06-11 10:25 - 00000000 ____D () C:\Users\Elias\Desktop\FRST-OlderVersion
2014-06-11 10:22 - 2014-06-11 10:22 - 00000957 _____ () C:\Users\Elias\Desktop\JRT.txt
2014-06-11 10:11 - 2014-06-11 10:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-10 23:58 - 2014-06-10 23:58 - 00002182 _____ () C:\Users\Elias\Desktop\mbam.txt
2014-06-10 22:57 - 2014-06-10 23:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:57 - 2014-06-10 22:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:57 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Elias\Desktop\Programme
2014-06-10 22:48 - 2014-06-10 22:48 - 01016261 _____ (Thisisu) C:\Users\Elias\Desktop\JRT.exe
2014-06-10 22:47 - 2014-06-10 22:47 - 01333465 _____ () C:\Users\Elias\Desktop\adwcleaner_3.212.exe
2014-06-10 22:45 - 2014-06-10 22:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Elias\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 22:36 - 2014-06-09 22:36 - 00027538 _____ () C:\ComboFix.txt
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\temp
2014-06-09 21:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-09 21:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-09 21:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-09 21:49 - 2014-06-09 22:36 - 00000000 ____D () C:\Qoobox
2014-06-09 21:48 - 2014-06-09 22:33 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 21:19 - 2014-06-09 21:20 - 05205664 ____R (Swearware) C:\Users\Elias\Desktop\ComboFix.exe
2014-06-09 15:53 - 2014-06-09 15:53 - 00012230 _____ () C:\Users\Elias\Desktop\Gmer.txt
2014-06-09 15:02 - 2014-06-13 10:20 - 00000000 ____D () C:\FRST
2014-06-09 14:38 - 2014-06-09 14:38 - 00000652 _____ () C:\Users\Elias\Desktop\defogger_disable.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000188 _____ () C:\Users\Elias\defogger_reenable
2014-06-09 12:29 - 2014-06-13 10:19 - 00000000 ____D () C:\Users\Elias\Desktop\SystemRestore
2014-06-09 12:28 - 2014-06-09 12:28 - 00380416 _____ () C:\Users\Elias\Desktop\Gmer-19357.exe
2014-06-09 12:26 - 2014-06-11 10:25 - 02081792 _____ (Farbar) C:\Users\Elias\Desktop\FRST64.exe
2014-06-09 12:25 - 2014-06-09 12:25 - 00050477 _____ () C:\Users\Elias\Desktop\Defogger.exe
2014-06-08 15:23 - 2014-06-08 15:23 - 00001103 _____ () C:\Users\Elias\Desktop\ParetoLogic PC Health Advisor.lnk
2014-06-08 15:21 - 2014-06-08 15:21 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Elias\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 14:21 - 2014-06-09 22:16 - 00003106 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-06-01 21:23 - 2014-06-01 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2014-05-28 23:31 - 2014-05-28 23:31 - 00000000 ____D () C:\ProgramData\The Learning Company
2014-05-28 23:31 - 2002-05-07 07:09 - 00274432 _____ (Riverdeep Interactive Learning Limited) C:\Windows\TLCUNINSTALL.EXE
2014-05-28 23:29 - 2014-05-28 23:29 - 00000000 _____ () C:\Windows\SETUP32.INI
2014-05-26 14:01 - 2014-05-26 14:01 - 00000969 _____ () C:\Users\Elias\Desktop\Batman - Vengeance.lnk
2014-05-23 20:10 - 2014-05-23 20:12 - 23424432 _____ (Windows 7 - Codec Pack) C:\Users\Elias\Downloads\windows.7.codec.pack.v4.0.9.setup.exe
2014-05-20 15:02 - 2014-05-20 15:02 - 00045384 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-19 22:37 - 2014-05-19 22:40 - 39620653 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad - The Infinity Gauntlet.7z
2014-05-19 22:32 - 2014-05-19 22:34 - 11027425 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad.7z
2014-05-18 21:27 - 2014-05-18 21:27 - 00004096 _____ () C:\Windows\d3dx.dat
2014-05-18 20:48 - 2014-05-18 20:48 - 00004161 _____ () C:\Users\Elias\AppData\Local\recently-used.xbel
2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Elias\.thumbnails
2014-05-17 13:48 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 13:48 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 13:48 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 13:48 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 13:48 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-17 13:48 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-17 13:48 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-17 13:48 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-17 13:48 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 13:48 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 13:48 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 13:48 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 13:48 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 13:48 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-17 13:48 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-13 10:21 - 2011-11-10 21:30 - 00000000 ____D () C:\Users\Elias\AppData\Local\PMB Files
2014-06-13 10:20 - 2014-06-13 10:19 - 00016888 _____ () C:\Users\Elias\Desktop\FRST.txt
2014-06-13 10:20 - 2014-06-09 15:02 - 00000000 ____D () C:\FRST
2014-06-13 10:20 - 2011-11-02 19:30 - 00000000 ____D () C:\Users\Elias\AppData\Local\Temp
2014-06-13 10:19 - 2014-06-13 10:19 - 00000995 _____ () C:\Users\Elias\Desktop\checkup.txt
2014-06-13 10:19 - 2014-06-09 12:29 - 00000000 ____D () C:\Users\Elias\Desktop\SystemRestore
2014-06-13 10:02 - 2013-12-26 23:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-13 09:59 - 2011-11-03 02:35 - 01963729 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 09:49 - 2011-11-07 22:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 07:40 - 2011-11-11 20:28 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000UA.job
2014-06-13 04:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 04:44 - 2011-11-07 22:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 03:39 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 03:39 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 03:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 03:30 - 2009-07-14 06:51 - 00396117 _____ () C:\Windows\setupact.log
2014-06-13 03:10 - 2011-11-05 10:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 16:41 - 2011-11-11 20:28 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000Core.job
2014-06-12 14:09 - 2014-06-12 14:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-12 13:23 - 2014-06-12 13:23 - 00854367 _____ () C:\Users\Elias\Desktop\SecurityCheck.exe
2014-06-12 13:22 - 2014-06-12 13:22 - 02347384 _____ (ESET) C:\Users\Elias\Desktop\esetsmartinstaller_deu.exe
2014-06-12 13:20 - 2009-08-04 11:51 - 00709252 _____ () C:\Windows\system32\perfh007.dat
2014-06-12 13:20 - 2009-08-04 11:51 - 00153852 _____ () C:\Windows\system32\perfc007.dat
2014-06-12 13:20 - 2009-07-14 07:13 - 01642148 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 12:26 - 2014-04-25 13:00 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-06-11 10:25 - 2014-06-11 10:25 - 00000000 ____D () C:\Users\Elias\Desktop\FRST-OlderVersion
2014-06-11 10:25 - 2014-06-09 12:26 - 02081792 _____ (Farbar) C:\Users\Elias\Desktop\FRST64.exe
2014-06-11 10:22 - 2014-06-11 10:22 - 00000957 _____ () C:\Users\Elias\Desktop\JRT.txt
2014-06-11 10:11 - 2014-06-11 10:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 00:05 - 2011-11-02 20:37 - 00048890 _____ () C:\Windows\PFRO.log
2014-06-11 00:03 - 2014-04-25 12:06 - 00000000 ____D () C:\AdwCleaner
2014-06-10 23:58 - 2014-06-10 23:58 - 00002182 _____ () C:\Users\Elias\Desktop\mbam.txt
2014-06-10 23:54 - 2014-06-10 22:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:57 - 2014-06-10 22:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Elias\Desktop\Programme
2014-06-10 22:48 - 2014-06-10 22:48 - 01016261 _____ (Thisisu) C:\Users\Elias\Desktop\JRT.exe
2014-06-10 22:47 - 2014-06-10 22:47 - 01333465 _____ () C:\Users\Elias\Desktop\adwcleaner_3.212.exe
2014-06-10 22:46 - 2014-06-10 22:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Elias\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 22:36 - 2014-06-09 22:36 - 00027538 _____ () C:\ComboFix.txt
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 21:49 - 00000000 ____D () C:\Qoobox
2014-06-09 22:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-09 22:33 - 2014-06-09 21:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 22:33 - 2011-11-02 19:36 - 00000000 ___RD () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 22:33 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 22:21 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-09 22:16 - 2014-06-05 14:21 - 00003106 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-06-09 22:11 - 2013-11-02 18:31 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-06-09 22:11 - 2013-11-02 14:04 - 00000000 ____D () C:\Program Files (x86)\Warner Bros. Digital Copy Manager
2014-06-09 22:11 - 2012-02-25 19:15 - 00000000 __SHD () C:\Users\Elias\AppData\Local\7fe5b999
2014-06-09 21:20 - 2014-06-09 21:19 - 05205664 ____R (Swearware) C:\Users\Elias\Desktop\ComboFix.exe
2014-06-09 15:53 - 2014-06-09 15:53 - 00012230 _____ () C:\Users\Elias\Desktop\Gmer.txt
2014-06-09 14:38 - 2014-06-09 14:38 - 00000652 _____ () C:\Users\Elias\Desktop\defogger_disable.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000188 _____ () C:\Users\Elias\defogger_reenable
2014-06-09 14:38 - 2011-11-02 19:30 - 00000000 ____D () C:\Users\Elias
2014-06-09 12:28 - 2014-06-09 12:28 - 00380416 _____ () C:\Users\Elias\Desktop\Gmer-19357.exe
2014-06-09 12:25 - 2014-06-09 12:25 - 00050477 _____ () C:\Users\Elias\Desktop\Defogger.exe
2014-06-08 15:23 - 2014-06-08 15:23 - 00001103 _____ () C:\Users\Elias\Desktop\ParetoLogic PC Health Advisor.lnk
2014-06-08 15:21 - 2014-06-08 15:21 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Elias\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-06 21:06 - 2011-11-10 00:12 - 00000000 ____D () C:\Users\Elias\Documents\1.) Eigene Dokumente
2014-06-05 19:50 - 2013-08-27 23:17 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\FreeVideoConverter
2014-06-05 15:43 - 2013-12-27 00:08 - 00000000 ____D () C:\ProgramData\Origin
2014-06-05 15:29 - 2013-12-27 00:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-01 22:39 - 2011-11-05 17:17 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 22:38 - 2011-11-30 18:36 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-01 22:38 - 2011-11-30 18:36 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-01 22:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 21:39 - 2014-06-01 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2014-05-30 12:21 - 2014-06-12 13:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 13:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 13:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 13:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 13:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 13:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 13:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 13:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 13:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 13:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 13:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 13:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 13:05 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 13:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 13:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 13:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 13:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 13:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 13:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 13:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 13:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 13:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 13:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 13:05 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 13:05 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 13:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 13:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 13:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 13:05 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 13:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 13:05 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 13:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 13:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 13:05 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 13:05 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 13:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 13:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 13:05 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 13:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 13:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 13:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 13:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 13:05 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 13:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 13:05 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 13:05 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 13:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 13:05 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 13:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 13:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 00:33 - 2014-04-25 13:00 - 00003254 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version2
2014-05-28 23:31 - 2014-05-28 23:31 - 00000000 ____D () C:\ProgramData\The Learning Company
2014-05-28 23:29 - 2014-05-28 23:29 - 00000000 _____ () C:\Windows\SETUP32.INI
2014-05-28 23:24 - 2011-11-03 02:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-27 15:26 - 2013-08-09 15:51 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 15:26 - 2013-08-09 15:51 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 23:12 - 2012-01-28 17:56 - 00000000 ____D () C:\Users\Elias\Filme
2014-05-26 14:01 - 2014-05-26 14:01 - 00000969 _____ () C:\Users\Elias\Desktop\Batman - Vengeance.lnk
2014-05-23 20:12 - 2014-05-23 20:10 - 23424432 _____ (Windows 7 - Codec Pack) C:\Users\Elias\Downloads\windows.7.codec.pack.v4.0.9.setup.exe
2014-05-20 15:02 - 2014-05-20 15:02 - 00045384 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-19 22:40 - 2014-05-19 22:37 - 39620653 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad - The Infinity Gauntlet.7z
2014-05-19 22:34 - 2014-05-19 22:32 - 11027425 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad.7z
2014-05-18 21:27 - 2014-05-18 21:27 - 00004096 _____ () C:\Windows\d3dx.dat
2014-05-18 20:48 - 2014-05-18 20:48 - 00004161 _____ () C:\Users\Elias\AppData\Local\recently-used.xbel
2014-05-18 20:48 - 2013-08-30 18:40 - 00000000 ____D () C:\Users\Elias\.gimp-2.8
2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Elias\.thumbnails
2014-05-18 09:39 - 2011-11-02 19:36 - 00000000 ___RD () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 14:09 - 2012-04-03 14:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 14:09 - 2011-11-05 11:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 13:07 - 2012-09-27 17:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

ZeroAccess:
C:\Windows\System32\consrv.dll

ZeroAccess:
C:\Users\Elias\AppData\Local\7fe5b999
C:\Users\Elias\AppData\Local\7fe5b999\@
C:\Users\Elias\AppData\Local\7fe5b999\loader.tlb

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe


Some content of TEMP:
====================
C:\Users\Elias\AppData\Local\Temp\avgnt.exe
C:\Users\Elias\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 10:23

==================== End Of Log ============================
--- --- ---

--- --- ---


Mit freundlichen Grüßen,
pcguy10

schrauber 14.06.2014 08:55
JAva und THunderbird updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ZeroAccess:
C:\Windows\System32\consrv.dll

ZeroAccess:
C:\Users\Elias\AppData\Local\7fe5b999
C:\Users\Elias\AppData\Local\7fe5b999\@
C:\Users\Elias\AppData\Local\7fe5b999\loader.tlb

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.

pcguy10 14.06.2014 11:23
Hallo schrauber,

hier sind die Log-Files:

Fixlog.txt:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014
Ran by Elias at 2014-06-14 12:08:01 Run:1
Running from C:\Users\Elias\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ZeroAccess:
C:\Windows\System32\consrv.dll

ZeroAccess:
C:\Users\Elias\AppData\Local\7fe5b999
C:\Users\Elias\AppData\Local\7fe5b999\@
C:\Users\Elias\AppData\Local\7fe5b999\loader.tlb
*****************

C:\Windows\System32\consrv.dll => Moved successfully.
C:\Users\Elias\AppData\Local\7fe5b999 => Moved successfully.
"C:\Users\Elias\AppData\Local\7fe5b999\@" => File/Directory not found.
"C:\Users\Elias\AppData\Local\7fe5b999\loader.tlb" => File/Directory not found.

==== End of Fixlog ====
FRST.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
Ran by Elias (administrator) on PC-ELIAS on 14-06-2014 12:15:17
Running from C:\Users\Elias\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Akamai Technologies, Inc.) C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-12] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-10] ()
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Elias\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [GoogleChromeAutoLaunch_ADF2EF7A9169565BE50E52E39FE78F03] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-17] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2169D8548899CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default
FF NewTab: about:blank
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Elias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Elias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Elias\AppData\Roaming\Mozilla\Firefox\Profiles\2frlzdjb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-09]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: de.yahoo.com
CHR DefaultSearchProvider: Yahoo! Deutschland
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Elias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (No Name) - C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-11-02]
CHR Extension: (Google Wallet) - C:\Users\Elias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
S2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-08-30] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-08-30] ()
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-07-20] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-07-20] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [66560 2005-05-17] (Protection Technology) [File not signed]
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-11-04] (Duplex Secure Ltd.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2012-10-27] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-01-23] (WinISO.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\Elias\AppData\Local\Temp\0053A90.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 12:15 - 2014-06-14 12:15 - 00017460 _____ () C:\Users\Elias\Desktop\FRST.txt
2014-06-14 11:28 - 2014-06-14 11:28 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-14 11:28 - 2014-06-14 11:28 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-14 11:28 - 2014-06-14 11:28 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-14 11:28 - 2014-06-14 11:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-14 11:28 - 2014-06-14 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 11:28 - 2014-06-14 11:28 - 00000000 ____D () C:\Program Files\Java
2014-06-14 11:21 - 2014-06-14 11:22 - 21991496 _____ (Mozilla) C:\Users\Elias\Downloads\Thunderbird_Setup_de24.6.0.exe
2014-06-14 11:15 - 2014-06-14 11:17 - 34131368 _____ (Oracle Corporation) C:\Users\Elias\Downloads\jre-8u5-windows-x64.exe
2014-06-13 10:19 - 2014-06-13 10:19 - 00000995 _____ () C:\Users\Elias\Desktop\checkup.txt
2014-06-12 13:23 - 2014-06-12 13:23 - 00854367 _____ () C:\Users\Elias\Desktop\SecurityCheck.exe
2014-06-12 13:22 - 2014-06-12 13:22 - 02347384 _____ (ESET) C:\Users\Elias\Desktop\esetsmartinstaller_deu.exe
2014-06-12 13:05 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:05 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:05 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:05 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:05 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 13:05 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 13:05 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:05 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:05 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 13:05 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:05 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 13:05 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:05 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 13:05 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 13:05 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:05 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 13:05 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 13:05 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 13:05 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:05 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 13:05 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:05 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 13:05 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 13:05 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 13:05 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 13:05 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 13:05 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 13:05 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 13:05 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 13:05 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 13:05 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:05 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 13:05 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 13:05 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:05 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 13:05 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 13:05 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 13:05 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 13:05 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 13:05 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 13:05 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 13:05 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:05 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 13:05 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 13:05 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 13:05 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:05 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 13:05 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:05 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 13:05 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 13:05 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:05 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 13:05 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:05 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 13:05 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:05 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 13:05 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:05 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 13:05 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 13:05 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 13:05 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 13:05 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 13:05 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 13:05 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 13:05 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 10:25 - 2014-06-11 10:25 - 00000000 ____D () C:\Users\Elias\Desktop\FRST-OlderVersion
2014-06-11 10:22 - 2014-06-11 10:22 - 00000957 _____ () C:\Users\Elias\Desktop\JRT.txt
2014-06-11 10:11 - 2014-06-11 10:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-10 23:58 - 2014-06-10 23:58 - 00002182 _____ () C:\Users\Elias\Desktop\mbam.txt
2014-06-10 22:57 - 2014-06-10 23:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:57 - 2014-06-10 22:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:57 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Elias\Desktop\Programme
2014-06-10 22:48 - 2014-06-10 22:48 - 01016261 _____ (Thisisu) C:\Users\Elias\Desktop\JRT.exe
2014-06-10 22:47 - 2014-06-10 22:47 - 01333465 _____ () C:\Users\Elias\Desktop\adwcleaner_3.212.exe
2014-06-10 22:45 - 2014-06-10 22:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Elias\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 22:36 - 2014-06-09 22:36 - 00027538 _____ () C:\ComboFix.txt
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\temp
2014-06-09 21:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-09 21:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-09 21:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-09 21:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-09 21:49 - 2014-06-09 22:36 - 00000000 ____D () C:\Qoobox
2014-06-09 21:48 - 2014-06-09 22:33 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 21:19 - 2014-06-09 21:20 - 05205664 ____R (Swearware) C:\Users\Elias\Desktop\ComboFix.exe
2014-06-09 15:53 - 2014-06-09 15:53 - 00012230 _____ () C:\Users\Elias\Desktop\Gmer.txt
2014-06-09 15:02 - 2014-06-14 12:15 - 00000000 ____D () C:\FRST
2014-06-09 14:38 - 2014-06-09 14:38 - 00000652 _____ () C:\Users\Elias\Desktop\defogger_disable.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000188 _____ () C:\Users\Elias\defogger_reenable
2014-06-09 12:29 - 2014-06-14 12:08 - 00000000 ____D () C:\Users\Elias\Desktop\SystemRestore
2014-06-09 12:28 - 2014-06-09 12:28 - 00380416 _____ () C:\Users\Elias\Desktop\Gmer-19357.exe
2014-06-09 12:26 - 2014-06-11 10:25 - 02081792 _____ (Farbar) C:\Users\Elias\Desktop\FRST64.exe
2014-06-09 12:25 - 2014-06-09 12:25 - 00050477 _____ () C:\Users\Elias\Desktop\Defogger.exe
2014-06-08 15:23 - 2014-06-08 15:23 - 00001103 _____ () C:\Users\Elias\Desktop\ParetoLogic PC Health Advisor.lnk
2014-06-08 15:21 - 2014-06-08 15:21 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Elias\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 14:21 - 2014-06-09 22:16 - 00003106 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-06-01 21:23 - 2014-06-01 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2014-05-28 23:31 - 2014-05-28 23:31 - 00000000 ____D () C:\ProgramData\The Learning Company
2014-05-28 23:31 - 2002-05-07 07:09 - 00274432 _____ (Riverdeep Interactive Learning Limited) C:\Windows\TLCUNINSTALL.EXE
2014-05-28 23:29 - 2014-05-28 23:29 - 00000000 _____ () C:\Windows\SETUP32.INI
2014-05-26 14:01 - 2014-05-26 14:01 - 00000969 _____ () C:\Users\Elias\Desktop\Batman - Vengeance.lnk
2014-05-23 20:10 - 2014-05-23 20:12 - 23424432 _____ (Windows 7 - Codec Pack) C:\Users\Elias\Downloads\windows.7.codec.pack.v4.0.9.setup.exe
2014-05-20 15:02 - 2014-05-20 15:02 - 00045384 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-19 22:37 - 2014-05-19 22:40 - 39620653 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad - The Infinity Gauntlet.7z
2014-05-19 22:32 - 2014-05-19 22:34 - 11027425 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad.7z
2014-05-18 21:27 - 2014-05-18 21:27 - 00004096 _____ () C:\Windows\d3dx.dat
2014-05-18 20:48 - 2014-05-18 20:48 - 00004161 _____ () C:\Users\Elias\AppData\Local\recently-used.xbel
2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Elias\.thumbnails
2014-05-17 13:48 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 13:48 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 13:48 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 13:48 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 13:48 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 13:48 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-17 13:48 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-17 13:48 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-17 13:48 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-17 13:48 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 13:48 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 13:48 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 13:48 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 13:48 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 13:48 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 13:48 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 13:48 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-17 13:48 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-17 13:48 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-14 12:15 - 2014-06-14 12:15 - 00017460 _____ () C:\Users\Elias\Desktop\FRST.txt
2014-06-14 12:15 - 2014-06-09 15:02 - 00000000 ____D () C:\FRST
2014-06-14 12:15 - 2011-11-02 19:30 - 00000000 ____D () C:\Users\Elias\AppData\Local\Temp
2014-06-14 12:08 - 2014-06-09 12:29 - 00000000 ____D () C:\Users\Elias\Desktop\SystemRestore
2014-06-14 11:49 - 2011-11-07 22:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 11:31 - 2012-09-27 17:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-14 11:31 - 2012-03-18 19:27 - 00002104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-14 11:31 - 2012-03-18 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-14 11:28 - 2014-06-14 11:28 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-14 11:28 - 2014-06-14 11:28 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-14 11:28 - 2014-06-14 11:28 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-14 11:28 - 2014-06-14 11:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-14 11:28 - 2014-06-14 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 11:28 - 2014-06-14 11:28 - 00000000 ____D () C:\Program Files\Java
2014-06-14 11:22 - 2014-06-14 11:21 - 21991496 _____ (Mozilla) C:\Users\Elias\Downloads\Thunderbird_Setup_de24.6.0.exe
2014-06-14 11:17 - 2014-06-14 11:15 - 34131368 _____ (Oracle Corporation) C:\Users\Elias\Downloads\jre-8u5-windows-x64.exe
2014-06-14 11:00 - 2011-11-03 02:35 - 02008032 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 10:44 - 2011-11-11 20:28 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000UA.job
2014-06-14 00:10 - 2009-07-14 06:51 - 00396173 _____ () C:\Windows\setupact.log
2014-06-13 16:40 - 2011-11-11 20:28 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1230764542-2489123228-2413629413-1000Core.job
2014-06-13 14:49 - 2011-11-07 22:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 10:26 - 2011-11-10 21:30 - 00000000 ____D () C:\Users\Elias\AppData\Local\PMB Files
2014-06-13 10:19 - 2014-06-13 10:19 - 00000995 _____ () C:\Users\Elias\Desktop\checkup.txt
2014-06-13 10:02 - 2013-12-26 23:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-13 04:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 03:39 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 03:39 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 03:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 03:10 - 2011-11-05 10:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 13:23 - 2014-06-12 13:23 - 00854367 _____ () C:\Users\Elias\Desktop\SecurityCheck.exe
2014-06-12 13:22 - 2014-06-12 13:22 - 02347384 _____ (ESET) C:\Users\Elias\Desktop\esetsmartinstaller_deu.exe
2014-06-12 13:20 - 2009-08-04 11:51 - 00709252 _____ () C:\Windows\system32\perfh007.dat
2014-06-12 13:20 - 2009-08-04 11:51 - 00153852 _____ () C:\Windows\system32\perfc007.dat
2014-06-12 13:20 - 2009-07-14 07:13 - 01642148 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 12:26 - 2014-04-25 13:00 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-06-11 10:25 - 2014-06-11 10:25 - 00000000 ____D () C:\Users\Elias\Desktop\FRST-OlderVersion
2014-06-11 10:25 - 2014-06-09 12:26 - 02081792 _____ (Farbar) C:\Users\Elias\Desktop\FRST64.exe
2014-06-11 10:22 - 2014-06-11 10:22 - 00000957 _____ () C:\Users\Elias\Desktop\JRT.txt
2014-06-11 10:11 - 2014-06-11 10:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 00:05 - 2011-11-02 20:37 - 00048890 _____ () C:\Windows\PFRO.log
2014-06-11 00:03 - 2014-04-25 12:06 - 00000000 ____D () C:\AdwCleaner
2014-06-10 23:58 - 2014-06-10 23:58 - 00002182 _____ () C:\Users\Elias\Desktop\mbam.txt
2014-06-10 23:54 - 2014-06-10 22:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:57 - 2014-06-10 22:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:57 - 2014-06-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Elias\Desktop\Programme
2014-06-10 22:48 - 2014-06-10 22:48 - 01016261 _____ (Thisisu) C:\Users\Elias\Desktop\JRT.exe
2014-06-10 22:47 - 2014-06-10 22:47 - 01333465 _____ () C:\Users\Elias\Desktop\adwcleaner_3.212.exe
2014-06-10 22:46 - 2014-06-10 22:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Elias\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 22:36 - 2014-06-09 22:36 - 00027538 _____ () C:\ComboFix.txt
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 22:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\temp
2014-06-09 22:36 - 2014-06-09 21:49 - 00000000 ____D () C:\Qoobox
2014-06-09 22:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-09 22:33 - 2014-06-09 21:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 22:33 - 2011-11-02 19:36 - 00000000 ___RD () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 22:33 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 22:21 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-09 22:16 - 2014-06-05 14:21 - 00003106 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-06-09 22:11 - 2013-11-02 18:31 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-06-09 22:11 - 2013-11-02 14:04 - 00000000 ____D () C:\Program Files (x86)\Warner Bros. Digital Copy Manager
2014-06-09 21:20 - 2014-06-09 21:19 - 05205664 ____R (Swearware) C:\Users\Elias\Desktop\ComboFix.exe
2014-06-09 15:53 - 2014-06-09 15:53 - 00012230 _____ () C:\Users\Elias\Desktop\Gmer.txt
2014-06-09 14:38 - 2014-06-09 14:38 - 00000652 _____ () C:\Users\Elias\Desktop\defogger_disable.log
2014-06-09 14:38 - 2014-06-09 14:38 - 00000188 _____ () C:\Users\Elias\defogger_reenable
2014-06-09 14:38 - 2011-11-02 19:30 - 00000000 ____D () C:\Users\Elias
2014-06-09 12:28 - 2014-06-09 12:28 - 00380416 _____ () C:\Users\Elias\Desktop\Gmer-19357.exe
2014-06-09 12:25 - 2014-06-09 12:25 - 00050477 _____ () C:\Users\Elias\Desktop\Defogger.exe
2014-06-08 15:23 - 2014-06-08 15:23 - 00001103 _____ () C:\Users\Elias\Desktop\ParetoLogic PC Health Advisor.lnk
2014-06-08 15:21 - 2014-06-08 15:21 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Elias\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-06 21:06 - 2011-11-10 00:12 - 00000000 ____D () C:\Users\Elias\Documents\1.) Eigene Dokumente
2014-06-05 19:50 - 2013-08-27 23:17 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\FreeVideoConverter
2014-06-05 15:43 - 2013-12-27 00:08 - 00000000 ____D () C:\ProgramData\Origin
2014-06-05 15:29 - 2013-12-27 00:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-01 22:39 - 2011-11-05 17:17 - 00000000 ____D () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 22:38 - 2011-11-30 18:36 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-01 22:38 - 2011-11-30 18:36 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-01 22:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 21:39 - 2014-06-01 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2014-05-30 12:21 - 2014-06-12 13:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 13:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 13:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 13:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 13:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 13:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 13:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 13:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 13:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 13:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 13:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 13:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 13:05 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 13:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 13:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 13:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 13:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 13:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 13:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 13:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 13:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 13:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 13:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 13:05 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 13:05 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 13:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 13:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 13:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 13:05 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 13:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 13:05 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 13:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 13:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 13:05 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 13:05 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 13:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 13:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 13:05 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 13:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 13:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 13:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 13:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 13:05 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 13:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 13:05 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 13:05 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 13:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 13:05 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 13:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 13:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 00:33 - 2014-04-25 13:00 - 00003254 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version2
2014-05-28 23:31 - 2014-05-28 23:31 - 00000000 ____D () C:\ProgramData\The Learning Company
2014-05-28 23:29 - 2014-05-28 23:29 - 00000000 _____ () C:\Windows\SETUP32.INI
2014-05-28 23:24 - 2011-11-03 02:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-27 15:26 - 2013-08-09 15:51 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 15:26 - 2013-08-09 15:51 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 23:12 - 2012-01-28 17:56 - 00000000 ____D () C:\Users\Elias\Filme
2014-05-26 14:01 - 2014-05-26 14:01 - 00000969 _____ () C:\Users\Elias\Desktop\Batman - Vengeance.lnk
2014-05-23 20:12 - 2014-05-23 20:10 - 23424432 _____ (Windows 7 - Codec Pack) C:\Users\Elias\Downloads\windows.7.codec.pack.v4.0.9.setup.exe
2014-05-20 15:02 - 2014-05-20 15:02 - 00045384 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-19 22:40 - 2014-05-19 22:37 - 39620653 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad - The Infinity Gauntlet.7z
2014-05-19 22:34 - 2014-05-19 22:32 - 11027425 _____ () C:\Users\Elias\Downloads\Marvel Super Hero Squad.7z
2014-05-18 21:27 - 2014-05-18 21:27 - 00004096 _____ () C:\Windows\d3dx.dat
2014-05-18 20:48 - 2014-05-18 20:48 - 00004161 _____ () C:\Users\Elias\AppData\Local\recently-used.xbel
2014-05-18 20:48 - 2013-08-30 18:40 - 00000000 ____D () C:\Users\Elias\.gimp-2.8
2014-05-18 14:35 - 2014-05-18 14:35 - 00000000 ____D () C:\Users\Elias\.thumbnails
2014-05-18 09:39 - 2011-11-02 19:36 - 00000000 ___RD () C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 14:09 - 2012-04-03 14:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 14:09 - 2011-11-05 11:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe


Some content of TEMP:
====================
C:\Users\Elias\AppData\Local\Temp\avgnt.exe
C:\Users\Elias\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 10:23

==================== End Of Log ============================
--- --- ---


Mit freundlichen Grüßen,
pcguy10

schrauber 15.06.2014 06:09
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
C:\Program Files (x86)\dcmsvc
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-17] (Adobe Systems Incorporated)
C:\Users\Public\dcmsvcsetup.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

pcguy10 15.06.2014 12:27
Hallo schrauber,

hier ist noch die Fixlog.txt:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014
Ran by Elias at 2014-06-15 11:57:46 Run:2
Running from C:\Users\Elias\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
C:\Program Files (x86)\dcmsvc
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-17] (Adobe Systems Incorporated)
C:\Users\Public\dcmsvcsetup.exe
       
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\dcmsvc => value deleted successfully.
C:\Program Files (x86)\dcmsvc => Moved successfully.
HKU\S-1-5-21-1230764542-2489123228-2413629413-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => value deleted successfully.
C:\Users\Public\dcmsvcsetup.exe => Moved successfully.

==== End of Fixlog ====
Vielen Dank für alles.

Mit freundlichen Grüßen,
pcguy10

schrauber 16.06.2014 07:32
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55