Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Eigener Rechner Auswertung. Rechner ist recht langsam. (https://www.trojaner-board.de/157015-eigener-rechner-auswertung-rechner-recht-langsam.html)

Andy666 29.07.2014 18:55
Eigener Rechner Auswertung. Rechner ist recht langsam.
 
Guten Abend zusammen.

Nachdem ich bei dem Rechner meines Vaters heute hier gute und schnelle hilfe bekommen habe nun mein eigener ^^ ;-)

Rechner Spackt auch etwas rum Firefox ist recht langsam etc.

Rechner info:

Win7 Ulti 64bit SP1
intel i3-2120 @3,3 Ghz
8GB Ram
Nutze nur Firefox.

AdwCleaner :

Code:
# AdwCleaner v3.301 - Bericht erstellt am 29/07/2014 um 19:45:03
# Aktualisiert 28/07/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Andy - HOME
# Gestartet von : C:\Users\Andy\Downloads\adwcleaner_3.301.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Users\Andy\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Andy\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Andy\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Andy\Documents\Mobogenie
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Datei Gelöscht : C:\Users\Andy\daemonprocess.txt

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\Driver-Soft
Schlüssel Gelöscht : HKLM\Software\MediaPlayerV1
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\4gfndgmo.default-1404153371712\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M3907E69E-909A-42BD-8439-F8E29058F067&SearchSource=58&CUI=&UM=5&UP=SP5FADD4E6-BE02-4D27-B606-EE7A18609E21&q={searchTerms}&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [28902 octets] - [05/02/2014 15:56:55]
AdwCleaner[R1].txt - [3920 octets] - [29/07/2014 19:43:53]
AdwCleaner[S0].txt - [27959 octets] - [05/02/2014 16:00:44]
AdwCleaner[S1].txt - [3330 octets] - [29/07/2014 19:45:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3390 octets] ##########
MalewareBytes:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.07.2014
Suchlauf-Zeit: 19:24:28
Logdatei: lauf 1 Andy.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.29.05
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Andy

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 365520
Verstrichene Zeit: 9 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Andy (administrator) on HOME on 29-07-2014 19:58:48
Running from C:\Users\Andy\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Tor\tor.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(GamersFirst) C:\Users\Andy\AppData\Local\GamersFirst\LIVE!\Live.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Users\Andy\Downloads\YouScreen.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-17] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1690512930-4117847210-2720430260-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\Andy\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YouScreen.lnk
ShortcutTarget: YouScreen.lnk -> C:\Users\Andy\Downloads\YouScreen.exe ()
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2B2753B8496CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\4gfndgmo.default-1404153371712
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-27]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Extension: (Logitech SetPoint) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-17] (Intel Corporation) [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-25] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-15] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-02] () [File not signed]
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-05-15] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-19] (DT Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-17] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-05-15] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-30] (Duplex Secure Ltd.)
S3 wolfkr; C:\AeriaGames\WolfTeam-DE\avital\wolfk64.sys [86352 2014-05-08] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-07-29] ()
U3 aypxiene; C:\Windows\System32\Drivers\aypxiene.sys [0 ] (Advanced Micro Devices)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VirtualFD; \??\C:\Users\Andy\Desktop\Xbox 360 neu\vfd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 19:58 - 2014-07-29 19:59 - 00017592 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-07-29 19:58 - 2014-07-29 19:58 - 02093568 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-07-29 19:58 - 2014-07-29 19:58 - 00000000 ____D () C:\FRST
2014-07-29 19:46 - 2014-07-29 19:46 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-29 19:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-29 19:42 - 2014-07-29 19:42 - 01365551 _____ () C:\Users\Andy\Downloads\adwcleaner_3.301.exe
2014-07-29 19:38 - 2014-07-29 19:38 - 00000000 ____D () C:\Users\Andy\malware
2014-07-29 19:20 - 2014-07-29 19:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-29 19:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 15:39 - 2014-07-21 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-07-15 15:48 - 2014-07-15 16:05 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst LIVE!
2014-07-15 15:47 - 2014-07-15 16:01 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-07-15 15:47 - 2014-07-15 15:47 - 12844984 _____ (GamersFirst) C:\Users\Andy\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2014-07-15 15:47 - 2014-07-15 15:47 - 00001168 _____ () C:\Users\Andy\Desktop\GamersFirst LIVE!.lnk
2014-07-15 15:47 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst
2014-07-14 22:37 - 2014-07-13 14:23 - 00000000 ____D () C:\Users\Andy\Downloads\Sample
2014-07-14 16:42 - 2014-07-14 17:04 - 00002084 _____ () C:\Users\Andy\Desktop\Holzfäller Simulator 2013.lnk
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
2014-07-14 16:41 - 2014-07-14 17:05 - 00000000 ____D () C:\Program Files (x86)\Woodcutter Simulator 2013
2014-07-13 10:47 - 2014-07-01 09:41 - 00000000 ____D () C:\Users\Andy\Downloads\Ballermann - Fussballhits 2014 (2 CD) (2014)
2014-07-13 10:41 - 2014-07-13 10:42 - 00000000 ____D () C:\Users\Andy\Downloads\best of 2014 - Sommerhits
2014-07-13 10:41 - 2014-06-05 01:47 - 00000000 ____D () C:\Users\Andy\Downloads\RTL Sommerhits 2014 (2014) [2CD]
2014-07-13 10:20 - 2014-07-13 11:00 - 00000000 ____D () C:\Users\Andy\Desktop\mix cd
2014-07-13 10:20 - 2014-03-01 00:30 - 00000000 ____D () C:\Users\Andy\Downloads\The Dome Vol.69
2014-07-10 09:05 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 09:05 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 09:04 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 09:04 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 09:04 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 09:04 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 09:04 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 09:04 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 09:04 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 09:04 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 09:04 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 09:04 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 09:04 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 09:04 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 09:04 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 09:04 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 09:04 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 09:04 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 09:04 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 09:04 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 09:04 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 09:04 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:04 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 09:04 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:04 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 09:04 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 09:04 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 09:04 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 09:04 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 09:04 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 09:04 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 09:04 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 09:04 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 09:04 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 09:04 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 09:04 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 09:04 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 09:04 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 09:04 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 09:04 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 09:04 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 09:04 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 09:04 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 09:04 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 09:04 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 09:04 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 09:04 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 09:04 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 09:04 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 09:04 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 09:04 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 09:04 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 09:04 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 09:04 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 09:04 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 09:04 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 09:04 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 09:04 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 09:04 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 09:04 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 09:04 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 09:04 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 09:04 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 09:04 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 09:04 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 09:03 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 09:03 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 09:03 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 10:08 - 2014-06-09 15:15 - 00000000 ____D () C:\Users\Andy\Downloads\The.Forest.Early.Access-TPTB
2014-07-05 16:00 - 2014-07-05 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIG Entertainment
2014-07-04 20:06 - 2014-07-04 20:06 - 00000000 ____D () C:\Users\Andy\Documents\HOME
2014-07-04 16:40 - 2014-07-04 16:55 - 00000000 ____D () C:\Users\Andy\Desktop\Roller gaser
2014-06-30 19:48 - 2014-06-30 19:48 - 00000000 _____ () C:\Users\Andy\Desktop\gaser.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 19:59 - 2014-07-29 19:58 - 00017592 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-07-29 19:58 - 2014-07-29 19:58 - 02093568 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-07-29 19:58 - 2014-07-29 19:58 - 00000000 ____D () C:\FRST
2014-07-29 19:58 - 2014-05-14 14:03 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-07-29 19:58 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 19:58 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 19:51 - 2012-09-18 20:57 - 01917705 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 19:47 - 2013-07-02 20:41 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-29 19:46 - 2014-07-29 19:46 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-07-29 19:46 - 2014-05-06 11:06 - 00041300 _____ () C:\Windows\PFRO.log
2014-07-29 19:46 - 2014-05-06 11:06 - 00018178 _____ () C:\Windows\setupact.log
2014-07-29 19:46 - 2012-11-30 15:34 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 19:46 - 2012-09-18 22:04 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-07-29 19:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 19:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-07-29 19:45 - 2014-02-05 15:56 - 00000000 ____D () C:\AdwCleaner
2014-07-29 19:45 - 2012-09-18 21:20 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 19:45 - 2012-09-18 20:59 - 00000993 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-29 19:45 - 2012-09-18 20:58 - 00000000 ____D () C:\Users\Andy
2014-07-29 19:42 - 2014-07-29 19:42 - 01365551 _____ () C:\Users\Andy\Downloads\adwcleaner_3.301.exe
2014-07-29 19:39 - 2012-11-30 15:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 19:38 - 2014-07-29 19:38 - 00000000 ____D () C:\Users\Andy\malware
2014-07-29 19:21 - 2014-07-29 19:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-02-05 15:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-27 23:51 - 2013-03-06 23:42 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-07-25 07:49 - 2014-05-29 21:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 07:49 - 2014-05-29 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 14:38 - 2014-05-29 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 13:31 - 2014-07-24 13:31 - 00007334 _____ () C:\Users\Andy\Desktop\OpenDocument Text (neu) (2).odt
2014-07-24 12:15 - 2011-04-12 09:43 - 00770478 _____ () C:\Windows\system32\perfh007.dat
2014-07-24 12:15 - 2011-04-12 09:43 - 00174294 _____ () C:\Windows\system32\perfc007.dat
2014-07-24 12:15 - 2009-07-14 07:13 - 01798746 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 21:49 - 2012-09-18 22:09 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps
2014-07-23 20:27 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\SpinTires
2014-07-22 10:51 - 2014-07-22 10:51 - 00000076 _____ () C:\Users\Andy\Desktop\beetz.txt
2014-07-21 15:41 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Steam
2014-07-21 15:41 - 2014-07-21 15:39 - 00000000 ____D () C:\Program Files (x86)\Spintires
2014-07-21 15:39 - 2014-07-21 15:39 - 00001023 _____ () C:\Users\Andy\Desktop\Spintires.lnk
2014-07-21 15:39 - 2014-07-21 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires-CODEX
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires.Update.1.Hotfix.incl.Crackfix-CODEX
2014-07-21 09:40 - 2014-04-13 18:11 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-15 16:49 - 2014-07-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bossa Studios
2014-07-15 16:48 - 2014-07-15 16:48 - 00000000 ____D () C:\Program Files (x86)\Bossa Studios
2014-07-15 16:24 - 2012-10-28 15:18 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-15 16:24 - 2012-10-28 15:18 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-15 16:19 - 2012-10-28 15:18 - 00281288 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-15 16:19 - 2012-10-28 15:18 - 00000000 ____D () C:\Users\Andy\AppData\Local\PunkBuster
2014-07-15 16:14 - 2013-11-16 20:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 16:09 - 2014-05-15 07:50 - 00084524 _____ () C:\Windows\DirectX.log
2014-07-15 16:09 - 2012-10-28 15:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-07-15 16:05 - 2014-07-15 15:48 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst LIVE!
2014-07-15 16:01 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-07-15 15:47 - 2014-07-15 15:47 - 12844984 _____ (GamersFirst) C:\Users\Andy\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2014-07-15 15:47 - 2014-07-15 15:47 - 00001168 _____ () C:\Users\Andy\Desktop\GamersFirst LIVE!.lnk
2014-07-15 15:47 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst
2014-07-15 15:34 - 2013-05-07 13:01 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-14 17:06 - 2012-09-21 19:36 - 00000000 ____D () C:\Users\Andy\Documents\My Games
2014-07-14 17:05 - 2014-07-14 16:41 - 00000000 ____D () C:\Program Files (x86)\Woodcutter Simulator 2013
2014-07-14 17:04 - 2014-07-14 16:42 - 00002084 _____ () C:\Users\Andy\Desktop\Holzfäller Simulator 2013.lnk
2014-07-14 16:48 - 2012-11-15 11:37 - 00000000 ____D () C:\Users\Andy\AppData\Local\Windows Live
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2013
2014-07-13 14:23 - 2014-07-14 22:37 - 00000000 ____D () C:\Users\Andy\Downloads\Sample
2014-07-13 11:00 - 2014-07-13 10:20 - 00000000 ____D () C:\Users\Andy\Desktop\mix cd
2014-07-13 10:42 - 2014-07-13 10:41 - 00000000 ____D () C:\Users\Andy\Downloads\best of 2014 - Sommerhits
2014-07-13 10:03 - 2014-07-13 10:03 - 00001055 _____ () C:\Users\Andy\Desktop\Extreme Roads USA.lnk
2014-07-13 10:03 - 2014-07-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extreme Roads USA
2014-07-11 13:44 - 2014-04-05 11:05 - 00000000 ____D () C:\Users\Andy\Desktop\Neuer Ordner (3)
2014-07-11 01:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 23:58 - 2009-07-14 06:45 - 00312176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 23:56 - 2014-05-06 22:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 23:56 - 2011-04-12 09:54 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 14:26 - 2013-08-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 14:24 - 2012-08-31 23:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-05 16:00 - 2014-07-05 16:00 - 00002416 _____ () C:\Users\Public\Desktop\Professional Farmer 2014 Platinum Edition.lnk
2014-07-05 16:00 - 2014-07-05 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIG Entertainment
2014-07-05 15:53 - 2014-07-05 15:53 - 00000000 ____D () C:\Program Files (x86)\UIG Entertainment
2014-07-04 20:06 - 2014-07-04 20:06 - 00000000 ____D () C:\Users\Andy\Documents\HOME
2014-07-04 20:04 - 2014-07-04 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ship Simulator Maritime Search and Rescue
2014-07-04 16:55 - 2014-07-04 16:40 - 00000000 ____D () C:\Users\Andy\Desktop\Roller gaser
2014-07-04 16:04 - 2013-03-30 00:46 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-01 09:41 - 2014-07-13 10:47 - 00000000 ____D () C:\Users\Andy\Downloads\Ballermann - Fussballhits 2014 (2 CD) (2014)
2014-06-30 20:36 - 2014-05-15 07:26 - 00000000 ____D () C:\Users\Andy\Desktop\Alte Firefox-Daten
2014-06-30 19:48 - 2014-06-30 19:48 - 00000000 _____ () C:\Users\Andy\Desktop\gaser.txt
2014-06-30 04:09 - 2014-07-10 09:04 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-10 09:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\avgnt.exe
C:\Users\Andy\AppData\Local\Temp\iupdate.exe
C:\Users\Andy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 17:17

==================== End Of Log ============================
--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Andy at 2014-07-29 19:59:34
Running from C:\Users\Andy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.00 - Sunflowers)
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.7.672769 - )
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.10.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Extreme Roads USA (HKLM-x32\...\Extreme Roads USA_is1) (Version:  - )
FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
Gameforge Live 2.0.0 "Baby Genius" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.0 - Gameforge)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
GameWiz32 (HKLM-x32\...\GameWiz32) (Version: 1.43 - Nico Ebert)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Holzfäller Simulator 2013 (HKLM-x32\...\Woodcutter Simulator 2013) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version: 3.0.30.1526 - Intel)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
intelligent Video Convert (HKLM-x32\...\intelligent Video Convert_is1) (Version: Aktuelle Version - IN MEDIA KG)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Killer is Dead (HKLM-x32\...\Killer is Dead_is1) (Version:  - )
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Patrizier II Gold (HKLM-x32\...\Patrizier II Gold_is1) (Version:  - )
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Professional Farmer 2014 Platinum Edition (HKLM-x32\...\Professional Farmer 2014 Platinum Edition_is1) (Version:  - )
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6714 - Realtek Semiconductor Corp.)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Ship Simulator Maritime Search and Rescue (HKLM-x32\...\Ship Simulator Maritime Search and Rescue_is1) (Version:  - )
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spintires (HKLM-x32\...\Spintires_is1) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Surgeon Simulator 2013_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Twonky Server (HKLM-x32\...\TwonkyServer) (Version: 7.2.3.0 - PacketVideo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplink (HKLM-x32\...\Uplink_is1) (Version:  - GOG.com)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
War Thunder Launcher 1.0.1.302 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WBFS to ISO (HKLM-x32\...\{55F0E086-2E1C-4478-B52E-DA6025A46434}_is1) (Version:  - wbfstoiso.com)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfenstein: The New Order German Macht Frei Edition :D (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlckdlcm1hbg==_is1) (Version: 1 - )
WolfTeam-DE (HKLM-x32\...\WolfTeam-DE) (Version:  - )
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1690512930-4117847210-2720430260-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1690512930-4117847210-2720430260-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1690512930-4117847210-2720430260-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1690512930-4117847210-2720430260-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

15-07-2014 13:34:15 Windows Update
15-07-2014 14:06:31 DirectX wurde installiert
15-07-2014 14:13:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
15-07-2014 14:14:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
17-07-2014 21:50:25 Windows Update
23-07-2014 10:25:26 Windows Update
24-07-2014 12:36:45 Windows Update
29-07-2014 17:09:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-05-18 09:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2F197E9A-7C55-4A30-9A97-AEF6B92C6167} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {42941403-5A74-4D85-9AA5-1A0479763F4A} - System32\Tasks\{26E96288-C068-4C4B-BE46-F60E4151485A} => C:\Users\Andy\Desktop\Xbox 360 neu\vfd.exe
Task: {498EEC9D-97E1-4DD9-91F6-FABCF0ED0468} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {6025E842-7191-4446-816B-7714C3958E21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {80E5FE07-AC15-4F00-9B10-5C3224364F39} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {B7615D04-0921-4CF0-A08F-D557D96C6537} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {C16B8EA8-D8CD-47C1-A76D-4A1446390A43} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-HOME => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-24 10:43 - 2012-07-24 10:43 - 00146984 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-07-24 10:43 - 2012-07-24 10:43 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2012-10-28 15:18 - 2014-07-15 16:09 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-02 08:42 - 2013-09-02 08:42 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2013-05-23 15:57 - 2013-05-23 15:57 - 00885576 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
2013-05-23 15:58 - 2013-05-23 15:58 - 02204488 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
2014-03-04 11:21 - 2014-03-04 11:21 - 00429568 _____ () C:\Users\Andy\Downloads\YouScreen.exe
2013-05-23 15:58 - 2013-05-23 15:58 - 00222024 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll
2012-04-27 00:38 - 2012-04-27 00:38 - 20758016 _____ () C:\Users\Andy\AppData\Local\GamersFirst\LIVE!\libcef.dll
2014-06-18 21:08 - 2014-06-18 21:08 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-27 19:20 - 2014-02-27 19:20 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\c2d51c14c3df104eccfffc7313d902b6\PSIClient.ni.dll
2012-09-18 22:35 - 2012-07-25 15:13 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-06-12 13:16 - 2013-06-12 13:16 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EPSON Stylus DX4400 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SA596.tmp" /EF "HKCU"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Andy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2014 07:48:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2014 07:46:59 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize  Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (07/29/2014 07:46:53 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CAgentState::ResetBIOS          Reset SASD failed, error=0

Error: (07/29/2014 07:46:53 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CISCTPnpDriverApi::SetBIOSWakeTime  *****IOCTL_ISCT_SASD(SASD) Failed, Error=0x2

Error: (07/29/2014 07:06:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2014 07:05:42 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize  Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (07/29/2014 07:05:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CAgentState::ResetBIOS          Reset SASD failed, error=0

Error: (07/29/2014 07:05:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CISCTPnpDriverApi::SetBIOSWakeTime  *****IOCTL_ISCT_SASD(SASD) Failed, Error=0x2

Error: (07/28/2014 04:30:13 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize  Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (07/28/2014 04:30:04 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CAgentState::ResetBIOS          Reset SASD failed, error=0


System errors:
=============
Error: (07/29/2014 07:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (07/29/2014 07:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (07/29/2014 07:46:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/29/2014 07:46:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.

Error: (07/29/2014 07:05:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (07/29/2014 07:05:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (07/29/2014 07:05:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/29/2014 07:05:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.

Error: (07/28/2014 04:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (07/28/2014 04:29:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577


Microsoft Office Sessions:
=========================
Error: (07/29/2014 07:48:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2014 07:46:59 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize  Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (07/29/2014 07:46:53 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CAgentState::ResetBIOS          Reset SASD failed, error=0

Error: (07/29/2014 07:46:53 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CISCTPnpDriverApi::SetBIOSWakeTime  *****IOCTL_ISCT_SASD(SASD) Failed, Error=0x2

Error: (07/29/2014 07:06:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2014 07:05:42 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize  Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (07/29/2014 07:05:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CAgentState::ResetBIOS          Reset SASD failed, error=0

Error: (07/29/2014 07:05:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CISCTPnpDriverApi::SetBIOSWakeTime  *****IOCTL_ISCT_SASD(SASD) Failed, Error=0x2

Error: (07/28/2014 04:30:13 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: netDetect::AOACNetDetect::Initialize  Net Detect:  Error Loading PROSet Library Error=0x2\n

Error: (07/28/2014 04:30:04 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CAgentState::ResetBIOS          Reset SASD failed, error=0


CodeIntegrity Errors:
===================================
  Date: 2014-07-29 19:46:49.712
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-29 19:46:49.665
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-29 19:46:49.525
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-29 19:46:49.463
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-29 19:05:28.499
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-29 19:05:28.452
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-29 19:05:27.345
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-29 19:05:27.298
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-28 16:29:37.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-28 16:29:37.113
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8157.03 MB
Available physical RAM: 5952.07 MB
Total Pagefile: 16312.24 MB
Available Pagefile: 13898.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:469.88 GB) (Free:160.15 GB) NTFS
Drive g: (Daten) (Fixed) (Total:461.53 GB) (Free:247.33 GB) NTFS
Drive h: (Spintires) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9A40D213)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=470 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=462 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 29.07.2014 19:02
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Andy666 29.07.2014 19:10
Zitat:
Zitat von schrauber (Beitrag 1336998)
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
Erledigt :-) :party:

schrauber 30.07.2014 13:54
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Andy666 30.07.2014 14:43
Combofix Logfile:
Code:
ComboFix 14-07-29.01 - Andy 30.07.2014  15:36:16.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8157.6261 [GMT 2:00]
ausgeführt von:: c:\users\Andy\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-06-28 bis 2014-07-30  ))))))))))))))))))))))))))))))
.
.
2014-07-30 13:40 . 2014-07-30 13:40        --------        d-----w-        c:\users\Public\AppData\Local\temp
2014-07-30 13:40 . 2014-07-30 13:40        --------        d-----w-        c:\users\Mcx1-HOME\AppData\Local\temp
2014-07-30 13:40 . 2014-07-30 13:40        --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
2014-07-30 13:40 . 2014-07-30 13:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-07-30 07:09 . 2014-07-30 07:09        94656        ----a-w-        c:\windows\system32\WPRO_41_2001woem.tmp
2014-07-29 17:58 . 2014-07-29 17:59        --------        d-----w-        C:\FRST
2014-07-29 17:44 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-07-29 17:38 . 2014-07-29 17:38        --------        d-----w-        c:\users\Andy\malware
2014-07-29 17:20 . 2014-07-29 17:21        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-29 17:20 . 2014-07-29 17:20        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-29 17:20 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-07-29 17:20 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-07-29 17:10 . 2014-07-02 03:09        10924376        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{06287B8C-4EB2-47D4-A266-2B1FB222AA70}\mpengine.dll
2014-07-21 13:41 . 2014-07-23 18:27        --------        d-----w-        c:\users\Andy\AppData\Roaming\SpinTires
2014-07-21 13:41 . 2014-07-21 13:41        --------        d-----w-        c:\users\Andy\AppData\Roaming\Steam
2014-07-21 13:39 . 2014-07-21 13:41        --------        d-----w-        c:\program files (x86)\Spintires
2014-07-17 21:51 . 2014-07-17 21:51        --------        d-----w-        c:\windows\SysWow64\Wat
2014-07-17 21:51 . 2014-07-17 21:51        --------        d-----w-        c:\windows\system32\Wat
2014-07-15 14:48 . 2014-07-15 14:48        --------        d-----w-        c:\program files (x86)\Bossa Studios
2014-07-15 14:07 . 2014-07-15 14:07        --------        d-sh--w-        c:\users\Andy\AppData\Local\EmieUserList
2014-07-15 14:07 . 2014-07-15 14:07        --------        d-sh--w-        c:\users\Andy\AppData\Local\EmieSiteList
2014-07-15 13:54 . 2014-07-15 13:54        --------        d-----w-        c:\program files (x86)\GamersFirst
2014-07-15 13:48 . 2014-07-15 14:05        --------        d-----w-        c:\users\Andy\AppData\Local\GamersFirst LIVE!
2014-07-15 13:47 . 2014-07-15 13:47        --------        d-----w-        c:\users\Andy\AppData\Local\GamersFirst
2014-07-14 14:42 . 2014-07-14 14:42        --------        d-----w-        c:\windows\1C4551A64743409391E41477CD655043.TMP
2014-07-14 14:41 . 2014-07-14 15:05        --------        d-----w-        c:\program files (x86)\Woodcutter Simulator 2013
2014-07-13 08:02 . 2014-07-13 08:02        --------        d-----w-        c:\program files (x86)\Extreme Roads USA
2014-07-10 07:05 . 2014-06-06 10:10        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-07-10 07:05 . 2014-06-06 09:44        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-07-10 07:03 . 2014-06-05 14:45        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-07-10 07:03 . 2014-06-05 14:26        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-07-10 07:03 . 2014-06-05 14:25        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-07-05 14:01 . 2014-07-05 14:01        --------        d-----w-        c:\users\Andy\AppData\Roaming\Landwirt2014Platinum
2014-07-05 13:53 . 2014-07-05 13:53        --------        d-----w-        c:\program files (x86)\UIG Entertainment
2014-07-04 18:03 . 2014-07-04 18:06        --------        d-----w-        c:\program files (x86)\Ship Simulator Maritime Search and Rescue
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-30 07:09 . 2012-09-18 20:04        34752        ----a-w-        c:\windows\system32\drivers\WPRO_41_2001.sys
2014-07-15 14:24 . 2012-10-28 13:18        290776        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2014-07-15 14:24 . 2012-10-28 13:18        290776        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2014-07-15 14:19 . 2012-10-28 13:18        281288        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2014-07-15 14:09 . 2012-10-28 13:18        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2014-07-15 13:34 . 2013-05-07 11:01        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-10 12:24 . 2012-08-31 21:36        96441528        ----a-w-        c:\windows\system32\MRT.exe
2014-07-04 14:04 . 2013-03-29 22:46        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-05-22 12:15 . 2013-03-29 22:46        130584        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-05-15 06:40 . 2014-05-15 06:40        303616        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2014-05-15 06:39 . 2014-05-15 06:39        35328        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2014-05-12 05:25 . 2014-02-05 13:24        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-05-08 09:32 . 2014-06-11 11:25        1112064        ----a-w-        c:\windows\system32\rdpcorets.dll
2009-09-27 08:39        415744        --sh--w-        c:\windows\SysWOW64\avisynth.dll
2005-07-14 11:31        32256        --sh--w-        c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 09:11        764416        --sh--w-        c:\windows\SysWOW64\devil.dll
2004-01-24 23:00        70656        --sh--w-        c:\windows\SysWOW64\i420vfw.dll
2004-01-24 23:00        70656        --sh--w-        c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-15 09:38        220632        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-15 09:38        220632        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-15 09:38        220632        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-08-24 56128]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-04 750160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\users\Andy\AppData\Local\GamersFirst\LIVE!\Live.exe /silent [2013-6-25 2878504]
YouScreen.lnk - c:\users\Andy\Downloads\YouScreen.exe minimized [2014-3-4 429568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wolfkr;wolfkr;c:\aeriagames\WolfTeam-DE\avital\wolfk64.sys;c:\aeriagames\WolfTeam-DE\avital\wolfk64.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [x]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-21 07:39        1104200        ----a-w-        c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30 13:34]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30 13:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-15 09:38        244696        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-15 09:38        244696        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-15 09:38        244696        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.192.1
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\4gfndgmo.default-1404153371712\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-GameWiz32 - c:\windows\system32\GKSUI18.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1690512930-4117847210-2720430260-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1690512930-4117847210-2720430260-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1690512930-4117847210-2720430260-1000\Software\SecuROM\License information*]
"datasecu"=hex:e9,f4,e2,7f,d6,9b,94,9d,16,24,46,2c,ef,a9,2c,8a,06,90,e2,1a,e7,
  db,ee,69,f5,55,d6,5a,23,df,11,02,79,3c,f1,bd,9d,6b,93,79,41,24,b9,a4,81,ab,\
"rkeysecu"=hex:1a,59,d8,91,f5,90,1b,53,4f,e2,40,d1,52,a4,de,95
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-30  15:41:51
ComboFix-quarantined-files.txt  2014-07-30 13:41
ComboFix2.txt  2014-05-18 07:24
.
Vor Suchlauf: 22 Verzeichnis(se), 232.429.318.144 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 232.729.337.856 Bytes frei
.
- - End Of File - - A5F90731774BC209826774251E3F28A3
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/HTML]

schrauber 30.07.2014 21:00
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Andy666 01.08.2014 17:05
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.08.2014
Suchlauf-Zeit: 17:53:50
Logdatei:
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.01.03
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Andy

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 365784
Verstrichene Zeit: 11 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 18:07:24
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Andy - HOME
# Gestartet von : C:\Users\Andy\Downloads\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\4gfndgmo.default-1404153371712\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M3907E69E-909A-42BD-8439-F8E29058F067&SearchSource=58&CUI=&UM=5&UP=SP5FADD4E6-BE02-4D27-B606-EE7A18609E21&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [28902 octets] - [05/02/2014 15:56:55]
AdwCleaner[R1].txt - [3920 octets] - [29/07/2014 19:43:53]
AdwCleaner[R2].txt - [1458 octets] - [01/08/2014 18:06:34]
AdwCleaner[S0].txt - [27959 octets] - [05/02/2014 16:00:44]
AdwCleaner[S1].txt - [3470 octets] - [29/07/2014 19:45:03]
AdwCleaner[S2].txt - [1379 octets] - [01/08/2014 18:07:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1439 octets] ##########
JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: A4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Andy on 01.08.2014 at 18:14:00,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Andy\AppData\Roaming\mozilla\firefox\profiles\4gfndgmo.default-1404153371712\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.08.2014 at 18:19:27,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Andy (administrator) on HOME on 01-08-2014 18:22:46
Running from C:\Users\Andy\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(GamersFirst) C:\Users\Andy\AppData\Local\GamersFirst\LIVE!\Live.exe
() C:\Users\Andy\Downloads\YouScreen.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Tor\tor.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-17] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [283712 2013-11-26] (Filefacts.net)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1690512930-4117847210-2720430260-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\Andy\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YouScreen.lnk
ShortcutTarget: YouScreen.lnk -> C:\Users\Andy\Downloads\YouScreen.exe ()
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2B2753B8496CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\4gfndgmo.default-1404153371712
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-27]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Extension: (Logitech SetPoint) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-17] (Intel Corporation) [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-25] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-15] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-02] () [File not signed]
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-05-15] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-19] (DT Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-17] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-05-15] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-30] (Duplex Secure Ltd.)
S3 wolfkr; C:\AeriaGames\WolfTeam-DE\avital\wolfk64.sys [86352 2014-05-08] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-08-01] ()
U3 a9vv73fq; C:\Windows\System32\Drivers\a9vv73fq.sys [0 ] (Advanced Micro Devices)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VirtualFD; \??\C:\Users\Andy\Desktop\Xbox 360 neu\vfd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 18:22 - 2014-08-01 18:22 - 00000000 ____D () C:\Users\Andy\Downloads\FRST-OlderVersion
2014-08-01 18:19 - 2014-08-01 18:19 - 00000897 _____ () C:\Users\Andy\Desktop\JRT.txt
2014-08-01 18:13 - 2014-08-01 18:13 - 01016261 _____ (Thisisu) C:\Users\Andy\Downloads\JRT.exe
2014-08-01 18:10 - 2014-08-01 18:10 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-01 18:06 - 2014-08-01 18:06 - 01361309 _____ () C:\Users\Andy\Downloads\adwcleaner_3.302.exe
2014-08-01 17:53 - 2014-08-01 18:07 - 60158720 _____ () C:\Users\Andy\Downloads\bops05h.part08.rar.part
2014-08-01 17:52 - 2014-08-01 18:07 - 84880352 _____ () C:\Users\Andy\Downloads\bops05h.part04.rar.part
2014-08-01 17:52 - 2014-08-01 18:07 - 78036094 _____ () C:\Users\Andy\Downloads\bops05h.part06.rar.part
2014-08-01 17:52 - 2014-08-01 18:07 - 64312144 _____ () C:\Users\Andy\Downloads\bops05h.part07.rar.part
2014-08-01 17:52 - 2014-08-01 17:59 - 75989414 _____ () C:\Users\Andy\Downloads\bops05h.part05.rar.part
2014-08-01 17:52 - 2014-08-01 17:52 - 105906176 _____ () C:\Users\Andy\Downloads\bops05h.part03.rar
2014-08-01 17:52 - 2014-05-27 04:38 - 00000000 ____D () C:\Users\Andy\Downloads\Black.Ops.E04.Jagd.auf.ein.Phantom.GERMAN.DOKU.HDTV.720p.x264-NVA
2014-08-01 17:52 - 2014-05-19 15:55 - 00000000 ____D () C:\Users\Andy\Downloads\Black.Ops.E03.Das.Ende.von.Osama.Bin.Laden.GERMAN.DOKU.HDTV.720p.x264-NVA
2014-08-01 17:51 - 2014-08-01 17:53 - 105906176 _____ () C:\Users\Andy\Downloads\bops05h.part02.rar
2014-08-01 17:51 - 2014-08-01 17:52 - 105906176 _____ () C:\Users\Andy\Downloads\bops05h.part01.rar
2014-08-01 17:50 - 2014-05-27 18:51 - 00000000 ____D () C:\Users\Andy\Downloads\Black.Ops.E02.Geiselnahme.in.Moskau.GERMAN.DOKU.HDTV.720p.x264-NVA
2014-08-01 17:48 - 2014-07-14 19:12 - 676533011 _____ () C:\Users\Andy\Downloads\Yakuza.Gangster.und.Wohltaeter.GERMAN.DOKU.dTV.x264-821.mkv
2014-08-01 17:48 - 2014-05-05 14:20 - 00000000 ____D () C:\Users\Andy\Downloads\Black.Ops.E01.Terror.in.Mumbai.GERMAN.DOKU.HDTV.720p.x264-NVA
2014-08-01 17:47 - 2014-07-19 19:24 - 531184490 _____ () C:\Users\Andy\Downloads\Sie.waren.die.Terroristen.der.Roten.Brigaden.E02.GERMAN.DOKU.HDTVRip.x264-821.mkv
2014-08-01 17:47 - 2014-07-19 14:45 - 581912937 _____ () C:\Users\Andy\Downloads\Sie.waren.die.Terroristen.der.Roten.Brigaden.E01.GERMAN.DOKU.HDTVRip.x264-821.mkv
2014-08-01 14:25 - 2014-08-01 14:25 - 00001196 _____ () C:\Users\Andy\Desktop\IsoBuster.lnk
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\Smart Projects
2014-08-01 14:17 - 2014-01-02 18:20 - 00000000 ____D () C:\Users\Andy\Downloads\IsoBuster.Pro.v3.3.3300.Multilanguage
2014-08-01 14:11 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\Smart File Advisor
2014-08-01 14:11 - 2014-08-01 14:11 - 04669400 _____ (Smart Projects ) C:\Users\Andy\Downloads\isobuster_all_lang_3.3.exe
2014-07-31 22:46 - 2014-07-31 22:46 - 00492400 _____ () C:\Users\Andy\Downloads\435144_intl_x64_zip.exe
2014-07-31 22:39 - 2014-07-31 22:39 - 00518186 _____ () C:\Users\Andy\Downloads\nw_22154_aspivaexe.exe
2014-07-30 20:21 - 2014-08-01 14:09 - 00000000 ____D () C:\Users\Andy\Downloads\Prison Architect
2014-07-30 20:21 - 2014-07-30 20:21 - 00000000 ____D () C:\Users\Andy\AppData\Local\Introversion
2014-07-30 15:41 - 2014-07-30 15:41 - 00022920 _____ () C:\ComboFix.txt
2014-07-30 15:33 - 2014-07-30 15:33 - 05563986 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-07-30 10:14 - 2014-07-30 10:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 19:59 - 2014-07-29 19:59 - 00036433 _____ () C:\Users\Andy\Downloads\Addition.txt
2014-07-29 19:58 - 2014-08-01 18:22 - 02094080 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-07-29 19:58 - 2014-08-01 18:22 - 00017433 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-07-29 19:58 - 2014-08-01 18:22 - 00000000 ____D () C:\FRST
2014-07-29 19:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-29 19:38 - 2014-07-29 19:38 - 00000000 ____D () C:\Users\Andy\malware
2014-07-29 19:20 - 2014-08-01 17:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-29 19:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-27 23:53 - 2014-07-27 23:53 - 267788051 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part19.rar
2014-07-27 23:52 - 2014-07-27 23:53 - 411538825 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part18.rar
2014-07-27 23:52 - 2014-07-27 23:52 - 486203360 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part17.rar
2014-07-27 21:13 - 2014-07-27 23:52 - 410867969 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part16.rar
2014-07-27 21:12 - 2014-07-27 21:12 - 485532504 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part15.rar
2014-07-27 21:06 - 2014-07-27 21:11 - 410197113 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part14.rar
2014-07-27 21:05 - 2014-07-27 21:06 - 484861648 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part13.rar
2014-07-27 21:04 - 2014-07-26 05:13 - 00000000 ____D () C:\Users\Andy\Downloads\Raid.2.German.DL.AC3.Dubbed.720p.BluRay.x264-PsO
2014-07-27 21:03 - 2014-07-27 21:04 - 409526257 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part12.rar
2014-07-27 21:00 - 2014-07-27 21:01 - 484190792 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part11.rar
2014-07-27 20:56 - 2014-07-27 20:56 - 408855401 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part10.rar
2014-07-27 20:54 - 2014-07-27 20:54 - 483519936 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part09.rar
2014-07-27 20:53 - 2014-07-27 20:54 - 408184545 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part08.rar
2014-07-27 20:53 - 2014-07-27 20:53 - 482849080 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part07.rar
2014-07-27 20:52 - 2014-07-27 20:53 - 407513689 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part06.rar
2014-07-27 20:51 - 2014-07-27 20:52 - 482178224 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part05.rar
2014-07-27 20:50 - 2014-07-27 20:50 - 406842833 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part04.rar
2014-07-27 20:49 - 2014-07-27 20:49 - 481507368 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part03.rar
2014-07-27 20:48 - 2014-07-27 20:49 - 406171977 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part02.rar
2014-07-27 20:48 - 2014-07-27 20:48 - 480836647 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part01.rar
2014-07-27 20:42 - 2014-07-27 20:43 - 306253373 _____ () C:\Users\Andy\Downloads\upp_1407261510part19.rar
2014-07-27 20:41 - 2014-07-27 20:44 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part18.rar
2014-07-27 20:41 - 2014-07-27 20:44 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part16.rar
2014-07-27 20:41 - 2014-07-27 20:43 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part17.rar
2014-07-27 20:39 - 2014-07-27 20:41 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part15.rar
2014-07-27 20:39 - 2014-07-27 20:41 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part14.rar
2014-07-27 20:39 - 2014-07-27 20:41 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part13.rar
2014-07-27 20:37 - 2014-07-27 20:39 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part12.rar
2014-07-27 20:37 - 2014-07-27 20:39 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part11.rar
2014-07-27 20:33 - 2014-07-27 20:39 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part10.rar
2014-07-27 20:33 - 2014-07-27 20:36 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part08.rar
2014-07-27 20:33 - 2014-07-27 20:36 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part07.rar
2014-07-27 20:33 - 2014-07-27 20:36 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part06.rar
2014-07-27 20:33 - 2014-07-27 20:35 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part09.rar
2014-07-27 20:30 - 2014-07-27 20:33 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part05.rar
2014-07-27 20:30 - 2014-07-27 20:33 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part04.rar
2014-07-27 20:30 - 2014-07-27 20:33 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part02.rar
2014-07-27 20:30 - 2014-07-27 20:32 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part03.rar
2014-07-27 20:30 - 2014-07-27 20:32 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part01.rar
2014-07-24 13:31 - 2014-07-24 13:31 - 00007334 _____ () C:\Users\Andy\Desktop\OpenDocument Text (neu) (2).odt
2014-07-22 10:51 - 2014-07-22 10:51 - 00000076 _____ () C:\Users\Andy\Desktop\beetz.txt
2014-07-21 15:41 - 2014-07-23 20:27 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\SpinTires
2014-07-21 15:41 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Steam
2014-07-21 15:39 - 2014-07-21 15:41 - 00000000 ____D () C:\Program Files (x86)\Spintires
2014-07-21 15:39 - 2014-07-21 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires-CODEX
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires.Update.1.Hotfix.incl.Crackfix-CODEX
2014-07-20 14:22 - 2014-07-07 19:05 - 00000000 ____D () C:\Users\Andy\Downloads\The Dome Summer 2014
2014-07-16 21:24 - 2014-07-16 21:25 - 48244736 _____ () C:\Users\Andy\Downloads\vice-sample.avi.part
2014-07-16 21:24 - 2014-07-16 09:20 - 48244736 _____ () C:\Users\Andy\Downloads\vice-sample.avi
2014-07-16 21:24 - 2014-07-16 09:19 - 1542246400 _____ () C:\Users\Andy\Downloads\vice-trans.avi
2014-07-15 16:49 - 2014-07-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bossa Studios
2014-07-15 16:48 - 2014-07-15 16:48 - 00000000 ____D () C:\Program Files (x86)\Bossa Studios
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-07-15 15:48 - 2014-07-15 16:05 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst LIVE!
2014-07-15 15:47 - 2014-07-15 16:01 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-07-15 15:47 - 2014-07-15 15:47 - 12844984 _____ (GamersFirst) C:\Users\Andy\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2014-07-15 15:47 - 2014-07-15 15:47 - 00001168 _____ () C:\Users\Andy\Desktop\GamersFirst LIVE!.lnk
2014-07-15 15:47 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst
2014-07-14 22:37 - 2014-07-13 14:23 - 00000000 ____D () C:\Users\Andy\Downloads\Sample
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2013
2014-07-14 16:41 - 2014-07-14 17:05 - 00000000 ____D () C:\Program Files (x86)\Woodcutter Simulator 2013
2014-07-13 10:47 - 2014-07-01 09:41 - 00000000 ____D () C:\Users\Andy\Downloads\Ballermann - Fussballhits 2014 (2 CD) (2014)
2014-07-13 10:41 - 2014-07-13 10:42 - 00000000 ____D () C:\Users\Andy\Downloads\best of 2014 - Sommerhits
2014-07-13 10:41 - 2014-06-05 01:47 - 00000000 ____D () C:\Users\Andy\Downloads\RTL Sommerhits 2014 (2014) [2CD]
2014-07-13 10:20 - 2014-07-13 11:00 - 00000000 ____D () C:\Users\Andy\Desktop\mix cd
2014-07-13 10:20 - 2014-03-01 00:30 - 00000000 ____D () C:\Users\Andy\Downloads\The Dome Vol.69
2014-07-13 10:03 - 2014-07-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extreme Roads USA
2014-07-13 10:02 - 2014-07-13 10:02 - 00000000 ____D () C:\Program Files (x86)\Extreme Roads USA
2014-07-12 22:43 - 2014-07-05 14:37 - 1790960618 _____ () C:\Users\Andy\Downloads\NoaAC3LDCRG.avi
2014-07-12 20:29 - 2014-07-12 20:29 - 00000000 ____D () C:\Users\Andy\Downloads\Edge.of.Tomorrow.2014.NEW.HDTS.German.LiNE.DUBBED.DL.720p.x264-NSane
2014-07-12 17:46 - 2014-07-12 17:47 - 00000000 ____D () C:\Users\Andy\Downloads\Extreme.Roads.USA-CODEX
2014-07-12 17:44 - 2014-07-15 16:46 - 00000000 ____D () C:\Users\Andy\Downloads\Surgeon.Simulator.2013.MULTi13-PROPHET
2014-07-12 13:29 - 2014-04-30 17:12 - 00000000 ____D () C:\Users\Andy\Downloads\Bra 87 CD RIP
2014-07-12 13:28 - 2014-07-11 20:09 - 00000000 ____D () C:\Users\Andy\Downloads\Bravo Hits Vol. 86
2014-07-10 09:05 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 09:05 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 09:04 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 09:04 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 09:04 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 09:04 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 09:04 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 09:04 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 09:04 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 09:04 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 09:04 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 09:04 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 09:04 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 09:04 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 09:04 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 09:04 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 09:04 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 09:04 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 09:04 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 09:04 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 09:04 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 09:04 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:04 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 09:04 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:04 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 09:04 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 09:04 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 09:04 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 09:04 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 09:04 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 09:04 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 09:04 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 09:04 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 09:04 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 09:04 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 09:04 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 09:04 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 09:04 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 09:04 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 09:04 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 09:04 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 09:04 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 09:04 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 09:04 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 09:04 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 09:04 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 09:04 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 09:04 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 09:04 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 09:04 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 09:04 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 09:04 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 09:04 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 09:04 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 09:04 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 09:04 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 09:04 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 09:04 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 09:04 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 09:04 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 09:04 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 09:04 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 09:04 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 09:04 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 09:04 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 09:03 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 09:03 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 09:03 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 10:08 - 2014-06-09 15:15 - 00000000 ____D () C:\Users\Andy\Downloads\The.Forest.Early.Access-TPTB
2014-07-05 16:01 - 2014-07-05 16:01 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Landwirt2014Platinum
2014-07-05 16:00 - 2014-07-05 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIG Entertainment
2014-07-05 15:53 - 2014-07-05 15:53 - 00000000 ____D () C:\Program Files (x86)\UIG Entertainment
2014-07-05 15:41 - 2014-07-05 15:43 - 00000000 ____D () C:\Users\Andy\Downloads\Professional.Farmer.2014.Platinum.Edition-TiNYiSO
2014-07-04 20:06 - 2014-07-04 20:06 - 00000000 ____D () C:\Users\Andy\Documents\HOME
2014-07-04 20:04 - 2014-07-04 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ship Simulator Maritime Search and Rescue
2014-07-04 20:03 - 2014-07-04 20:06 - 00000000 ____D () C:\Program Files (x86)\Ship Simulator Maritime Search and Rescue
2014-07-04 20:01 - 2014-07-04 20:02 - 00000000 ____D () C:\Users\Andy\Downloads\Ship.Simulator.Maritime.Search.and.Rescue-CODEX
2014-07-04 16:40 - 2014-08-01 17:48 - 00000000 ____D () C:\Users\Andy\Desktop\Roller gaser

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 18:23 - 2014-07-29 19:58 - 00017433 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-08-01 18:22 - 2014-08-01 18:22 - 00000000 ____D () C:\Users\Andy\Downloads\FRST-OlderVersion
2014-08-01 18:22 - 2014-07-29 19:58 - 02094080 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-08-01 18:22 - 2014-07-29 19:58 - 00000000 ____D () C:\FRST
2014-08-01 18:22 - 2014-05-14 14:03 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-08-01 18:19 - 2014-08-01 18:19 - 00000897 _____ () C:\Users\Andy\Desktop\JRT.txt
2014-08-01 18:19 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 18:19 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 18:16 - 2012-09-18 22:09 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps
2014-08-01 18:13 - 2014-08-01 18:13 - 01016261 _____ (Thisisu) C:\Users\Andy\Downloads\JRT.exe
2014-08-01 18:10 - 2014-08-01 18:10 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-01 18:10 - 2012-09-18 22:04 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-08-01 18:09 - 2014-05-06 11:06 - 00043500 _____ () C:\Windows\PFRO.log
2014-08-01 18:09 - 2014-05-06 11:06 - 00018626 _____ () C:\Windows\setupact.log
2014-08-01 18:09 - 2012-11-30 15:34 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 18:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 18:08 - 2012-09-18 20:57 - 01990899 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 18:07 - 2014-08-01 17:53 - 60158720 _____ () C:\Users\Andy\Downloads\bops05h.part08.rar.part
2014-08-01 18:07 - 2014-08-01 17:52 - 84880352 _____ () C:\Users\Andy\Downloads\bops05h.part04.rar.part
2014-08-01 18:07 - 2014-08-01 17:52 - 78036094 _____ () C:\Users\Andy\Downloads\bops05h.part06.rar.part
2014-08-01 18:07 - 2014-08-01 17:52 - 64312144 _____ () C:\Users\Andy\Downloads\bops05h.part07.rar.part
2014-08-01 18:07 - 2014-02-05 15:56 - 00000000 ____D () C:\AdwCleaner
2014-08-01 18:06 - 2014-08-01 18:06 - 01361309 _____ () C:\Users\Andy\Downloads\adwcleaner_3.302.exe
2014-08-01 18:05 - 2013-07-02 20:41 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-01 17:59 - 2014-08-01 17:52 - 75989414 _____ () C:\Users\Andy\Downloads\bops05h.part05.rar.part
2014-08-01 17:53 - 2014-08-01 17:51 - 105906176 _____ () C:\Users\Andy\Downloads\bops05h.part02.rar
2014-08-01 17:53 - 2014-07-29 19:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 17:52 - 2014-08-01 17:52 - 105906176 _____ () C:\Users\Andy\Downloads\bops05h.part03.rar
2014-08-01 17:52 - 2014-08-01 17:51 - 105906176 _____ () C:\Users\Andy\Downloads\bops05h.part01.rar
2014-08-01 17:48 - 2014-07-04 16:40 - 00000000 ____D () C:\Users\Andy\Desktop\Roller gaser
2014-08-01 17:39 - 2012-11-30 15:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 14:25 - 2014-08-01 14:25 - 00001196 _____ () C:\Users\Andy\Desktop\IsoBuster.lnk
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\Smart Projects
2014-08-01 14:25 - 2014-08-01 14:11 - 00000000 ____D () C:\Program Files (x86)\Smart File Advisor
2014-08-01 14:15 - 2012-09-19 18:50 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-01 14:11 - 2014-08-01 14:11 - 04669400 _____ (Smart Projects ) C:\Users\Andy\Downloads\isobuster_all_lang_3.3.exe
2014-08-01 14:09 - 2014-07-30 20:21 - 00000000 ____D () C:\Users\Andy\Downloads\Prison Architect
2014-07-31 22:46 - 2014-07-31 22:46 - 00492400 _____ () C:\Users\Andy\Downloads\435144_intl_x64_zip.exe
2014-07-31 22:39 - 2014-07-31 22:39 - 00518186 _____ () C:\Users\Andy\Downloads\nw_22154_aspivaexe.exe
2014-07-31 21:59 - 2012-09-18 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 20:21 - 2014-07-30 20:21 - 00000000 ____D () C:\Users\Andy\AppData\Local\Introversion
2014-07-30 15:41 - 2014-07-30 15:41 - 00022920 _____ () C:\ComboFix.txt
2014-07-30 15:41 - 2014-05-18 09:09 - 00000000 ____D () C:\Qoobox
2014-07-30 15:40 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-30 15:33 - 2014-07-30 15:33 - 05563986 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-07-30 10:14 - 2014-07-30 10:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 19:59 - 2014-07-29 19:59 - 00036433 _____ () C:\Users\Andy\Downloads\Addition.txt
2014-07-29 19:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-07-29 19:45 - 2012-09-18 21:20 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 19:45 - 2012-09-18 20:59 - 00000993 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-29 19:45 - 2012-09-18 20:58 - 00000000 ____D () C:\Users\Andy
2014-07-29 19:38 - 2014-07-29 19:38 - 00000000 ____D () C:\Users\Andy\malware
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-02-05 15:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-28 20:21 - 2014-04-29 09:10 - 00000000 ____D () C:\Users\Andy\Desktop\tattoo
2014-07-27 23:53 - 2014-07-27 23:53 - 267788051 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part19.rar
2014-07-27 23:53 - 2014-07-27 23:52 - 411538825 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part18.rar
2014-07-27 23:52 - 2014-07-27 23:52 - 486203360 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part17.rar
2014-07-27 23:52 - 2014-07-27 21:13 - 410867969 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part16.rar
2014-07-27 23:51 - 2013-03-06 23:42 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-07-27 21:12 - 2014-07-27 21:12 - 485532504 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part15.rar
2014-07-27 21:11 - 2014-07-27 21:06 - 410197113 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part14.rar
2014-07-27 21:06 - 2014-07-27 21:05 - 484861648 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part13.rar
2014-07-27 21:04 - 2014-07-27 21:03 - 409526257 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part12.rar
2014-07-27 21:01 - 2014-07-27 21:00 - 484190792 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part11.rar
2014-07-27 20:56 - 2014-07-27 20:56 - 408855401 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part10.rar
2014-07-27 20:54 - 2014-07-27 20:54 - 483519936 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part09.rar
2014-07-27 20:54 - 2014-07-27 20:53 - 408184545 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part08.rar
2014-07-27 20:53 - 2014-07-27 20:53 - 482849080 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part07.rar
2014-07-27 20:53 - 2014-07-27 20:52 - 407513689 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part06.rar
2014-07-27 20:52 - 2014-07-27 20:51 - 482178224 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part05.rar
2014-07-27 20:50 - 2014-07-27 20:50 - 406842833 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part04.rar
2014-07-27 20:49 - 2014-07-27 20:49 - 481507368 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part03.rar
2014-07-27 20:49 - 2014-07-27 20:48 - 406171977 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part02.rar
2014-07-27 20:48 - 2014-07-27 20:48 - 480836647 _____ () C:\Users\Andy\Downloads\rebuilt.upp_1407261510part01.rar
2014-07-27 20:44 - 2014-07-27 20:41 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part18.rar
2014-07-27 20:44 - 2014-07-27 20:41 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part16.rar
2014-07-27 20:43 - 2014-07-27 20:42 - 306253373 _____ () C:\Users\Andy\Downloads\upp_1407261510part19.rar
2014-07-27 20:43 - 2014-07-27 20:41 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part17.rar
2014-07-27 20:41 - 2014-07-27 20:39 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part15.rar
2014-07-27 20:41 - 2014-07-27 20:39 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part14.rar
2014-07-27 20:41 - 2014-07-27 20:39 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part13.rar
2014-07-27 20:39 - 2014-07-27 20:37 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part12.rar
2014-07-27 20:39 - 2014-07-27 20:37 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part11.rar
2014-07-27 20:39 - 2014-07-27 20:33 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part10.rar
2014-07-27 20:36 - 2014-07-27 20:33 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part08.rar
2014-07-27 20:36 - 2014-07-27 20:33 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part07.rar
2014-07-27 20:36 - 2014-07-27 20:33 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part06.rar
2014-07-27 20:35 - 2014-07-27 20:33 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part09.rar
2014-07-27 20:33 - 2014-07-27 20:30 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part05.rar
2014-07-27 20:33 - 2014-07-27 20:30 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part04.rar
2014-07-27 20:33 - 2014-07-27 20:30 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part02.rar
2014-07-27 20:32 - 2014-07-27 20:30 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part03.rar
2014-07-27 20:32 - 2014-07-27 20:30 - 525336576 _____ () C:\Users\Andy\Downloads\upp_1407261510part01.rar
2014-07-26 05:13 - 2014-07-27 21:04 - 00000000 ____D () C:\Users\Andy\Downloads\Raid.2.German.DL.AC3.Dubbed.720p.BluRay.x264-PsO
2014-07-25 07:49 - 2014-05-29 21:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 07:49 - 2014-05-29 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 14:38 - 2014-05-29 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 13:31 - 2014-07-24 13:31 - 00007334 _____ () C:\Users\Andy\Desktop\OpenDocument Text (neu) (2).odt
2014-07-24 12:15 - 2011-04-12 09:43 - 00770478 _____ () C:\Windows\system32\perfh007.dat
2014-07-24 12:15 - 2011-04-12 09:43 - 00174294 _____ () C:\Windows\system32\perfc007.dat
2014-07-24 12:15 - 2009-07-14 07:13 - 01798746 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 20:27 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\SpinTires
2014-07-22 10:51 - 2014-07-22 10:51 - 00000076 _____ () C:\Users\Andy\Desktop\beetz.txt
2014-07-21 15:41 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Steam
2014-07-21 15:41 - 2014-07-21 15:39 - 00000000 ____D () C:\Program Files (x86)\Spintires
2014-07-21 15:39 - 2014-07-21 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires-CODEX
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires.Update.1.Hotfix.incl.Crackfix-CODEX
2014-07-21 09:40 - 2014-04-13 18:11 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 19:24 - 2014-08-01 17:47 - 531184490 _____ () C:\Users\Andy\Downloads\Sie.waren.die.Terroristen.der.Roten.Brigaden.E02.GERMAN.DOKU.HDTVRip.x264-821.mkv
2014-07-19 14:45 - 2014-08-01 17:47 - 581912937 _____ () C:\Users\Andy\Downloads\Sie.waren.die.Terroristen.der.Roten.Brigaden.E01.GERMAN.DOKU.HDTVRip.x264-821.mkv
2014-07-16 21:25 - 2014-07-16 21:24 - 48244736 _____ () C:\Users\Andy\Downloads\vice-sample.avi.part
2014-07-16 09:20 - 2014-07-16 21:24 - 48244736 _____ () C:\Users\Andy\Downloads\vice-sample.avi
2014-07-16 09:19 - 2014-07-16 21:24 - 1542246400 _____ () C:\Users\Andy\Downloads\vice-trans.avi
2014-07-15 16:49 - 2014-07-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bossa Studios
2014-07-15 16:48 - 2014-07-15 16:48 - 00000000 ____D () C:\Program Files (x86)\Bossa Studios
2014-07-15 16:46 - 2014-07-12 17:44 - 00000000 ____D () C:\Users\Andy\Downloads\Surgeon.Simulator.2013.MULTi13-PROPHET
2014-07-15 16:24 - 2012-10-28 15:18 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-15 16:24 - 2012-10-28 15:18 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-15 16:19 - 2012-10-28 15:18 - 00281288 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-15 16:19 - 2012-10-28 15:18 - 00000000 ____D () C:\Users\Andy\AppData\Local\PunkBuster
2014-07-15 16:14 - 2013-11-16 20:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 16:09 - 2014-05-15 07:50 - 00084524 _____ () C:\Windows\DirectX.log
2014-07-15 16:09 - 2012-10-28 15:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-07-15 16:05 - 2014-07-15 15:48 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst LIVE!
2014-07-15 16:01 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-07-15 15:47 - 2014-07-15 15:47 - 12844984 _____ (GamersFirst) C:\Users\Andy\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2014-07-15 15:47 - 2014-07-15 15:47 - 00001168 _____ () C:\Users\Andy\Desktop\GamersFirst LIVE!.lnk
2014-07-15 15:47 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst
2014-07-15 15:34 - 2013-05-07 13:01 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-14 19:12 - 2014-08-01 17:48 - 676533011 _____ () C:\Users\Andy\Downloads\Yakuza.Gangster.und.Wohltaeter.GERMAN.DOKU.dTV.x264-821.mkv
2014-07-14 17:06 - 2012-09-21 19:36 - 00000000 ____D () C:\Users\Andy\Documents\My Games
2014-07-14 17:05 - 2014-07-14 16:41 - 00000000 ____D () C:\Program Files (x86)\Woodcutter Simulator 2013
2014-07-14 16:48 - 2012-11-15 11:37 - 00000000 ____D () C:\Users\Andy\AppData\Local\Windows Live
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2013
2014-07-13 14:23 - 2014-07-14 22:37 - 00000000 ____D () C:\Users\Andy\Downloads\Sample
2014-07-13 11:00 - 2014-07-13 10:20 - 00000000 ____D () C:\Users\Andy\Desktop\mix cd
2014-07-13 10:42 - 2014-07-13 10:41 - 00000000 ____D () C:\Users\Andy\Downloads\best of 2014 - Sommerhits
2014-07-13 10:03 - 2014-07-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extreme Roads USA
2014-07-13 10:02 - 2014-07-13 10:02 - 00000000 ____D () C:\Program Files (x86)\Extreme Roads USA
2014-07-12 20:29 - 2014-07-12 20:29 - 00000000 ____D () C:\Users\Andy\Downloads\Edge.of.Tomorrow.2014.NEW.HDTS.German.LiNE.DUBBED.DL.720p.x264-NSane
2014-07-12 17:47 - 2014-07-12 17:46 - 00000000 ____D () C:\Users\Andy\Downloads\Extreme.Roads.USA-CODEX
2014-07-11 20:09 - 2014-07-12 13:28 - 00000000 ____D () C:\Users\Andy\Downloads\Bravo Hits Vol. 86
2014-07-11 13:44 - 2014-04-05 11:05 - 00000000 ____D () C:\Users\Andy\Desktop\Neuer Ordner (3)
2014-07-11 01:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 23:58 - 2009-07-14 06:45 - 00312176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 23:56 - 2014-05-06 22:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 23:56 - 2011-04-12 09:54 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 14:26 - 2013-08-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 14:24 - 2012-08-31 23:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 19:05 - 2014-07-20 14:22 - 00000000 ____D () C:\Users\Andy\Downloads\The Dome Summer 2014
2014-07-05 16:01 - 2014-07-05 16:01 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Landwirt2014Platinum
2014-07-05 16:01 - 2012-09-29 11:27 - 00000000 ____D () C:\Users\Andy\AppData\Local\SKIDROW
2014-07-05 16:00 - 2014-07-05 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIG Entertainment
2014-07-05 15:53 - 2014-07-05 15:53 - 00000000 ____D () C:\Program Files (x86)\UIG Entertainment
2014-07-05 15:43 - 2014-07-05 15:41 - 00000000 ____D () C:\Users\Andy\Downloads\Professional.Farmer.2014.Platinum.Edition-TiNYiSO
2014-07-05 14:37 - 2014-07-12 22:43 - 1790960618 _____ () C:\Users\Andy\Downloads\NoaAC3LDCRG.avi
2014-07-04 20:06 - 2014-07-04 20:06 - 00000000 ____D () C:\Users\Andy\Documents\HOME
2014-07-04 20:06 - 2014-07-04 20:03 - 00000000 ____D () C:\Program Files (x86)\Ship Simulator Maritime Search and Rescue
2014-07-04 20:04 - 2014-07-04 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ship Simulator Maritime Search and Rescue
2014-07-04 20:02 - 2014-07-04 20:01 - 00000000 ____D () C:\Users\Andy\Downloads\Ship.Simulator.Maritime.Search.and.Rescue-CODEX
2014-07-04 16:04 - 2013-03-30 00:46 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\avgnt.exe
C:\Users\Andy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 17:17

==================== End Of Log ============================
--- --- ---


Erledigt

schrauber 02.08.2014 05:52

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Andy666 02.08.2014 17:19
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=443dc806a3039e48a89be92cdde88dc5
# engine=19470
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-02 02:33:47
# local_time=2014-08-02 04:33:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 28748 272409717 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 75414 158619877 0 0
# scanned=256567
# found=32
# cleaned=0
# scan_time=7023
sh=9DD0F7453F429A74EDA0C5519D70C91AF1EC6AA2 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir"
sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=31CE21FE36C11E107A6E315EFE1875743809B4CC ft=1 fh=48abcfa6ce4a4014 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=FE097999E974EC4847B9BB29BE3241BABE091DF1 ft=1 fh=296d7fa3332b1bb0 vn="Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa.exe"
sh=96B17C3628E458A6005D775DA2972B360AEA7DD6 ft=1 fh=6805334fb15e6a36 vn="Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa_inst.exe"
sh=19A9D79A96AA8133AA10546D440F8049FEC45261 ft=1 fh=64f4e669a01b7e7c vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=4F84CDFE6288BE261BCBF2C60FC2A396765A1DC0 ft=1 fh=7a99a9715a891b9b vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=96A0DF1606F3BC8E987BC511A9669CCE95818E4C ft=1 fh=186cfaeb931c5ae2 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=1F574BFEF2A0958496E684ACA4F3F2E1F85DD6CE ft=1 fh=1abf73cff647d1b5 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=D4DC02B4AC9316700F2F5A95BF11A48C1BCB98C9 ft=1 fh=8bab25556a7d729a vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E8A32149C1221F5B8694E2999BFF0B9ACFBE1DCC ft=1 fh=79afd1c4006030eb vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=ECF7023B3AD76F29BD7EF5DE4926C99826289041 ft=1 fh=151b867e28c46231 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=1AABC9516F78675BBA63E865FC14259E2DD6B18C ft=1 fh=27e90cb0da2da6dd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=C7503F846F47819BA49BE6A8EB87E094C012D6AB ft=1 fh=2a7e0f6b6b94c09b vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=AFA7B3C2D0452211D736AF40E5E94CDAACE0BC03 ft=1 fh=54ae330ed9e71419 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LVOU3TZ7\SPSetup[1].exe"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\102_dealply_m.js"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\104_jollywallet_m.js"
sh=723041AFAA11FE75C1E748C4BCD3D15B4F61145F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\108_icm_m.js"
sh=DA209282A25696B4D678B78442C261C5D81DC81B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\119_similar_web_m.js"
sh=B8B5897BC3983B6CE75447868BDAE3EB1441E61C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\155_ibario_pops_m.js"
sh=DB3C1DD7DE366F47829D7301D833F7604BEC5AF3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\190_pops_5_m.js"
sh=705F7674C554A2BDA26E88C6776C54FDBF379002 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\195_icm_convertmedia_m.js"
sh=6DF0914CB2A51AA8E7F1BDDEC414B8969C38A6F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js"
sh=4C03BD17B87EC994B75AC8B7E99F3B70FBB71719 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Desktop\Verschiedenes\Alte Firefox-Daten\9cy9to98.default\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=2C65F3A90C0415C6C7EF304065E84A768C4637F5 ft=1 fh=081a6cd843a3d6fc vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Downloads\isobuster_all_lang_3.3.exe"
sh=CEC8E516B118BDA2D3C46878F7937F5F13E39C4D ft=1 fh=9fd0c935e4e604a0 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andy\Downloads\IsoBuster.Pro.v3.3.3300.Multilanguage\isobuster_all_lang.exe"
Rest Folgt !!

Code:
Results of screen317's Security Check version 0.99.85 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player 11.7.700.224 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (31.0)
 Google Chrome 35.0.1916.153 
 Google Chrome 36.0.1985.125 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Andy (administrator) on HOME on 02-08-2014 18:18:12
Running from C:\Users\Andy\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Tor\tor.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(GamersFirst) C:\Users\Andy\AppData\Local\GamersFirst\LIVE!\Live.exe
() C:\Users\Andy\Downloads\YouScreen.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\JDownloader\jre\bin\javaw.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-17] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [283712 2013-11-26] (Filefacts.net)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1690512930-4117847210-2720430260-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\Andy\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YouScreen.lnk
ShortcutTarget: YouScreen.lnk -> C:\Users\Andy\Downloads\YouScreen.exe ()
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2B2753B8496CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\4gfndgmo.default-1404153371712
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-27]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Extension: (Logitech SetPoint) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-17] (Intel Corporation) [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-25] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-15] ()
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-02] () [File not signed]
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-05-15] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-19] (DT Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-17] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-05-15] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-30] (Duplex Secure Ltd.)
S3 wolfkr; C:\AeriaGames\WolfTeam-DE\avital\wolfk64.sys [86352 2014-05-08] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-08-02] ()
U3 ai5zs06i; C:\Windows\System32\Drivers\ai5zs06i.sys [0 ] (Microsoft Corporation)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VirtualFD; \??\C:\Users\Andy\Desktop\Xbox 360 neu\vfd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 16:45 - 2014-08-02 16:45 - 00854390 _____ () C:\Users\Andy\Downloads\SecurityCheck.exe
2014-08-02 14:32 - 2014-08-02 14:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-02 14:31 - 2014-08-02 14:31 - 02347384 _____ (ESET) C:\Users\Andy\Downloads\esetsmartinstaller_deu.exe
2014-08-02 11:44 - 2014-06-06 04:09 - 00000000 ____D () C:\Users\Andy\Downloads\Black.Ops.E05.Operation.Etebbe.GERMAN.DOKU.HDTV.720p.x264-NVA
2014-08-02 10:17 - 2014-08-02 12:12 - 00000000 ____D () C:\Users\Andy\Downloads\Helene Fischer - Atemlos Durch die Nach (2013)
2014-08-02 08:29 - 2014-08-02 08:29 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-01 19:33 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 19:33 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 19:33 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 19:33 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 19:32 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 19:32 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 19:32 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 19:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 19:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 19:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 19:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 18:22 - 2014-08-01 18:22 - 00000000 ____D () C:\Users\Andy\Downloads\FRST-OlderVersion
2014-08-01 18:19 - 2014-08-01 18:19 - 00000897 _____ () C:\Users\Andy\Desktop\JRT.txt
2014-08-01 18:13 - 2014-08-01 18:13 - 01016261 _____ (Thisisu) C:\Users\Andy\Downloads\JRT.exe
2014-08-01 18:06 - 2014-08-01 18:06 - 01361309 _____ () C:\Users\Andy\Downloads\adwcleaner_3.302.exe
2014-08-01 17:52 - 2014-05-27 04:38 - 00000000 ____D () C:\Users\Andy\Downloads\Black.Ops.E04.Jagd.auf.ein.Phantom.GERMAN.DOKU.HDTV.720p.x264-NVA
2014-08-01 17:52 - 2014-05-19 15:55 - 00000000 ____D () C:\Users\Andy\Downloads\Black.Ops.E03.Das.Ende.von.Osama.Bin.Laden.GERMAN.DOKU.HDTV.720p.x264-NVA
2014-08-01 17:48 - 2014-07-14 19:12 - 676533011 _____ () C:\Users\Andy\Downloads\Yakuza.Gangster.und.Wohltaeter.GERMAN.DOKU.dTV.x264-821.mkv
2014-08-01 17:47 - 2014-07-19 19:24 - 531184490 _____ () C:\Users\Andy\Downloads\Sie.waren.die.Terroristen.der.Roten.Brigaden.E02.GERMAN.DOKU.HDTVRip.x264-821.mkv
2014-08-01 17:47 - 2014-07-19 14:45 - 581912937 _____ () C:\Users\Andy\Downloads\Sie.waren.die.Terroristen.der.Roten.Brigaden.E01.GERMAN.DOKU.HDTVRip.x264-821.mkv
2014-08-01 14:25 - 2014-08-01 14:25 - 00001196 _____ () C:\Users\Andy\Desktop\IsoBuster.lnk
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\Smart Projects
2014-08-01 14:17 - 2014-01-02 18:20 - 00000000 ____D () C:\Users\Andy\Downloads\IsoBuster.Pro.v3.3.3300.Multilanguage
2014-08-01 14:11 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\Smart File Advisor
2014-08-01 14:11 - 2014-08-01 14:11 - 04669400 _____ (Smart Projects ) C:\Users\Andy\Downloads\isobuster_all_lang_3.3.exe
2014-07-31 22:46 - 2014-07-31 22:46 - 00492400 _____ () C:\Users\Andy\Downloads\435144_intl_x64_zip.exe
2014-07-31 22:39 - 2014-07-31 22:39 - 00518186 _____ () C:\Users\Andy\Downloads\nw_22154_aspivaexe.exe
2014-07-30 20:21 - 2014-08-01 14:09 - 00000000 ____D () C:\Users\Andy\Downloads\Prison Architect
2014-07-30 20:21 - 2014-07-30 20:21 - 00000000 ____D () C:\Users\Andy\AppData\Local\Introversion
2014-07-30 15:41 - 2014-07-30 15:41 - 00022920 _____ () C:\ComboFix.txt
2014-07-30 15:33 - 2014-07-30 15:33 - 05563986 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-07-30 10:14 - 2014-07-30 10:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 19:59 - 2014-07-29 19:59 - 00036433 _____ () C:\Users\Andy\Downloads\Addition.txt
2014-07-29 19:58 - 2014-08-02 18:18 - 00017563 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-07-29 19:58 - 2014-08-02 18:18 - 00000000 ____D () C:\FRST
2014-07-29 19:58 - 2014-08-01 18:22 - 02094080 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-07-29 19:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-29 19:38 - 2014-07-29 19:38 - 00000000 ____D () C:\Users\Andy\malware
2014-07-29 19:20 - 2014-08-01 17:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-29 19:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-27 21:04 - 2014-07-26 05:13 - 00000000 ____D () C:\Users\Andy\Downloads\Raid.2.German.DL.AC3.Dubbed.720p.BluRay.x264-PsO
2014-07-24 13:31 - 2014-07-24 13:31 - 00007334 _____ () C:\Users\Andy\Desktop\OpenDocument Text (neu) (2).odt
2014-07-22 10:51 - 2014-07-22 10:51 - 00000076 _____ () C:\Users\Andy\Desktop\beetz.txt
2014-07-21 15:41 - 2014-07-23 20:27 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\SpinTires
2014-07-21 15:41 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Steam
2014-07-21 15:39 - 2014-07-21 15:41 - 00000000 ____D () C:\Program Files (x86)\Spintires
2014-07-21 15:39 - 2014-07-21 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires-CODEX
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires.Update.1.Hotfix.incl.Crackfix-CODEX
2014-07-20 14:22 - 2014-07-07 19:05 - 00000000 ____D () C:\Users\Andy\Downloads\The Dome Summer 2014
2014-07-16 21:24 - 2014-07-16 21:25 - 48244736 _____ () C:\Users\Andy\Downloads\vice-sample.avi.part
2014-07-16 21:24 - 2014-07-16 09:20 - 48244736 _____ () C:\Users\Andy\Downloads\vice-sample.avi
2014-07-16 21:24 - 2014-07-16 09:19 - 1542246400 _____ () C:\Users\Andy\Downloads\vice-trans.avi
2014-07-15 16:49 - 2014-07-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bossa Studios
2014-07-15 16:48 - 2014-07-15 16:48 - 00000000 ____D () C:\Program Files (x86)\Bossa Studios
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-07-15 15:48 - 2014-07-15 16:05 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst LIVE!
2014-07-15 15:47 - 2014-07-15 16:01 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-07-15 15:47 - 2014-07-15 15:47 - 12844984 _____ (GamersFirst) C:\Users\Andy\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2014-07-15 15:47 - 2014-07-15 15:47 - 00001168 _____ () C:\Users\Andy\Desktop\GamersFirst LIVE!.lnk
2014-07-15 15:47 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst
2014-07-14 22:37 - 2014-07-13 14:23 - 00000000 ____D () C:\Users\Andy\Downloads\Sample
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2013
2014-07-14 16:41 - 2014-07-14 17:05 - 00000000 ____D () C:\Program Files (x86)\Woodcutter Simulator 2013
2014-07-13 10:47 - 2014-07-01 09:41 - 00000000 ____D () C:\Users\Andy\Downloads\Ballermann - Fussballhits 2014 (2 CD) (2014)
2014-07-13 10:41 - 2014-07-13 10:42 - 00000000 ____D () C:\Users\Andy\Downloads\best of 2014 - Sommerhits
2014-07-13 10:41 - 2014-06-05 01:47 - 00000000 ____D () C:\Users\Andy\Downloads\RTL Sommerhits 2014 (2014) [2CD]
2014-07-13 10:20 - 2014-07-13 11:00 - 00000000 ____D () C:\Users\Andy\Desktop\mix cd
2014-07-13 10:20 - 2014-03-01 00:30 - 00000000 ____D () C:\Users\Andy\Downloads\The Dome Vol.69
2014-07-13 10:03 - 2014-07-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extreme Roads USA
2014-07-13 10:02 - 2014-07-13 10:02 - 00000000 ____D () C:\Program Files (x86)\Extreme Roads USA
2014-07-12 22:43 - 2014-07-05 14:37 - 1790960618 _____ () C:\Users\Andy\Downloads\NoaAC3LDCRG.avi
2014-07-12 20:29 - 2014-07-12 20:29 - 00000000 ____D () C:\Users\Andy\Downloads\Edge.of.Tomorrow.2014.NEW.HDTS.German.LiNE.DUBBED.DL.720p.x264-NSane
2014-07-12 17:46 - 2014-07-12 17:47 - 00000000 ____D () C:\Users\Andy\Downloads\Extreme.Roads.USA-CODEX
2014-07-12 17:44 - 2014-07-15 16:46 - 00000000 ____D () C:\Users\Andy\Downloads\Surgeon.Simulator.2013.MULTi13-PROPHET
2014-07-12 13:29 - 2014-04-30 17:12 - 00000000 ____D () C:\Users\Andy\Downloads\Bra 87 CD RIP
2014-07-12 13:28 - 2014-07-11 20:09 - 00000000 ____D () C:\Users\Andy\Downloads\Bravo Hits Vol. 86
2014-07-10 09:05 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 09:05 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 09:04 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 09:04 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 09:04 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 09:04 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 09:04 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 09:04 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 09:04 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 09:04 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 09:04 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 09:04 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 09:04 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 09:04 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 09:04 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 09:04 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 09:04 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 09:04 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 09:04 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 09:04 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 09:04 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 09:04 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:04 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 09:04 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:04 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 09:04 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 09:04 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 09:04 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 09:04 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 09:04 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 09:04 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 09:04 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 09:04 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 09:04 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 09:04 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 09:04 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 09:04 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 09:04 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 09:04 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 09:04 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 09:04 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 09:04 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 09:04 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 09:04 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 09:04 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 09:04 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 09:04 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 09:04 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 09:04 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 09:04 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 09:04 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 09:04 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 09:04 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 09:04 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 09:04 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 09:04 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 09:04 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 09:04 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 09:04 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 09:04 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 09:04 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 09:04 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 09:04 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 09:04 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 09:04 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 09:04 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 09:04 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 09:03 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 09:03 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 09:03 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 10:08 - 2014-06-09 15:15 - 00000000 ____D () C:\Users\Andy\Downloads\The.Forest.Early.Access-TPTB
2014-07-05 16:01 - 2014-07-05 16:01 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Landwirt2014Platinum
2014-07-05 16:00 - 2014-07-05 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIG Entertainment
2014-07-05 15:53 - 2014-07-05 15:53 - 00000000 ____D () C:\Program Files (x86)\UIG Entertainment
2014-07-05 15:41 - 2014-07-05 15:43 - 00000000 ____D () C:\Users\Andy\Downloads\Professional.Farmer.2014.Platinum.Edition-TiNYiSO
2014-07-04 20:06 - 2014-07-04 20:06 - 00000000 ____D () C:\Users\Andy\Documents\HOME
2014-07-04 20:04 - 2014-07-04 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ship Simulator Maritime Search and Rescue
2014-07-04 20:03 - 2014-07-04 20:06 - 00000000 ____D () C:\Program Files (x86)\Ship Simulator Maritime Search and Rescue
2014-07-04 20:01 - 2014-07-04 20:02 - 00000000 ____D () C:\Users\Andy\Downloads\Ship.Simulator.Maritime.Search.and.Rescue-CODEX
2014-07-04 16:40 - 2014-08-01 17:48 - 00000000 ____D () C:\Users\Andy\Desktop\Roller gaser

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 18:18 - 2014-07-29 19:58 - 00017563 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-08-02 18:18 - 2014-07-29 19:58 - 00000000 ____D () C:\FRST
2014-08-02 18:18 - 2014-05-14 14:03 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-08-02 17:39 - 2012-11-30 15:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 16:46 - 2014-05-06 11:06 - 00019242 _____ () C:\Windows\setupact.log
2014-08-02 16:45 - 2014-08-02 16:45 - 00854390 _____ () C:\Users\Andy\Downloads\SecurityCheck.exe
2014-08-02 16:09 - 2013-03-06 23:42 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-08-02 14:32 - 2014-08-02 14:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-02 14:31 - 2014-08-02 14:31 - 02347384 _____ (ESET) C:\Users\Andy\Downloads\esetsmartinstaller_deu.exe
2014-08-02 13:29 - 2012-09-18 20:57 - 02084962 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 12:12 - 2014-08-02 10:17 - 00000000 ____D () C:\Users\Andy\Downloads\Helene Fischer - Atemlos Durch die Nach (2013)
2014-08-02 10:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-02 10:15 - 2012-09-19 18:50 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-02 08:36 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 08:36 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 08:35 - 2012-11-30 15:34 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 08:29 - 2014-08-02 08:29 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-02 08:29 - 2013-07-02 20:41 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-02 08:29 - 2012-09-18 22:04 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-08-02 08:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 08:28 - 2014-05-06 11:06 - 00043826 _____ () C:\Windows\PFRO.log
2014-08-01 18:22 - 2014-08-01 18:22 - 00000000 ____D () C:\Users\Andy\Downloads\FRST-OlderVersion
2014-08-01 18:22 - 2014-07-29 19:58 - 02094080 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-08-01 18:19 - 2014-08-01 18:19 - 00000897 _____ () C:\Users\Andy\Desktop\JRT.txt
2014-08-01 18:16 - 2012-09-18 22:09 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps
2014-08-01 18:13 - 2014-08-01 18:13 - 01016261 _____ (Thisisu) C:\Users\Andy\Downloads\JRT.exe
2014-08-01 18:07 - 2014-02-05 15:56 - 00000000 ____D () C:\AdwCleaner
2014-08-01 18:06 - 2014-08-01 18:06 - 01361309 _____ () C:\Users\Andy\Downloads\adwcleaner_3.302.exe
2014-08-01 17:53 - 2014-07-29 19:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 17:48 - 2014-07-04 16:40 - 00000000 ____D () C:\Users\Andy\Desktop\Roller gaser
2014-08-01 14:25 - 2014-08-01 14:25 - 00001196 _____ () C:\Users\Andy\Desktop\IsoBuster.lnk
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\Smart Projects
2014-08-01 14:25 - 2014-08-01 14:11 - 00000000 ____D () C:\Program Files (x86)\Smart File Advisor
2014-08-01 14:11 - 2014-08-01 14:11 - 04669400 _____ (Smart Projects ) C:\Users\Andy\Downloads\isobuster_all_lang_3.3.exe
2014-08-01 14:09 - 2014-07-30 20:21 - 00000000 ____D () C:\Users\Andy\Downloads\Prison Architect
2014-07-31 22:46 - 2014-07-31 22:46 - 00492400 _____ () C:\Users\Andy\Downloads\435144_intl_x64_zip.exe
2014-07-31 22:39 - 2014-07-31 22:39 - 00518186 _____ () C:\Users\Andy\Downloads\nw_22154_aspivaexe.exe
2014-07-31 21:59 - 2012-09-18 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 20:21 - 2014-07-30 20:21 - 00000000 ____D () C:\Users\Andy\AppData\Local\Introversion
2014-07-30 15:41 - 2014-07-30 15:41 - 00022920 _____ () C:\ComboFix.txt
2014-07-30 15:41 - 2014-05-18 09:09 - 00000000 ____D () C:\Qoobox
2014-07-30 15:40 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-30 15:33 - 2014-07-30 15:33 - 05563986 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-07-30 10:14 - 2014-07-30 10:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 19:59 - 2014-07-29 19:59 - 00036433 _____ () C:\Users\Andy\Downloads\Addition.txt
2014-07-29 19:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-07-29 19:45 - 2012-09-18 21:20 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 19:45 - 2012-09-18 20:59 - 00000993 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-29 19:45 - 2012-09-18 20:58 - 00000000 ____D () C:\Users\Andy
2014-07-29 19:38 - 2014-07-29 19:38 - 00000000 ____D () C:\Users\Andy\malware
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-07-29 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 19:20 - 2014-02-05 15:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 19:20 - 2014-02-05 15:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-28 20:21 - 2014-04-29 09:10 - 00000000 ____D () C:\Users\Andy\Desktop\tattoo
2014-07-26 05:13 - 2014-07-27 21:04 - 00000000 ____D () C:\Users\Andy\Downloads\Raid.2.German.DL.AC3.Dubbed.720p.BluRay.x264-PsO
2014-07-25 07:49 - 2014-05-29 21:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 07:49 - 2014-05-29 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 14:38 - 2014-05-29 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 13:31 - 2014-07-24 13:31 - 00007334 _____ () C:\Users\Andy\Desktop\OpenDocument Text (neu) (2).odt
2014-07-24 12:15 - 2011-04-12 09:43 - 00770478 _____ () C:\Windows\system32\perfh007.dat
2014-07-24 12:15 - 2011-04-12 09:43 - 00174294 _____ () C:\Windows\system32\perfc007.dat
2014-07-24 12:15 - 2009-07-14 07:13 - 01798746 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 20:27 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\SpinTires
2014-07-22 10:51 - 2014-07-22 10:51 - 00000076 _____ () C:\Users\Andy\Desktop\beetz.txt
2014-07-21 15:41 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Steam
2014-07-21 15:41 - 2014-07-21 15:39 - 00000000 ____D () C:\Program Files (x86)\Spintires
2014-07-21 15:39 - 2014-07-21 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires-CODEX
2014-07-21 15:31 - 2014-07-21 15:31 - 00000000 ____D () C:\Users\Andy\Downloads\Spintires.Update.1.Hotfix.incl.Crackfix-CODEX
2014-07-21 09:40 - 2014-04-13 18:11 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 19:24 - 2014-08-01 17:47 - 531184490 _____ () C:\Users\Andy\Downloads\Sie.waren.die.Terroristen.der.Roten.Brigaden.E02.GERMAN.DOKU.HDTVRip.x264-821.mkv
2014-07-19 14:45 - 2014-08-01 17:47 - 581912937 _____ () C:\Users\Andy\Downloads\Sie.waren.die.Terroristen.der.Roten.Brigaden.E01.GERMAN.DOKU.HDTVRip.x264-821.mkv
2014-07-16 21:25 - 2014-07-16 21:24 - 48244736 _____ () C:\Users\Andy\Downloads\vice-sample.avi.part
2014-07-16 09:20 - 2014-07-16 21:24 - 48244736 _____ () C:\Users\Andy\Downloads\vice-sample.avi
2014-07-16 09:19 - 2014-07-16 21:24 - 1542246400 _____ () C:\Users\Andy\Downloads\vice-trans.avi
2014-07-15 16:49 - 2014-07-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bossa Studios
2014-07-15 16:48 - 2014-07-15 16:48 - 00000000 ____D () C:\Program Files (x86)\Bossa Studios
2014-07-15 16:46 - 2014-07-12 17:44 - 00000000 ____D () C:\Users\Andy\Downloads\Surgeon.Simulator.2013.MULTi13-PROPHET
2014-07-15 16:24 - 2012-10-28 15:18 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-15 16:24 - 2012-10-28 15:18 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-15 16:19 - 2012-10-28 15:18 - 00281288 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-15 16:19 - 2012-10-28 15:18 - 00000000 ____D () C:\Users\Andy\AppData\Local\PunkBuster
2014-07-15 16:14 - 2013-11-16 20:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 16:09 - 2014-05-15 07:50 - 00084524 _____ () C:\Windows\DirectX.log
2014-07-15 16:09 - 2012-10-28 15:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-07-15 16:07 - 2014-07-15 16:07 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-07-15 16:05 - 2014-07-15 15:48 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst LIVE!
2014-07-15 16:01 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-07-15 15:54 - 2014-07-15 15:54 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-07-15 15:47 - 2014-07-15 15:47 - 12844984 _____ (GamersFirst) C:\Users\Andy\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2014-07-15 15:47 - 2014-07-15 15:47 - 00001168 _____ () C:\Users\Andy\Desktop\GamersFirst LIVE!.lnk
2014-07-15 15:47 - 2014-07-15 15:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\GamersFirst
2014-07-15 15:34 - 2013-05-07 13:01 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-14 19:12 - 2014-08-01 17:48 - 676533011 _____ () C:\Users\Andy\Downloads\Yakuza.Gangster.und.Wohltaeter.GERMAN.DOKU.dTV.x264-821.mkv
2014-07-14 17:06 - 2012-09-21 19:36 - 00000000 ____D () C:\Users\Andy\Documents\My Games
2014-07-14 17:05 - 2014-07-14 16:41 - 00000000 ____D () C:\Program Files (x86)\Woodcutter Simulator 2013
2014-07-14 16:48 - 2012-11-15 11:37 - 00000000 ____D () C:\Users\Andy\AppData\Local\Windows Live
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\Windows\1C4551A64743409391E41477CD655043.TMP
2014-07-14 16:42 - 2014-07-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2013
2014-07-13 14:23 - 2014-07-14 22:37 - 00000000 ____D () C:\Users\Andy\Downloads\Sample
2014-07-13 11:00 - 2014-07-13 10:20 - 00000000 ____D () C:\Users\Andy\Desktop\mix cd
2014-07-13 10:42 - 2014-07-13 10:41 - 00000000 ____D () C:\Users\Andy\Downloads\best of 2014 - Sommerhits
2014-07-13 10:03 - 2014-07-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extreme Roads USA
2014-07-13 10:02 - 2014-07-13 10:02 - 00000000 ____D () C:\Program Files (x86)\Extreme Roads USA
2014-07-12 20:29 - 2014-07-12 20:29 - 00000000 ____D () C:\Users\Andy\Downloads\Edge.of.Tomorrow.2014.NEW.HDTS.German.LiNE.DUBBED.DL.720p.x264-NSane
2014-07-12 17:47 - 2014-07-12 17:46 - 00000000 ____D () C:\Users\Andy\Downloads\Extreme.Roads.USA-CODEX
2014-07-11 20:09 - 2014-07-12 13:28 - 00000000 ____D () C:\Users\Andy\Downloads\Bravo Hits Vol. 86
2014-07-11 13:44 - 2014-04-05 11:05 - 00000000 ____D () C:\Users\Andy\Desktop\Neuer Ordner (3)
2014-07-10 23:58 - 2009-07-14 06:45 - 00312176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 23:56 - 2014-05-06 22:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 23:56 - 2011-04-12 09:54 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 14:26 - 2013-08-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 14:24 - 2012-08-31 23:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 19:05 - 2014-07-20 14:22 - 00000000 ____D () C:\Users\Andy\Downloads\The Dome Summer 2014
2014-07-05 16:01 - 2014-07-05 16:01 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Landwirt2014Platinum
2014-07-05 16:01 - 2012-09-29 11:27 - 00000000 ____D () C:\Users\Andy\AppData\Local\SKIDROW
2014-07-05 16:00 - 2014-07-05 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIG Entertainment
2014-07-05 15:53 - 2014-07-05 15:53 - 00000000 ____D () C:\Program Files (x86)\UIG Entertainment
2014-07-05 15:43 - 2014-07-05 15:41 - 00000000 ____D () C:\Users\Andy\Downloads\Professional.Farmer.2014.Platinum.Edition-TiNYiSO
2014-07-05 14:37 - 2014-07-12 22:43 - 1790960618 _____ () C:\Users\Andy\Downloads\NoaAC3LDCRG.avi
2014-07-04 20:06 - 2014-07-04 20:06 - 00000000 ____D () C:\Users\Andy\Documents\HOME
2014-07-04 20:06 - 2014-07-04 20:03 - 00000000 ____D () C:\Program Files (x86)\Ship Simulator Maritime Search and Rescue
2014-07-04 20:04 - 2014-07-04 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ship Simulator Maritime Search and Rescue
2014-07-04 20:02 - 2014-07-04 20:01 - 00000000 ____D () C:\Users\Andy\Downloads\Ship.Simulator.Maritime.Search.and.Rescue-CODEX
2014-07-04 16:04 - 2013-03-30 00:46 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\avgnt.exe
C:\Users\Andy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 17:17

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Also im moment Läuft der rechner wieder spürbar besser ;-) dnake für eureHilfe macht nen klasse Job !! :applaus::applaus::applaus::applaus:

schrauber 03.08.2014 07:00
Java und Flash updaten. Ordner alte Firefox Daten löschen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR DefaultSearchKeyword: trovi.search
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Andy666 03.08.2014 12:45
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Andy at 2014-08-03 13:38:04 Run:1
Running from C:\Users\Andy\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
roupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR DefaultSearchKeyword: trovi.search
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
*****************

roupPolicy: Group Policy on Chrome detected <======= ATTENTION => Error: No automatic fix found for this entry.
CHR DefaultSearchKeyword: trovi.search ==> The Chrome "Settings" can be used to fix the entry.
xhunter1 => Service deleted successfully.

==== End of Fixlog ====
Alles Erledigt noch mal vielen Danke :-) !!

schrauber 04.08.2014 09:24
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131