Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Plötzliche Werbung in Firefox und Internet Explorer (https://www.trojaner-board.de/158300-ploetzliche-werbung-firefox-internet-explorer.html)

nonever_ 04.09.2014 17:44
Plötzliche Werbung in Firefox und Internet Explorer
 
Moin Leute,
ich glaube, dass ich gestern durch einen dummen Fehler gestern meinen Rechner infiziert habe... Kleine Vorgeschichte: Ich habe seit Jahren keine Antivirensoftware verwendet und bin damit so weit ich weiß immer gut gefahren. Nur Firefox verwendet, dort mit NoScript, Adblock und Cookies löschen alle Tore zu gemacht und nie Dateien aus unbekannter Quelle geladen.
Gestern fragte ein Freund, ob ich lust hätte eine Runde Minecraft zu spielen, wie wir das Früher oft gemacht hatten. Er Schickte einen Link zu dem Spiel und ich Trottel verließ mich darrauf, dass das Seriös wäre, weil er sagte, dass es bei ihm funktioniert hätte. -.- Schon die Installation wirkte komisch und ich beendete das Ding bevor es ganz durchgelaufen war.
Seitdem tauchte in Firefox immer Werbung auf, das ließ sich aber durch das löschen eines seltsamen Plugins lösen... (Jetzt ist nach jedem Neustart ein Plugin da, dass angeblich Youtube Videos in Hd darstellen soll) Außerdem läuft manchmal im Hintergrund Werbung im Iexplorer die man dann nur im taskmanager beenden kann.
Also Avira installiert und das hat gleich ordentlich Funde geschmissen:

Code:
Exportierte Ereignisse:

04.09.2014 17:45 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files
      (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:45 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files
      (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:45 [System-Scanner] Suche
      Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
      Anzahl Dateien:        737947
      Anzahl Verzeichnisse:        28965
      Anzahl Malware:        17
      Anzahl Warnungen:        3

04.09.2014 17:45 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files
      (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:45 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files
      (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Nils\AppData\Roaming\OYVXKZPY.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Nils\AppData\Local\Temp\setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Nils\AppData\Local\Temp\MinecraftInstaller__2490_il11711.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Amonetize.tzv'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\installd.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Amonetize.ges'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Nils\Downloads\MinecraftInstaller__2490_il11711.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Amonetize.tzv'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Nils\AppData\Roaming\SESSEC.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files (x86)\HD-V9.4\HD-V9.4-codedownloader.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files (x86)\HD-V9.4\HD-V9.4-bg.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files
      (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Nils\AppData\Local\Temp\awhE124.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.11455022' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Nils\AppData\Local\Genesis_09031222\Genesis_09031222.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Symmi.11385.158'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '527f262b.qua'
      verschoben!

04.09.2014 17:44 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files (x86)\HD-V9.4\Uninstall.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4aef0985.qua'
      verschoben!

04.09.2014 16:41 [System-Scanner] Suche
      Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
      Anzahl Dateien:        6734
      Anzahl Verzeichnisse:        0
      Anzahl Malware:        5
      Anzahl Warnungen:        0

04.09.2014 16:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\netupdsrv.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.gere.3' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 16:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files (x86)\HD-V9.4\HD-V9.4-bho64.dll'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.

04.09.2014 16:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files (x86)\HD-V9.4\HD-V9.4-bho.dll'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde gelöscht.
Dazu die defogger log:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:46 on 04/09/2014 (Nils)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Die Frst:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Nils (administrator) on NILS-PC on 04-09-2014 17:47:18
Running from C:\Users\Nils\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\spotify.exe
() C:\Program Files (x86)\Boost\BoostUpdater.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(CM&V Hackbart) C:\Program Files (x86)\DVBViewer TE2\DVBViewerTE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1722010485-1478986846-2879839138-1000\...\Run: [Spotify] => C:\Users\Nils\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-26] (Spotify Ltd)
Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYIzDoJlBF7AaCqOwcdIQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk7Rx6aJKOGzMJ-TszzFyYyJwT3_JjBcmD3HDBoyw7rxBHQe9W9i6MEA7J4XOVzmJwrhCnJskNG5UkTKV1cPpwASSlsCWoq8JKQkQ,,
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D561050E1A8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYIzDoJlBF7AaCqOwcdIQ,,&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYPzHq6gqdKhvy_PvXp0Q,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYPzHq6gqdKhvy_PvXp0Q,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYIzDoJlBF7AaCqOwcdIQ,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYIzDoJlBF7AaCqOwcdIQ,,&q={searchTerms}
BHO: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\64Boost.dll (Jigsaw)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\Boost.dll (Jigsaw)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default
FF Homepage: google.de
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYIzDoJlBF7AaCqOwcdIQ,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF user.js: detected! => C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\abs@avira.com [2014-09-04]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\extension@hidemyass.com.xpi [2014-08-31]
FF Extension: Ghostery - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\firefox@ghostery.com.xpi [2014-08-19]
FF Extension: Self-Destructing Cookies - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-08-19]
FF Extension: NoScript - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF Extension: BetterPrivacy - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-19]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-03] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-03] (globalUpdate) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [179712 2014-09-03] () [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AODDriver; C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-09] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [46160 2014-09-03] (nethfdrv)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
R3 UDST7000BDA; C:\Windows\System32\Drivers\UDST7000BDA.sys [538768 2014-07-15] (TechniSat Digital S.A.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 17:47 - 2014-09-04 17:47 - 00014335 _____ () C:\Users\Nils\Desktop\FRST.txt
2014-09-04 17:47 - 2014-09-04 17:47 - 00000000 ____D () C:\FRST
2014-09-04 17:46 - 2014-09-04 17:46 - 02104832 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2014-09-04 17:46 - 2014-09-04 17:46 - 00000470 _____ () C:\Users\Nils\Downloads\defogger_disable.log
2014-09-04 17:46 - 2014-09-04 17:46 - 00000000 _____ () C:\Users\Nils\defogger_reenable
2014-09-04 17:45 - 2014-09-04 17:45 - 00050477 _____ () C:\Users\Nils\Downloads\Defogger.exe
2014-09-04 16:40 - 2014-09-04 16:46 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 16:40 - 2014-09-04 16:45 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-04 16:40 - 2014-09-04 16:39 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-04 16:39 - 2014-09-04 16:39 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Avira
2014-09-04 16:38 - 2014-09-04 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-04 16:38 - 2014-09-04 16:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-04 16:38 - 2014-09-04 16:40 - 00000000 ____D () C:\ProgramData\Avira
2014-09-04 16:38 - 2014-09-04 16:38 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-09-04 16:38 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-04 16:38 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-04 16:38 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-04 16:37 - 2014-09-04 16:37 - 00000000 ____D () C:\Windows\pss
2014-09-04 16:33 - 2014-09-04 16:35 - 149527616 _____ () C:\Users\Nils\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-09-04 16:32 - 2014-09-04 16:32 - 00000687 _____ () C:\awhC62B.tmp
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-03 21:50 - 2012-11-22 12:45 - 00000000 ____D () C:\Users\Nils\Desktop\FreeIMU-20121122_1126
2014-09-03 21:49 - 2014-09-03 21:49 - 03224287 _____ () C:\Users\Nils\Downloads\FreeIMU-20121122_1126.zip
2014-09-03 21:33 - 2014-09-03 21:42 - 00000000 ____D () C:\Users\Nils\Desktop\arduimu_vD
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Documents\Arduino
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Arduino
2014-09-03 21:32 - 2014-09-03 21:32 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000995 _____ () C:\Users\Public\Desktop\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000000 ____D () C:\Program Files (x86)\Arduino
2014-09-03 21:30 - 2014-09-03 21:31 - 55119888 _____ () C:\Users\Nils\Downloads\arduino-1.0.5-r2-windows.exe
2014-09-03 21:26 - 2014-09-03 21:26 - 00016221 _____ () C:\Users\Nils\Downloads\arduimu_vD.rar
2014-09-03 16:11 - 2014-09-03 16:11 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk(1).zip
2014-09-03 16:00 - 2014-09-03 16:00 - 00000000 __RHD () C:\Users\Nils\AppData\Roaming\SecuROM
2014-09-03 15:59 - 2014-09-03 15:59 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(2).exe
2014-09-03 14:27 - 2014-09-03 14:27 - 00000687 _____ () C:\awh7A1F.tmp
2014-09-03 14:25 - 2014-09-03 14:25 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(1).exe
2014-09-03 14:23 - 2014-09-04 17:45 - 00000000 ____D () C:\Program Files (x86)\HD-V9.4
2014-09-03 14:23 - 2014-09-04 16:28 - 00004466 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00003784 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00002678 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00001788 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-1.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00001736 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5_user.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00001716 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00001682 _____ () C:\Windows\Tasks\OYVXKZPY.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00001432 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00001334 _____ () C:\Windows\Tasks\SESSEC.job
2014-09-03 14:23 - 2014-09-04 16:28 - 00000908 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-03 14:23 - 2014-09-03 20:28 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-03 14:23 - 2014-09-03 14:23 - 00007496 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11
2014-09-03 14:23 - 2014-09-03 14:23 - 00006814 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3
2014-09-03 14:23 - 2014-09-03 14:23 - 00005708 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4
2014-09-03 14:23 - 2014-09-03 14:23 - 00004818 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-1
2014-09-03 14:23 - 2014-09-03 14:23 - 00004746 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5
2014-09-03 14:23 - 2014-09-03 14:23 - 00004704 _____ () C:\Windows\System32\Tasks\OYVXKZPY
2014-09-03 14:23 - 2014-09-03 14:23 - 00004462 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2
2014-09-03 14:23 - 2014-09-03 14:23 - 00004356 _____ () C:\Windows\System32\Tasks\SESSEC
2014-09-03 14:23 - 2014-09-03 14:23 - 00003910 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-09-03 14:23 - 2014-09-03 14:23 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\InetStat
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Users\Nils\AppData\Local\globalUpdate
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Program Files (x86)\Boost
2014-09-03 14:22 - 2014-09-04 17:44 - 00000000 ____D () C:\Users\Nils\AppData\Local\Genesis_09031222
2014-09-03 14:21 - 2014-09-03 14:21 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft.exe
2014-09-03 14:10 - 2014-09-03 15:59 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-03 14:10 - 2014-09-03 14:09 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 14:09 - 2014-09-03 14:09 - 00918952 _____ (Oracle Corporation) C:\Users\Nils\Downloads\jxpiinstall.exe
2014-09-03 14:09 - 2014-09-03 14:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-03 14:07 - 2011-08-09 12:14 - 00695296 _____ (AnjoCaido) C:\Users\Nils\Desktop\MinecraftSP.exe
2014-09-03 14:07 - 2004-01-01 23:19 - 302548481 _____ (InstallShield Software Corporation) C:\Users\Nils\Desktop\cs16full standalone.exe
2014-09-03 14:06 - 2014-09-03 14:06 - 00270142 _____ () C:\Users\Nils\Documents\Minecraft.exe
2014-09-03 14:03 - 2014-09-03 14:04 - 285203507 _____ () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings.rar
2014-09-03 13:58 - 2014-09-03 13:58 - 00652192 _____ (Steamless) C:\Users\Nils\Documents\Steamless Counter Strike Source Pack.exe
2014-09-03 13:40 - 2014-09-03 13:40 - 00002027 _____ () C:\Users\Nils\Desktop\Counter-Strike Source.lnk
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:37 - 2014-09-03 13:40 - 00000000 ____D () C:\Program Files (x86)\Counter-Strike Source
2014-09-03 13:34 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-09-03 10:39 - 2014-09-03 10:39 - 00249856 _____ () C:\Windows\SysWOW64\hfpapi.dll
2014-09-03 10:39 - 2014-09-03 10:39 - 00179712 _____ () C:\Windows\SysWOW64\nethtsrv.exe
2014-09-03 10:39 - 2014-09-03 10:39 - 00046160 _____ (nethfdrv) C:\Windows\system32\Drivers\nethfdrv.sys
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Nils\AppData\Roaming\SESSEC
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Nils\AppData\Roaming\OYVXKZPY
2014-08-31 14:28 - 2014-08-31 14:29 - 23207244 _____ () C:\Users\Nils\Downloads\youscope-wave.flac
2014-08-29 16:18 - 2014-08-29 16:18 - 00002684 _____ () C:\Users\Nils\AppData\Local\recently-used.xbel
2014-08-28 18:58 - 2014-08-28 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 1.5.3
2014-08-28 18:57 - 2014-08-28 18:58 - 00000000 ____D () C:\Program Files\wings3d_1.5.3
2014-08-28 18:56 - 2014-08-28 18:56 - 16062920 _____ () C:\Users\Nils\Downloads\wings-x64-1.5.3.exe
2014-08-28 18:51 - 2014-08-28 18:51 - 00001049 _____ () C:\Users\Public\Desktop\KiCad.lnk
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KiCad
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\Program Files (x86)\KiCad
2014-08-28 15:22 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:22 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:22 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 13:26 - 2014-08-28 13:29 - 207245212 _____ () C:\Users\Nils\Downloads\KiCad_stable-2013.07.07-BZR4022_Win_full_version.exe
2014-08-21 19:43 - 2014-08-21 19:43 - 00000000 ____D () C:\Program Files\Recuva
2014-08-21 19:42 - 2014-08-21 19:42 - 04210920 _____ (Piriform Ltd) C:\Users\Nils\Downloads\rcsetup151.exe
2014-08-21 13:53 - 2014-08-21 13:55 - 00000000 ____D () C:\Users\Nils\Desktop\Neuer Ordner
2014-08-21 13:53 - 2014-08-21 13:53 - 00121069 _____ () C:\Users\Nils\Downloads\memtest86+-5.01.usb.installer.zip
2014-08-20 23:39 - 2014-08-21 00:12 - 00077688 _____ () C:\Users\Nils\Desktop\Unbenannt 1.ods
2014-08-20 16:39 - 2014-08-20 16:39 - 04526080 _____ () C:\Users\Nils\Downloads\FRITZ.Box_Fon_WLAN_7113.60.04.68.image
2014-08-20 12:48 - 2014-08-20 12:48 - 00195072 _____ () C:\Users\Nils\Downloads\BERECHNUNG_PT1000.XLS
2014-08-19 19:49 - 2014-08-19 19:49 - 00015127 _____ () C:\Users\Nils\Documents\Unbenannt 1.ods
2014-08-19 17:27 - 2014-08-19 17:27 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\OpenOffice
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-08-19 17:26 - 2014-08-19 17:26 - 00000000 ____D () C:\Users\Nils\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-08-19 17:24 - 2014-08-19 17:25 - 164962843 _____ () C:\Users\Nils\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-08-18 17:34 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\Nils\AppData\Local\gtk-2.0
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieUserList
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieSiteList
2014-08-15 00:20 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 00:20 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 00:20 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 00:20 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 00:20 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 00:20 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 00:20 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 00:20 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 19:36 - 2014-08-14 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2014-08-14 19:36 - 2014-08-14 19:39 - 00000000 ____D () C:\Program Files (x86)\Voobly
2014-08-14 19:36 - 2014-08-14 19:36 - 09961548 _____ (Voobly ) C:\Users\Nils\Downloads\voobly-v2.1.67.1.exe
2014-08-14 19:36 - 2014-08-14 19:36 - 00000983 _____ () C:\Users\Nils\Desktop\Voobly.lnk
2014-08-14 17:31 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 17:31 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 17:31 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 17:31 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 17:31 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 17:31 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 17:31 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 17:31 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 17:31 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 17:31 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 17:31 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 17:31 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 17:31 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 17:31 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 17:31 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 17:31 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 17:31 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 17:31 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 17:31 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 17:31 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 17:31 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 17:31 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 17:30 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 17:30 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 17:30 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 17:30 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 17:30 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 17:30 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 17:30 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 17:30 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 17:30 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 17:30 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 17:30 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 17:30 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 17:30 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 17:30 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 17:30 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 17:30 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 17:30 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 17:30 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 17:30 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 17:30 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 17:30 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 17:30 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 17:30 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 17:30 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 17:30 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 17:30 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 17:30 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 17:30 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 17:30 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 17:30 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 17:30 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 17:30 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 17:30 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 17:30 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 17:30 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 17:30 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 17:30 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 17:30 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 17:30 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 17:30 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 17:30 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 17:30 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 17:30 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 17:30 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 17:30 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 17:30 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 17:30 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 17:30 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 17:30 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 17:24 - 2014-09-04 16:28 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn Hamachi
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-14 17:23 - 2014-08-14 17:23 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi.msi
2014-08-12 21:19 - 2014-08-12 21:19 - 00000219 _____ () C:\Windows\Directx.log
2014-08-12 21:19 - 2014-08-12 21:19 - 00000000 ____D () C:\Program Files (x86)\directx
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-08-11 18:38 - 2014-08-11 18:38 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Riot Games
2014-08-11 18:37 - 2014-08-11 18:38 - 34888568 _____ (Riot Games) C:\Users\Nils\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-08-11 15:52 - 2008-01-19 01:10 - 00154168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys
2014-08-11 15:50 - 2014-08-11 16:26 - 00000000 ____D () C:\Program Files (x86)\vLite
2014-08-11 15:50 - 2014-08-11 15:50 - 01620715 _____ (Dino Nuhagic (nuhi) ) C:\Users\Nils\Downloads\vLite-1.2.installer.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00518940 _____ () C:\Users\Nils\Downloads\wimfltr.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vLite
2014-08-11 15:49 - 2014-08-11 16:15 - 2463242240 _____ () C:\Users\Nils\Downloads\X15-65740.iso
2014-08-11 15:32 - 2014-08-11 15:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\WinRAR
2014-08-11 15:30 - 2014-08-11 15:31 - 00000000 ____D () C:\Users\Nils\Desktop\stick
2014-08-11 15:30 - 2014-08-11 15:30 - 02060744 _____ () C:\Users\Nils\Downloads\winrar-x64-510d.exe
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 15:20 - 2014-08-11 15:24 - 348127232 _____ () C:\Users\Nils\Downloads\android-x86-4.4-RC2.iso
2014-08-10 11:30 - 2014-08-10 11:30 - 00400569 _____ () C:\Users\Nils\Downloads\agmp3plugin.exe
2014-08-10 11:28 - 2014-08-10 11:28 - 00001164 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 11:27 - 2014-08-10 11:27 - 00000435 _____ () C:\Windows\cdplayer.ini
2014-08-10 11:23 - 2014-08-10 11:30 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-08-10 11:23 - 2014-08-10 11:28 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-10 11:23 - 2014-08-10 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-08-10 11:21 - 2014-08-10 11:21 - 00471536 _____ () C:\Users\Nils\Downloads\download_audiograbber.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00587776 _____ (Igor Pavlov) C:\Users\Nils\Downloads\7za.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00078848 _____ () C:\Users\Nils\Downloads\Archive.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00043008 _____ () C:\Users\Nils\Downloads\39dll.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00005845 _____ () C:\Users\Nils\Downloads\txt.sec
2014-08-09 17:54 - 2014-08-09 17:54 - 00000000 ____D () C:\Users\Nils\Downloads\Resources
2014-08-09 17:42 - 2014-08-09 17:42 - 00000034 _____ () C:\Windows\AvastEmUpdate.ini
2014-08-09 17:42 - 2014-08-09 17:42 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-09 17:41 - 2014-08-09 17:41 - 00519488 _____ (AVAST Software) C:\Users\Nils\Downloads\avastclear.exe
2014-08-09 17:37 - 2014-08-09 17:43 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\AVAST Software
2014-08-09 17:37 - 2014-08-09 17:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-09 17:36 - 2014-08-09 17:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-09 17:36 - 2014-08-09 17:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 17:36 - 2014-08-09 17:36 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407598624688
2014-08-09 17:36 - 2014-08-09 17:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 17:29 - 2014-08-09 17:29 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi_CB-DL-Manager [1].exe
2014-08-09 17:19 - 2014-09-04 00:06 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Local\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-09 17:17 - 2014-08-09 17:17 - 00787392 _____ ( ) C:\Users\Nils\Downloads\hamachi_CB-DL-Manager.exe
2014-08-09 17:16 - 2014-08-09 17:16 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Nils\Downloads\SkypeSetup.exe
2014-08-09 16:17 - 2014-08-09 16:42 - 361544078 _____ () C:\Users\Nils\Downloads\gta2installer.zip
2014-08-09 16:16 - 2014-08-09 16:17 - 01101648 _____ () C:\Users\Nils\Downloads\Grand Theft Auto GTA 2 - CHIP-Installer.exe
2014-08-09 15:08 - 2014-08-09 15:08 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk.zip
2014-08-09 15:08 - 2014-08-09 15:08 - 00000948 _____ () C:\Users\Nils\Downloads\aoe2-vista-win7-fix.zip
2014-08-09 15:05 - 2014-08-09 16:09 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-09 15:04 - 2014-08-09 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-08-09 15:03 - 2014-08-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-08-09 14:58 - 2014-08-14 19:44 - 00000000 ____D () C:\Users\Nils\Desktop\Age of Empires II & The Conquerors
2014-08-09 14:54 - 2014-09-03 13:37 - 00000000 ____D () C:\Users\Nils\Desktop\Counter Strike Source
2014-08-09 14:53 - 2014-08-09 14:54 - 00000000 ____D () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings
2014-08-09 14:53 - 2006-10-10 07:56 - 733777632 _____ () C:\Users\Nils\Desktop\Counter Strike Source.install.exe
2014-08-08 19:07 - 2014-08-08 19:07 - 00008628 _____ () C:\Users\Nils\Downloads\p.txt
2014-08-08 18:19 - 2014-08-08 19:07 - 397550563 _____ () C:\Users\Nils\Downloads\CarTFT_EX70-2_Windows_Drivers.zip
2014-08-08 18:19 - 2014-08-08 19:02 - 375104654 _____ () C:\Users\Nils\Downloads\CarTFT_X70EX-2_BASIC_Android.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 17:47 - 2014-09-04 17:47 - 00014335 _____ () C:\Users\Nils\Desktop\FRST.txt
2014-09-04 17:47 - 2014-09-04 17:47 - 00000000 ____D () C:\FRST
2014-09-04 17:46 - 2014-09-04 17:46 - 02104832 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2014-09-04 17:46 - 2014-09-04 17:46 - 00000470 _____ () C:\Users\Nils\Downloads\defogger_disable.log
2014-09-04 17:46 - 2014-09-04 17:46 - 00000000 _____ () C:\Users\Nils\defogger_reenable
2014-09-04 17:46 - 2014-07-14 11:29 - 00000000 ____D () C:\Users\Nils
2014-09-04 17:45 - 2014-09-04 17:45 - 00050477 _____ () C:\Users\Nils\Downloads\Defogger.exe
2014-09-04 17:45 - 2014-09-03 14:23 - 00000000 ____D () C:\Program Files (x86)\HD-V9.4
2014-09-04 17:44 - 2014-09-03 14:22 - 00000000 ____D () C:\Users\Nils\AppData\Local\Genesis_09031222
2014-09-04 16:47 - 2014-07-14 11:29 - 01121612 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 16:46 - 2014-09-04 16:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 16:45 - 2014-09-04 16:40 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-04 16:45 - 2014-09-04 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-04 16:45 - 2014-09-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-04 16:40 - 2014-09-04 16:38 - 00000000 ____D () C:\ProgramData\Avira
2014-09-04 16:39 - 2014-09-04 16:40 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-04 16:39 - 2014-09-04 16:39 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Avira
2014-09-04 16:38 - 2014-09-04 16:38 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-09-04 16:37 - 2014-09-04 16:37 - 00000000 ____D () C:\Windows\pss
2014-09-04 16:35 - 2014-09-04 16:33 - 149527616 _____ () C:\Users\Nils\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-09-04 16:34 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 16:34 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 16:33 - 2014-07-14 17:07 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Spotify
2014-09-04 16:33 - 2010-11-21 08:50 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-09-04 16:33 - 2010-11-21 08:50 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-09-04 16:33 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 16:32 - 2014-09-04 16:32 - 00000687 _____ () C:\awhC62B.tmp
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-04 16:28 - 2014-09-03 14:23 - 00004466 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00003784 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00002678 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00001788 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-1.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00001736 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5_user.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00001716 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00001682 _____ () C:\Windows\Tasks\OYVXKZPY.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00001432 _____ () C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00001334 _____ () C:\Windows\Tasks\SESSEC.job
2014-09-04 16:28 - 2014-09-03 14:23 - 00000908 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-04 16:28 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn Hamachi
2014-09-04 16:28 - 2014-07-14 11:51 - 00000000 _____ () C:\ProgramData\Gpu.log
2014-09-04 16:27 - 2010-11-21 05:47 - 00007438 _____ () C:\Windows\PFRO.log
2014-09-04 16:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 16:27 - 2009-07-14 06:51 - 00035213 _____ () C:\Windows\setupact.log
2014-09-04 00:06 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Skype
2014-09-03 21:49 - 2014-09-03 21:49 - 03224287 _____ () C:\Users\Nils\Downloads\FreeIMU-20121122_1126.zip
2014-09-03 21:42 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Desktop\arduimu_vD
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Documents\Arduino
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Arduino
2014-09-03 21:32 - 2014-09-03 21:32 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000995 _____ () C:\Users\Public\Desktop\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000000 ____D () C:\Program Files (x86)\Arduino
2014-09-03 21:32 - 2014-07-31 14:01 - 00012926 _____ () C:\Windows\DPINST.LOG
2014-09-03 21:31 - 2014-09-03 21:30 - 55119888 _____ () C:\Users\Nils\Downloads\arduino-1.0.5-r2-windows.exe
2014-09-03 21:26 - 2014-09-03 21:26 - 00016221 _____ () C:\Users\Nils\Downloads\arduimu_vD.rar
2014-09-03 20:28 - 2014-09-03 14:23 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-03 16:11 - 2014-09-03 16:11 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk(1).zip
2014-09-03 16:00 - 2014-09-03 16:00 - 00000000 __RHD () C:\Users\Nils\AppData\Roaming\SecuROM
2014-09-03 15:59 - 2014-09-03 15:59 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(2).exe
2014-09-03 15:59 - 2014-09-03 14:10 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft
2014-09-03 14:27 - 2014-09-03 14:27 - 00000687 _____ () C:\awh7A1F.tmp
2014-09-03 14:25 - 2014-09-03 14:25 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(1).exe
2014-09-03 14:23 - 2014-09-03 14:23 - 00007496 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11
2014-09-03 14:23 - 2014-09-03 14:23 - 00006814 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3
2014-09-03 14:23 - 2014-09-03 14:23 - 00005708 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4
2014-09-03 14:23 - 2014-09-03 14:23 - 00004818 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-1
2014-09-03 14:23 - 2014-09-03 14:23 - 00004746 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5
2014-09-03 14:23 - 2014-09-03 14:23 - 00004704 _____ () C:\Windows\System32\Tasks\OYVXKZPY
2014-09-03 14:23 - 2014-09-03 14:23 - 00004462 _____ () C:\Windows\System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2
2014-09-03 14:23 - 2014-09-03 14:23 - 00004356 _____ () C:\Windows\System32\Tasks\SESSEC
2014-09-03 14:23 - 2014-09-03 14:23 - 00003910 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-09-03 14:23 - 2014-09-03 14:23 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\InetStat
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Users\Nils\AppData\Local\globalUpdate
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-03 14:23 - 2014-09-03 14:23 - 00000000 ____D () C:\Program Files (x86)\Boost
2014-09-03 14:21 - 2014-09-03 14:21 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft.exe
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-03 14:09 - 2014-09-03 14:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 14:09 - 2014-09-03 14:09 - 00918952 _____ (Oracle Corporation) C:\Users\Nils\Downloads\jxpiinstall.exe
2014-09-03 14:09 - 2014-09-03 14:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-03 14:06 - 2014-09-03 14:06 - 00270142 _____ () C:\Users\Nils\Documents\Minecraft.exe
2014-09-03 14:04 - 2014-09-03 14:03 - 285203507 _____ () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings.rar
2014-09-03 13:58 - 2014-09-03 13:58 - 00652192 _____ (Steamless) C:\Users\Nils\Documents\Steamless Counter Strike Source Pack.exe
2014-09-03 13:40 - 2014-09-03 13:40 - 00002027 _____ () C:\Users\Nils\Desktop\Counter-Strike Source.lnk
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:37 - 00000000 ____D () C:\Program Files (x86)\Counter-Strike Source
2014-09-03 13:37 - 2014-08-09 14:54 - 00000000 ____D () C:\Users\Nils\Desktop\Counter Strike Source
2014-09-03 10:39 - 2014-09-03 10:39 - 00249856 _____ () C:\Windows\SysWOW64\hfpapi.dll
2014-09-03 10:39 - 2014-09-03 10:39 - 00179712 _____ () C:\Windows\SysWOW64\nethtsrv.exe
2014-09-03 10:39 - 2014-09-03 10:39 - 00046160 _____ (nethfdrv) C:\Windows\system32\Drivers\nethfdrv.sys
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Nils\AppData\Roaming\SESSEC
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Nils\AppData\Roaming\OYVXKZPY
2014-08-31 20:19 - 2014-07-16 22:09 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\vlc
2014-08-31 14:29 - 2014-08-31 14:28 - 23207244 _____ () C:\Users\Nils\Downloads\youscope-wave.flac
2014-08-29 16:18 - 2014-08-29 16:18 - 00002684 _____ () C:\Users\Nils\AppData\Local\recently-used.xbel
2014-08-29 16:18 - 2014-07-14 22:18 - 00000000 ____D () C:\Users\Nils\.gimp-2.8
2014-08-28 18:58 - 2014-08-28 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 1.5.3
2014-08-28 18:58 - 2014-08-28 18:57 - 00000000 ____D () C:\Program Files\wings3d_1.5.3
2014-08-28 18:56 - 2014-08-28 18:56 - 16062920 _____ () C:\Users\Nils\Downloads\wings-x64-1.5.3.exe
2014-08-28 18:51 - 2014-08-28 18:51 - 00001049 _____ () C:\Users\Public\Desktop\KiCad.lnk
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KiCad
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\Program Files (x86)\KiCad
2014-08-28 17:49 - 2014-07-14 17:13 - 00000000 ____D () C:\Users\Nils\AppData\Local\Spotify
2014-08-28 17:49 - 2009-07-14 06:45 - 00304712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 13:29 - 2014-08-28 13:26 - 207245212 _____ () C:\Users\Nils\Downloads\KiCad_stable-2013.07.07-BZR4022_Win_full_version.exe
2014-08-23 04:07 - 2014-08-28 15:22 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:22 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:22 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 19:43 - 2014-08-21 19:43 - 00000000 ____D () C:\Program Files\Recuva
2014-08-21 19:42 - 2014-08-21 19:42 - 04210920 _____ (Piriform Ltd) C:\Users\Nils\Downloads\rcsetup151.exe
2014-08-21 13:55 - 2014-08-21 13:53 - 00000000 ____D () C:\Users\Nils\Desktop\Neuer Ordner
2014-08-21 13:53 - 2014-08-21 13:53 - 00121069 _____ () C:\Users\Nils\Downloads\memtest86+-5.01.usb.installer.zip
2014-08-21 00:12 - 2014-08-20 23:39 - 00077688 _____ () C:\Users\Nils\Desktop\Unbenannt 1.ods
2014-08-20 16:39 - 2014-08-20 16:39 - 04526080 _____ () C:\Users\Nils\Downloads\FRITZ.Box_Fon_WLAN_7113.60.04.68.image
2014-08-20 14:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 12:48 - 2014-08-20 12:48 - 00195072 _____ () C:\Users\Nils\Downloads\BERECHNUNG_PT1000.XLS
2014-08-19 19:49 - 2014-08-19 19:49 - 00015127 _____ () C:\Users\Nils\Documents\Unbenannt 1.ods
2014-08-19 19:08 - 2014-07-14 11:32 - 00067128 _____ () C:\Users\Nils\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-19 17:27 - 2014-08-19 17:27 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\OpenOffice
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-08-19 17:26 - 2014-08-19 17:26 - 00000000 ____D () C:\Users\Nils\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-08-19 17:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 17:25 - 2014-08-19 17:24 - 164962843 _____ () C:\Users\Nils\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-08-18 17:35 - 2014-08-18 17:34 - 00000000 ____D () C:\Users\Nils\AppData\Local\gtk-2.0
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieUserList
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieSiteList
2014-08-15 13:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 10:30 - 2014-09-04 16:38 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-09-04 16:38 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-09-04 16:38 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-15 00:20 - 2014-07-30 11:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 19:44 - 2014-08-09 14:58 - 00000000 ____D () C:\Users\Nils\Desktop\Age of Empires II & The Conquerors
2014-08-14 19:39 - 2014-08-14 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2014-08-14 19:39 - 2014-08-14 19:36 - 00000000 ____D () C:\Program Files (x86)\Voobly
2014-08-14 19:36 - 2014-08-14 19:36 - 09961548 _____ (Voobly ) C:\Users\Nils\Downloads\voobly-v2.1.67.1.exe
2014-08-14 19:36 - 2014-08-14 19:36 - 00000983 _____ () C:\Users\Nils\Desktop\Voobly.lnk
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-14 17:23 - 2014-08-14 17:23 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi.msi
2014-08-12 21:19 - 2014-08-12 21:19 - 00000219 _____ () C:\Windows\Directx.log
2014-08-12 21:19 - 2014-08-12 21:19 - 00000000 ____D () C:\Program Files (x86)\directx
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-08-12 21:18 - 2014-07-14 11:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-11 18:38 - 2014-08-11 18:38 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Riot Games
2014-08-11 18:38 - 2014-08-11 18:37 - 34888568 _____ (Riot Games) C:\Users\Nils\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-08-11 16:26 - 2014-08-11 15:50 - 00000000 ____D () C:\Program Files (x86)\vLite
2014-08-11 16:15 - 2014-08-11 15:49 - 2463242240 _____ () C:\Users\Nils\Downloads\X15-65740.iso
2014-08-11 15:50 - 2014-08-11 15:50 - 01620715 _____ (Dino Nuhagic (nuhi) ) C:\Users\Nils\Downloads\vLite-1.2.installer.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00518940 _____ () C:\Users\Nils\Downloads\wimfltr.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vLite
2014-08-11 15:32 - 2014-08-11 15:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\WinRAR
2014-08-11 15:31 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\Desktop\stick
2014-08-11 15:30 - 2014-08-11 15:30 - 02060744 _____ () C:\Users\Nils\Downloads\winrar-x64-510d.exe
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 15:24 - 2014-08-11 15:20 - 348127232 _____ () C:\Users\Nils\Downloads\android-x86-4.4-RC2.iso
2014-08-10 11:35 - 2014-07-14 11:29 - 00000000 ____D () C:\Users\Nils\AppData\Local\VirtualStore
2014-08-10 11:30 - 2014-08-10 11:30 - 00400569 _____ () C:\Users\Nils\Downloads\agmp3plugin.exe
2014-08-10 11:30 - 2014-08-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-08-10 11:28 - 2014-08-10 11:28 - 00001164 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 11:28 - 2014-08-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-10 11:27 - 2014-08-10 11:27 - 00000435 _____ () C:\Windows\cdplayer.ini
2014-08-10 11:23 - 2014-08-10 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-08-10 11:21 - 2014-08-10 11:21 - 00471536 _____ () C:\Users\Nils\Downloads\download_audiograbber.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00587776 _____ (Igor Pavlov) C:\Users\Nils\Downloads\7za.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00078848 _____ () C:\Users\Nils\Downloads\Archive.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00043008 _____ () C:\Users\Nils\Downloads\39dll.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00005845 _____ () C:\Users\Nils\Downloads\txt.sec
2014-08-09 17:54 - 2014-08-09 17:54 - 00000000 ____D () C:\Users\Nils\Downloads\Resources
2014-08-09 17:43 - 2014-08-09 17:37 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\AVAST Software
2014-08-09 17:43 - 2014-08-09 17:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-09 17:43 - 2014-08-09 17:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 17:42 - 2014-08-09 17:42 - 00000034 _____ () C:\Windows\AvastEmUpdate.ini
2014-08-09 17:42 - 2014-08-09 17:42 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-09 17:41 - 2014-08-09 17:41 - 00519488 _____ (AVAST Software) C:\Users\Nils\Downloads\avastclear.exe
2014-08-09 17:37 - 2014-08-09 17:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-09 17:36 - 2014-08-09 17:36 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407598624688
2014-08-09 17:36 - 2014-08-09 17:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 17:29 - 2014-08-09 17:29 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi_CB-DL-Manager [1].exe
2014-08-09 17:19 - 2014-08-09 17:19 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Local\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-09 17:17 - 2014-08-09 17:17 - 00787392 _____ ( ) C:\Users\Nils\Downloads\hamachi_CB-DL-Manager.exe
2014-08-09 17:16 - 2014-08-09 17:16 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Nils\Downloads\SkypeSetup.exe
2014-08-09 16:42 - 2014-08-09 16:17 - 361544078 _____ () C:\Users\Nils\Downloads\gta2installer.zip
2014-08-09 16:31 - 2014-07-15 12:17 - 00001001 _____ () C:\Users\Nils\Desktop\DVBViewer TE2.lnk
2014-08-09 16:17 - 2014-08-09 16:16 - 01101648 _____ () C:\Users\Nils\Downloads\Grand Theft Auto GTA 2 - CHIP-Installer.exe
2014-08-09 16:09 - 2014-08-09 15:05 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-09 15:08 - 2014-08-09 15:08 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk.zip
2014-08-09 15:08 - 2014-08-09 15:08 - 00000948 _____ () C:\Users\Nils\Downloads\aoe2-vista-win7-fix.zip
2014-08-09 15:04 - 2014-08-09 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-08-09 15:03 - 2014-08-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-08-09 14:54 - 2014-08-09 14:53 - 00000000 ____D () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings
2014-08-08 21:48 - 2014-07-29 23:51 - 00000000 ____D () C:\Users\Nils\dl-fldigi.files
2014-08-08 19:07 - 2014-08-08 19:07 - 00008628 _____ () C:\Users\Nils\Downloads\p.txt
2014-08-08 19:07 - 2014-08-08 18:19 - 397550563 _____ () C:\Users\Nils\Downloads\CarTFT_EX70-2_Windows_Drivers.zip
2014-08-08 19:02 - 2014-08-08 18:19 - 375104654 _____ () C:\Users\Nils\Downloads\CarTFT_X70EX-2_BASIC_Android.zip
2014-08-07 04:06 - 2014-08-14 17:30 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 17:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Nils\AppData\Local\Temp\avgnt.exe
C:\Users\Nils\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Nils\AppData\Local\Temp\drm_dyndata_7270014.dll
C:\Users\Nils\AppData\Local\Temp\erplcnms.dll
C:\Users\Nils\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nils\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
C:\Users\Nils\AppData\Local\Temp\project1.exe
C:\Users\Nils\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\Nils\AppData\Local\Temp\Shockwave_Installer_FF.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 14:41

==================== End Of Log ============================

und die Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Nils at 2014-09-04 17:47:48
Running from C:\Users\Nils\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Boost for Internet Explorer (HKLM-x32\...\Boost) (Version: 3.0.0.10 - Boost Shopping)
Catalyst Control Center Core Implementation (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help English (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help French (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help German (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0210.2206.39615 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0210.2206.39615 - ATI) Hidden
Counter-Strike: Source (HKLM-x32\...\Counter-Strike: Source) (Version:  - Valve)
Dl-Fldigi 3.21.50 (HKLM-x32\...\Dl-Fldigi-3.21.50) (Version: 3.21.50 - Fldigi developers)
DVBViewer TE2 (HKLM-x32\...\DVBViewer TE2_is1) (Version:  - CM&V)
EAGLE 7.0.0 (HKLM-x32\...\EAGLE 7.0.0) (Version: 7.0.0 - CadSoft Computer GmbH)
Genesis (HKCU\...\genesis_09031222) (Version:  - ) <==== ATTENTION
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPU Boost Driver (HKLM-x32\...\{B8887E02-C910-4498-A7C0-186ABFDCD110}) (Version: 1.01.15 - ASUS)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HD-V9.4 (HKLM-x32\...\HD-V9.4) (Version: 1.34.8.12 - HD-V9.4)
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
KiCad 2013.07.07 (HKLM-x32\...\KiCad) (Version: 2013.07.07 - )
Lazarus 1.2.4 (HKLM\...\lazarus_is1) (Version: 1.2.4 - Lazarus Team)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
RAPID Mode (Version: 1.0.1.68 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
TechniSat DVB-PC TV Star (HKLM-x32\...\{CE9F9FBC-5253-46D2-9883-09E55003D794}) (Version: 1.0.0 - TechniSat)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
vLite (HKLM-x32\...\vLite_is1) (Version: 1.2 - Dino Nuhagic (nuhi))
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
Windows 7 Codec Pack 4.0.9 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.9 - Windows 7 Codec Pack)
Wings 3D 1.5.3 (HKLM-x32\...\Wings 3D 1.5.3) (Version:  - )
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-08-2014 10:50:58 Windows Update
26-08-2014 14:45:02 Windows Update
28-08-2014 13:25:07 Windows Update
02-09-2014 09:16:38 Windows Update
03-09-2014 12:09:52 Installed Java 7 Update 67
03-09-2014 19:32:35 Gerätetreiber-Paketinstallation: Arduino LLC (www.arduino.cc) Anschlüsse (COM & LPT)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A7E86B7-1B7A-427A-A43D-CF86881C04D2} - System32\Tasks\ASUS\Gpu Boost Driver => C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe [2010-03-27] (
ASUSTeK Computer Inc.)
Task: {21E161E9-F0A2-4753-9154-BEE74EBD977D} - System32\Tasks\OYVXKZPY => C:\Users\Nils\AppData\Roaming\OYVXKZPY.exe
Task: {334D1D1E-84D8-4491-9B00-4FB937487589} - System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3 => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3.exe <==== ATTENTION
Task: {37E04530-C25C-4D4B-81A3-071B059D26B5} - System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11 => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11.exe <==== ATTENTION
Task: {86EBF3A1-CE11-4504-9514-76FD514A65C3} - System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5 => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5.exe <==== ATTENTION
Task: {9968A1D7-DAF4-4B6C-B559-18363113DDB0} - System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4 => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4.exe <==== ATTENTION
Task: {9B227FDB-4B0B-4622-9AA7-2F9C2C31FAEB} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-03] (globalUpdate) <==== ATTENTION
Task: {A16C1411-E8F9-4999-93EA-8383EF555869} - System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2 => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2.exe <==== ATTENTION
Task: {A5FE5D67-2448-49D8-9FD7-16A07383B622} - System32\Tasks\SESSEC => C:\Users\Nils\AppData\Roaming\SESSEC.exe
Task: {BE19A5CA-B5A3-43A9-AB23-A5348881770A} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-03] (globalUpdate) <==== ATTENTION
Task: {BE6D4175-D219-4B4F-ADBD-A0E9BD2D3FE6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {D9D7CAD7-4878-4BAC-BA72-167CB32390C8} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {DE6E9868-23D3-414D-A81B-1F0945CE5F56} - System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5_user => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5.exe <==== ATTENTION
Task: {F4AADD0E-4C9F-45DD-97E7-503C9C3B2F85} - System32\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-1 => C:\Program Files (x86)\HD-V9.4\HD-V9.4-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-1.job => C:\Program Files (x86)\HD-V9.4\HD-V9.4-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11.job => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2.job => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3.job => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4.job => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5.job => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5_user.job => C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\OYVXKZPY.job => C:\Users\Nils\AppData\Roaming\OYVXKZPY.exe
Task: C:\Windows\Tasks\SESSEC.job => C:\Users\Nils\AppData\Roaming\SESSEC.exe

==================== Loaded Modules (whitelisted) =============

2014-04-21 21:24 - 2014-04-21 21:24 - 00392704 _____ () C:\Program Files (x86)\Boost\BoostUpdater.exe
2014-07-14 11:47 - 2014-07-14 11:47 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00610872 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-07-14 11:49 - 2010-03-12 05:40 - 04449632 _____ () C:\Program Files (x86)\ASUS\GPU Boost Driver\Platform.dll
2014-07-14 11:49 - 2010-03-12 05:40 - 00423256 _____ () C:\Program Files (x86)\ASUS\GPU Boost Driver\Device.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 36966968 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-14 12:02 - 2014-05-06 11:24 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00103424 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\PAL.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00039424 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SATA.dll
2014-07-14 12:02 - 2014-05-19 20:19 - 00038400 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAT.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00031232 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SMINI.dll
2014-07-14 12:02 - 2014-05-19 20:19 - 00029696 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAS.dll
2014-07-14 21:16 - 2014-08-26 12:28 - 00867896 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00886840 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00108600 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-15 12:17 - 2009-01-24 14:44 - 00107520 _____ () C:\Program Files (x86)\DVBViewer TE2\Plugins\Skystar.dll
2014-07-15 12:17 - 2009-04-01 10:06 - 00043520 _____ () C:\Program Files (x86)\DVBViewer TE2\Plugins\WinLirc.dll
2014-05-13 17:01 - 2014-05-13 17:01 - 03502592 _____ () C:\Windows\SysWow64\ffdshow.ax
2014-05-13 17:05 - 2014-05-13 17:05 - 04009984 _____ () C:\Windows\system32\ffmpeg.dll
2014-07-23 20:45 - 2014-07-23 20:46 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-04 16:40 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\Nils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Nils^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BoostUpdater.lnk => C:\Windows\pss\BoostUpdater.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nils^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^genesis_09031222.lnk => C:\Windows\pss\genesis_09031222.lnk.Startup
MSCONFIG\startupreg: genesis_09031222 => "c:\users\nils\appdata\local\genesis_09031222\genesis_09031222.exe" /r
MSCONFIG\startupreg: InetStat => C:\Users\Nils\AppData\Roaming\InetStat\inetstat.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Voobly => "C:\Program Files (x86)\Voobly\voobly.exe" --startup

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2014 04:29:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 02:23:35 PM) (Source: MsiInstaller) (EventID: 11309) (User: Nils-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (09/03/2014 01:41:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4145efeb
Name des fehlerhaften Moduls: Steam.dll, Version: 0.0.0.0, Zeitstempel: 0x41e7fcca
Ausnahmecode: 0x4000001f
Fehleroffset: 0x00006260
ID des fehlerhaften Prozesses: 0x13c0
Startzeit der fehlerhaften Anwendung: 0xhl2.exe0
Pfad der fehlerhaften Anwendung: hl2.exe1
Pfad des fehlerhaften Moduls: hl2.exe2
Berichtskennung: hl2.exe3

Error: (09/03/2014 01:37:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4145efeb
Name des fehlerhaften Moduls: Steam.dll, Version: 0.0.0.0, Zeitstempel: 0x41e7fcca
Ausnahmecode: 0x4000001f
Fehleroffset: 0x00006260
ID des fehlerhaften Prozesses: 0x47c
Startzeit der fehlerhaften Anwendung: 0xhl2.exe0
Pfad der fehlerhaften Anwendung: hl2.exe1
Pfad des fehlerhaften Moduls: hl2.exe2
Berichtskennung: hl2.exe3

Error: (09/03/2014 01:35:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 11:14:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 04:05:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 00:22:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 02:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2014 05:11:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/04/2014 04:41:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Network Support Service Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2014 04:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Network HTTP Support Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2014 04:29:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/04/2014 04:28:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/03/2014 01:35:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/03/2014 01:34:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/01/2014 04:04:28 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/01/2014 00:21:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/31/2014 02:02:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/31/2014 00:42:25 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{CD0CC67C-8D16-4508-94C7-ACDB3FD49A5B} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (09/04/2014 04:29:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 02:23:35 PM) (Source: MsiInstaller) (EventID: 11309) (User: Nils-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/03/2014 01:41:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl2.exe0.0.0.04145efebSteam.dll0.0.0.041e7fcca4000001f0000626013c001cfc76bf25658d2C:\Program Files (x86)\Counter-Strike Source\hl2.exeC:\Program Files (x86)\Counter-Strike Source\Steam.dll34d1082e-335f-11e4-b637-00158350f7b1

Error: (09/03/2014 01:37:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl2.exe0.0.0.04145efebSteam.dll0.0.0.041e7fcca4000001f0000626047c01cfc76b63343c8bC:\Users\Nils\Desktop\Counter Strike Source\hl2.exeC:\Users\Nils\Desktop\Counter Strike Source\bin\Steam.dlla5cf6cb1-335e-11e4-b637-00158350f7b1

Error: (09/03/2014 01:35:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 11:14:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 04:05:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 00:22:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 02:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2014 05:11:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 47%
Total physical RAM: 7935.16 MB
Available physical RAM: 4164.42 MB
Total Pagefile: 15868.5 MB
Available Pagefile: 11601.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:54.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 50B522E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
und die gmer:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-04 18:17:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_120GB rev.EXT0BB6Q 111,79GB
Running: yn11zb4n.exe; Driver: C:\Users\Nils\AppData\Local\Temp\kxldqpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                            fffff80002df9000 45 bytes [05, 00, 00, 00, 06, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                            fffff80002df902f 5 bytes [00, 10, B5, F0, 6E]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000077ad1465 2 bytes [AD, 77]
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000077ad14bb 2 bytes [AD, 77]
.text    ...                                                                                                                            * 2
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000077ad1465 2 bytes [AD, 77]
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077ad14bb 2 bytes [AD, 77]
.text    ...                                                                                                                            * 2
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077ad1465 2 bytes [AD, 77]
.text    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000077ad14bb 2 bytes [AD, 77]
.text    ...                                                                                                                            * 2

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                              ????????????????????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????? ???????????????????x?0????????*???????????? ?????????????????????0??????????????????????????????????????*?????????????? ???????????????????x?0????????*?????????????*?????????????hxxp://www.zyxel.com????{36fc9e60-c465-11cf-8056-444553540000}?m94?????????????????n?????????????n??am??? ?????????????????????0????????????????????ZyXEL???????????????????? ???????????????????x?0?????????????????????????????v???u????*??????????x??hxxp://www.zyxel.com????????????????????? ?????????????????????0????????????????????? ???????????????????x?0?????????????????????????????????????z??????????????????????NSA325 v2????????????????????????????????????????????4???????????????????????????????????????i???????????????????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????@usbport.inf,%usb\root_hub.devicede
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158350f7b1                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158350f7b1@88124e878892                                      0xE0 0xC8 0xB3 0x02 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158350f7b1 (not active ControlSet)                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158350f7b1@88124e878892                                          0xE0 0xC8 0xB3 0x02 ...

---- EOF - GMER 2.1 ----
Besteht da Hoffnung das ganze relativ einfach sauber zu bekommen? Wenn nein würde ich dazu tendieren gleich alles Platt zumachen und Windows neu aufzusetzen, da sowieso noch nicht viele Datein auf dem Rechner sind und alle Dokumente und Bilder extern auf meinem Nas liegen.... Aber das ist natürlich Aufwand, den ich gerne vermeiden würde ;-)
Ich danke schonmal im Vorraus für die Hilfe und hoffem, dass ihr mir helfen könnt...

Nils

M-K-D-B 04.09.2014 18:19
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!





Bekommt man wieder sauber... ;)


Wir beginnen so:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

nonever_ 04.09.2014 18:32
Das ist schön zu hören =)
Hier das Combofix Logfile: (Avira hat einen Registry Zugriff blockiert, obwohl ausgeschaltet)
Code:
ComboFix 14-08-31.01 - Nils 04.09.2014  19:24:01.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.7935.4230 [GMT 2:00]
ausgeführt von:: c:\users\Nils\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Config\uninstinethnfd.exe
c:\program files (x86)\Common Files\Config\ver.xml
c:\users\Nils\AppData\Local\Adobe\AdbeRdr11007_de_DE.exe
c:\users\Nils\AppData\Local\Adobe\gccheck.exe
c:\users\Nils\AppData\Local\Adobe\gtbcheck.exe
c:\users\Nils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\SysWow64\hfpapi.dll
c:\windows\SysWow64\nethtsrv.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_globalUpdate
-------\Service_nethfdrv
-------\Service_NetHttpService
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-04 bis 2014-09-04  ))))))))))))))))))))))))))))))
.
.
2014-09-04 17:26 . 2014-09-04 17:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-09-04 15:47 . 2014-09-04 15:48        --------        d-----w-        C:\FRST
2014-09-04 14:40 . 2014-09-04 14:39        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-09-04 14:40 . 2014-09-04 14:46        --------        d-----w-        c:\programdata\Package Cache
2014-09-04 14:39 . 2014-09-04 14:39        --------        d-----w-        c:\users\Nils\AppData\Roaming\Avira
2014-09-04 14:38 . 2014-08-15 08:30        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2014-09-04 14:38 . 2014-08-15 08:30        130584        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-09-04 14:38 . 2014-08-15 08:30        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-09-04 14:38 . 2014-09-04 14:45        --------        d-----w-        c:\program files (x86)\Avira
2014-09-04 14:38 . 2014-09-04 14:40        --------        d-----w-        c:\programdata\Avira
2014-09-04 14:32 . 2014-09-04 14:32        687        ----a-w-        C:\awhC62B.tmp
2014-09-04 14:28 . 2014-09-04 14:28        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2014-09-03 19:33 . 2014-09-03 19:33        --------        d-----w-        c:\users\Nils\AppData\Roaming\Arduino
2014-09-03 19:32 . 2014-09-03 19:32        --------        d-----w-        c:\program files (x86)\Arduino
2014-09-03 14:00 . 2014-09-03 14:00        --------        d--h--r-        c:\users\Nils\AppData\Roaming\SecuROM
2014-09-03 12:27 . 2014-09-03 12:27        687        ----a-w-        C:\awh7A1F.tmp
2014-09-03 12:23 . 2014-09-04 15:45        --------        d-----w-        c:\program files (x86)\HD-V9.4
2014-09-03 12:23 . 2014-09-03 12:23        --------        d-----w-        c:\users\Nils\AppData\Local\globalUpdate
2014-09-03 12:23 . 2014-09-03 12:23        --------        d-----w-        c:\program files (x86)\globalUpdate
2014-09-03 12:23 . 2014-09-03 12:23        --------        d-----w-        c:\program files (x86)\Boost
2014-09-03 12:23 . 2014-09-03 12:23        --------        d-----w-        c:\users\Nils\AppData\Roaming\InetStat
2014-09-03 12:22 . 2014-09-04 15:44        --------        d-----w-        c:\users\Nils\AppData\Local\Genesis_09031222
2014-09-03 12:22 . 2014-09-04 17:26        --------        d-----w-        c:\program files (x86)\Common Files\Config
2014-09-03 12:10 . 2014-09-03 13:59        --------        d-----w-        c:\users\Nils\AppData\Roaming\.minecraft
2014-09-03 12:10 . 2014-09-03 12:10        --------        d-----w-        c:\programdata\Oracle
2014-09-03 12:10 . 2014-09-03 12:10        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-09-03 12:10 . 2014-09-03 12:09        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-03 12:09 . 2014-09-03 12:09        --------        d-----w-        c:\program files (x86)\Java
2014-09-03 11:37 . 2014-09-03 11:40        --------        d-----w-        c:\program files (x86)\Counter-Strike Source
2014-09-03 11:34 . 2009-03-18 16:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys
2014-09-03 08:39 . 2014-09-03 08:39        46160        ----a-w-        c:\windows\system32\drivers\nethfdrv.sys
2014-09-02 09:16 . 2014-08-21 03:43        11319192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AC0DFD4-27CC-4AE7-AFB9-8988A4D43C0D}\mpengine.dll
2014-08-28 16:57 . 2014-08-28 16:58        --------        d-----w-        c:\program files\wings3d_1.5.3
2014-08-28 16:51 . 2014-08-28 16:51        --------        d-----w-        c:\program files (x86)\KiCad
2014-08-28 13:22 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-28 13:22 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-28 13:22 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-21 17:43 . 2014-08-21 17:43        --------        d-----w-        c:\program files\Recuva
2014-08-19 15:27 . 2014-08-19 15:27        --------        d-----w-        c:\users\Nils\AppData\Roaming\OpenOffice
2014-08-19 15:27 . 2014-08-19 15:27        --------        d-----w-        c:\program files (x86)\OpenOffice 4
2014-08-18 15:34 . 2014-08-18 15:35        --------        d-----w-        c:\users\Nils\AppData\Local\gtk-2.0
2014-08-15 20:41 . 2014-08-15 20:41        --------        d-sh--w-        c:\users\Nils\AppData\Local\EmieUserList
2014-08-15 20:41 . 2014-08-15 20:41        --------        d-sh--w-        c:\users\Nils\AppData\Local\EmieSiteList
2014-08-14 22:20 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-08-14 22:20 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-08-14 22:20 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-08-14 22:20 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-08-14 22:20 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-08-14 22:20 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-08-14 22:20 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 22:20 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-08-14 17:36 . 2014-08-14 17:39        --------        d-----w-        c:\program files (x86)\Voobly
2014-08-14 15:30 . 2014-07-31 23:16        812224        ----a-w-        c:\program files (x86)\Internet Explorer\iexplore.exe
2014-08-14 15:24 . 2014-09-04 15:57        --------        d-----w-        c:\users\Nils\AppData\Local\LogMeIn Hamachi
2014-08-14 15:24 . 2014-08-14 15:24        --------        d-----w-        c:\users\Nils\AppData\Local\LogMeIn
2014-08-14 15:24 . 2014-08-14 15:24        --------        d-----w-        c:\programdata\LogMeIn
2014-08-12 19:19 . 2014-08-12 19:19        --------        d-----w-        c:\program files (x86)\directx
2014-08-12 19:18 . 2014-08-12 19:18        --------        d-----w-        c:\program files (x86)\Rockstar Games
2014-08-12 19:18 . 2014-08-12 19:18        282756        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2014-08-12 19:18 . 2014-08-12 19:18        163972        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2014-08-12 19:18 . 2002-12-05 12:12        692224        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2014-08-12 19:18 . 2002-12-05 12:10        155648        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2014-08-12 19:18 . 2002-12-02 13:22        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2014-08-12 19:18 . 2002-12-02 11:33        57344        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2014-08-12 19:18 . 2002-12-02 11:33        237568        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2014-08-11 16:38 . 2014-08-11 16:38        --------        d-----w-        c:\users\Nils\AppData\Roaming\Riot Games
2014-08-11 13:52 . 2008-01-18 23:10        154168        ----a-w-        c:\windows\system32\drivers\WimFltr.sys
2014-08-11 13:50 . 2014-08-11 14:26        --------        d-----w-        c:\program files (x86)\vLite
2014-08-11 13:30 . 2014-08-11 13:30        --------        d-----w-        c:\program files\WinRAR
2014-08-10 09:23 . 2014-08-10 09:30        --------        d-----w-        c:\program files (x86)\Audiograbber
2014-08-10 09:23 . 2014-08-10 09:28        --------        d-----w-        c:\program files (x86)\Security Guard
2014-08-09 15:37 . 2014-08-09 15:43        --------        d-----w-        c:\users\Nils\AppData\Roaming\AVAST Software
2014-08-09 15:36 . 2014-08-09 15:36        426848        ----a-w-        c:\windows\system32\drivers\aswsp.sys.1407598624688
2014-08-09 15:36 . 2014-08-09 15:36        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-08-09 15:36 . 2014-08-09 15:43        --------        d-----w-        c:\program files\AVAST Software
2014-08-09 15:36 . 2014-08-09 15:43        --------        d-----w-        c:\programdata\AVAST Software
2014-08-09 15:19 . 2014-08-09 15:19        --------        d-----w-        c:\users\Nils\AppData\Local\Skype
2014-08-09 15:19 . 2014-09-03 22:06        --------        d-----w-        c:\users\Nils\AppData\Roaming\Skype
2014-08-09 15:19 . 2014-08-09 15:19        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-08-09 15:19 . 2014-08-09 15:19        --------        d-----r-        c:\program files (x86)\Skype
2014-08-09 15:19 . 2014-08-09 15:19        --------        d-----w-        c:\programdata\Skype
2014-08-09 13:03 . 2014-08-09 13:03        --------        d-----w-        c:\program files (x86)\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-05 07:20 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-07-29 21:40 . 2014-07-29 21:40        1795952        ----a-w-        c:\windows\system32\WdfCoInstaller01011.dll
2014-07-29 21:40 . 2014-07-29 21:40        1002728        ----a-w-        c:\windows\system32\WinUSBCoInstaller2.dll
2014-07-29 10:19 . 2014-07-29 10:19        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2014-07-29 10:19 . 2014-07-29 10:19        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2014-07-29 10:19 . 2014-07-29 10:19        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2014-07-29 10:19 . 2014-07-29 10:19        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2014-07-29 10:19 . 2014-07-29 10:19        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2014-07-29 10:19 . 2014-07-29 10:19        81408        ----a-w-        c:\windows\system32\icardie.dll
2014-07-29 10:19 . 2014-07-29 10:19        774144        ----a-w-        c:\windows\system32\jscript.dll
2014-07-29 10:19 . 2014-07-29 10:19        77312        ----a-w-        c:\windows\system32\tdc.ocx
2014-07-29 10:19 . 2014-07-29 10:19        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2014-07-29 10:19 . 2014-07-29 10:19        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-07-29 10:19 . 2014-07-29 10:19        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2014-07-29 10:19 . 2014-07-29 10:19        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2014-07-29 10:19 . 2014-07-29 10:19        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2014-07-29 10:19 . 2014-07-29 10:19        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2014-07-29 10:19 . 2014-07-29 10:19        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2014-07-29 10:19 . 2014-07-29 10:19        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2014-07-29 10:19 . 2014-07-29 10:19        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2014-07-29 10:19 . 2014-07-29 10:19        48128        ----a-w-        c:\windows\system32\imgutil.dll
2014-07-29 10:19 . 2014-07-29 10:19        413696        ----a-w-        c:\windows\system32\html.iec
2014-07-29 10:19 . 2014-07-29 10:19        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2014-07-29 10:19 . 2014-07-29 10:19        337408        ----a-w-        c:\windows\SysWow64\html.iec
2014-07-29 10:19 . 2014-07-29 10:19        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2014-07-29 10:19 . 2014-07-29 10:19        247808        ----a-w-        c:\windows\system32\msls31.dll
2014-07-29 10:19 . 2014-07-29 10:19        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2014-07-29 10:19 . 2014-07-29 10:19        243200        ----a-w-        c:\windows\system32\webcheck.dll
2014-07-29 10:19 . 2014-07-29 10:19        235520        ----a-w-        c:\windows\system32\url.dll
2014-07-29 10:19 . 2014-07-29 10:19        235008        ----a-w-        c:\windows\system32\elshyph.dll
2014-07-29 10:19 . 2014-07-29 10:19        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2014-07-29 10:19 . 2014-07-29 10:19        167424        ----a-w-        c:\windows\system32\iexpress.exe
2014-07-29 10:19 . 2014-07-29 10:19        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2014-07-29 10:19 . 2014-07-29 10:19        147968        ----a-w-        c:\windows\system32\occache.dll
2014-07-29 10:19 . 2014-07-29 10:19        143872        ----a-w-        c:\windows\system32\wextract.exe
2014-07-29 10:19 . 2014-07-29 10:19        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2014-07-29 10:19 . 2014-07-29 10:19        13824        ----a-w-        c:\windows\system32\mshta.exe
2014-07-29 10:19 . 2014-07-29 10:19        135680        ----a-w-        c:\windows\system32\iepeers.dll
2014-07-29 10:19 . 2014-07-29 10:19        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2014-07-29 10:19 . 2014-07-29 10:19        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2014-07-29 10:19 . 2014-07-29 10:19        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2014-07-29 10:19 . 2014-07-29 10:19        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2014-07-29 10:19 . 2014-07-29 10:19        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2014-07-29 10:19 . 2014-07-29 10:19        101376        ----a-w-        c:\windows\system32\inseng.dll
2014-07-29 10:16 . 2014-07-29 10:16        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2014-07-29 10:16 . 2014-07-29 10:16        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2014-07-29 10:16 . 2014-07-29 10:16        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2014-07-29 10:16 . 2014-07-29 10:16        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2014-07-29 10:16 . 2014-07-29 10:16        363008        ----a-w-        c:\windows\system32\dxgi.dll
2014-07-29 10:16 . 2014-07-29 10:16        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll
2014-07-29 10:16 . 2014-07-29 10:16        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        296960        ----a-w-        c:\windows\system32\d3d10core.dll
2014-07-29 10:16 . 2014-07-29 10:16        293376        ----a-w-        c:\windows\SysWow64\dxgi.dll
2014-07-29 10:16 . 2014-07-29 10:16        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-07-29 10:16 . 2014-07-29 10:16        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2014-07-29 10:16 . 2014-07-29 10:16        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2014-07-29 10:16 . 2014-07-29 10:16        2284544        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2014-07-29 10:16 . 2014-07-29 10:16        221184        ----a-w-        c:\windows\system32\UIAnimation.dll
2014-07-29 10:16 . 2014-07-29 10:16        220160        ----a-w-        c:\windows\SysWow64\d3d10core.dll
2014-07-29 10:16 . 2014-07-29 10:16        207872        ----a-w-        c:\windows\SysWow64\WindowsCodecsExt.dll
2014-07-29 10:16 . 2014-07-29 10:16        194560        ----a-w-        c:\windows\system32\d3d10_1.dll
2014-07-29 10:16 . 2014-07-29 10:16        187392        ----a-w-        c:\windows\SysWow64\UIAnimation.dll
2014-07-29 10:16 . 2014-07-29 10:16        1682432        ----a-w-        c:\windows\system32\XpsPrint.dll
2014-07-29 10:16 . 2014-07-29 10:16        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2014-07-29 10:16 . 2014-07-29 10:16        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2014-07-29 10:16 . 2014-07-29 10:16        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2014-07-29 10:16 . 2014-07-29 10:16        1238528        ----a-w-        c:\windows\system32\d3d10.dll
2014-07-29 10:16 . 2014-07-29 10:16        1175552        ----a-w-        c:\windows\system32\FntCache.dll
2014-07-29 10:16 . 2014-07-29 10:16        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2014-07-29 10:16 . 2014-07-29 10:16        1080832        ----a-w-        c:\windows\SysWow64\d3d10.dll
2014-07-29 10:16 . 2014-07-29 10:16        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-07-29 10:16 . 2014-07-29 10:16        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-07-15 10:15 . 2009-07-20 07:31        538768        ----a-w-        c:\windows\system32\drivers\UDST7000BDA.sys
2014-07-14 15:25 . 2014-07-14 15:25        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-14 15:25 . 2014-07-14 15:25        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18 . 2014-07-15 09:58        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-15 09:58        646144        ----a-w-        c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}]
2014-09-03 09:56        498936        ----a-w-        c:\program files (x86)\Boost\Boost.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Nils\AppData\Roaming\Spotify\Spotify.exe" [2014-08-26 6621752]
"Spotify Web Helper"="c:\users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-26 1245752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-09-04 3802448]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-04 161584]
.
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\windows\system32\schtasks.exe  /run /tn SamsungMagician [2010-11-21 285696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;c:\windows\system32\DRIVERS\SamsungRapidDiskFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidDiskFltr.sys [x]
S0 SamsungRapidFSFltr;SamsungRapidFSFltr;c:\windows\system32\DRIVERS\SamsungRapidFSFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidFSFltr.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 SamsungRapidSvc;Samsung RAPID Mode Service;c:\windows\system32\RAPID\SamsungRapidSvc.exe;c:\windows\SYSNATIVE\RAPID\SamsungRapidSvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 AODDriver;AODDriver;c:\program files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys;c:\program files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 UDST7000BDA;%UDST7000BDA.FriendlyName%;c:\windows\system32\Drivers\UDST7000BDA.sys;c:\windows\SYSNATIVE\Drivers\UDST7000BDA.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-04 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-03 12:23]
.
2014-09-03 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-03 12:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}]
2014-09-03 09:56        562936        ----a-w-        c:\program files (x86)\Boost\64Boost.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"SamsungRapidApp"="c:\program files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe" [2014-05-19 281312]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk7Rx6aJKOGzMJ-TszzFyYyJwT3_JjBcmD3HDBoyw7rxBHQe9W9i6MEA7J4XOVzmJwrhCnJskNG5UkTKV1cPpwASSlsCWoq8JKQkQ,,
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYIzDoJlBF7AaCqOwcdIQ,,&q={searchTerms}
FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86UfDdTXFyGwOF52nYjAD_zI0z6KMNAKGu87Y-NnRpu9t6c7XBtgwXvstSbYIzDoJlBF7AaCqOwcdIQ,,&q=
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-HD-V9.4 - c:\program files (x86)\HD-V9.4\Uninstall.exe
AddRemove-inethnfd - c:\program files (x86)\Common Files\Config\uninstinethnfd.exe
AddRemove-genesis_09031222 - c:\users\nils\appdata\local\genesis_09031222\genesis_09031222.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:52,55,79,1d,0d,87,b1,5f,7e,09,52,d6,01,f8,f9,7e,1d,ca,f2,d9,c8,b7,23,
  73,3d,a9,3f,14,44,59,00,76,3b,4a,15,0d,4f,cd,59,e9,94,6b,ee,a7,a6,d5,f8,0b,\
"??"=hex:47,29,96,45,c3,5d,41,ad,91,1e,b6,65,68,de,f2,83
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-04  19:29:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-04 17:29
.
Vor Suchlauf: 9 Verzeichnis(se), 64.799.072.256 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 63.950.327.808 Bytes frei
.
- - End Of File - - DF764693062F7687AFAC153ED0EE674D
A36C5E4F47E84449FF07ED3517B43A31
Danke

Nils

M-K-D-B 05.09.2014 09:23
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

nonever_ 05.09.2014 17:37
Soo hier die gewünschten Logs:
ADWCleaner:
Code:
# AdwCleaner v3.309 - Bericht erstellt am 05/09/2014 um 18:12:41
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Nils - NILS-PC
# Gestartet von : C:\Users\Nils\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Boost
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\Nils\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Nils\AppData\Local\Genesis_09031222
Ordner Gelöscht : C:\Users\Nils\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Datei Gelöscht : C:\Windows\System32\drivers\nethfdrv.sys
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\user.js

***** [ Tasks ] *****

Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\Applications\inetstat.exe
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544834460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832260}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835560}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836660}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Driver Pro
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1483b78aa5e5e374ee3199f1da1519c3");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjBVwSW3oS9azFioQNIYYOtzIs1EAWHZA8YdfIpZWoAYDk7j2u0rBQHr1ySV7lntlk3QXKJIpUiKJVWs0CnkAF86[...]

*************************

AdwCleaner[R0].txt - [13366 octets] - [05/09/2014 18:12:04]
AdwCleaner[S0].txt - [11461 octets] - [05/09/2014 18:12:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11522 octets] ##########
Mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.09.2014
Suchlauf-Zeit: 18:15:33
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.05.05
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nils

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306498
Verstrichene Zeit: 7 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\HD-V9.4, In Quarantäne, [e7223cae35467abc23279e68ea19c53b],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD-V9.4, Löschen bei Neustart, [44c51bcf4734102648008086d033d52b],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1722010485-1478986846-2879839138-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD-V9.4, Löschen bei Neustart, [60a9ad3dcdaede580642e02623e01ee2],
PUP.Optional.Ciuvo.A, HKU\S-1-5-21-1722010485-1478986846-2879839138-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ciuvo.com, Löschen bei Neustart, [2edb5199d3a84ee8f5ddf1103ac96a96],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.PlusHD.A, C:\Program Files (x86)\HD-V9.4, In Quarantäne, [f41514d6e794b383758b0cd24cb6659b],

Dateien: 12
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD-V9.4\utils.exe, In Quarantäne, [75949951502b96a04fc5211ffd0331cf],
Hacktool.Agent, C:\Users\Nils\Downloads\Windows Loader v2.2.2.zip, In Quarantäne, [cf3a49a17506f046a872ff5929d839c7],
PUP.Optional.Spigot, C:\Users\Nils\Downloads\windows.7.codec.pack.v4.0.9.setup.exe, In Quarantäne, [56b37a70007bc86e977306a388798a76],
PUP.Optional.SmartBar, C:\Windows\Installer\MSICC22.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [5eabe90155267cba80cdd35be21eb848],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI8937.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [2cdd1eccf2891620c984979732ce2dd3],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\HD-V9.4\1293297481.mxaddon, In Quarantäne, [f41514d6e794b383758b0cd24cb6659b],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\HD-V9.4\17f3b119-35e1-42d7-ad21-249013123388.crx, In Quarantäne, [f41514d6e794b383758b0cd24cb6659b],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82.crx, In Quarantäne, [f41514d6e794b383758b0cd24cb6659b],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\HD-V9.4\197bc0c9-2fbe-45b5-b37c-2d65549b8c82.xpi, In Quarantäne, [f41514d6e794b383758b0cd24cb6659b],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\HD-V9.4\background.html, In Quarantäne, [f41514d6e794b383758b0cd24cb6659b],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\HD-V9.4\cb1dcbd4-d50c-4038-8c45-8c4068d7c557.crx, In Quarantäne, [f41514d6e794b383758b0cd24cb6659b],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\HD-V9.4\HD-V9.4.ico, In Quarantäne, [f41514d6e794b383758b0cd24cb6659b],

Physische Sektoren: 0
(No malicious items detected)


(end)
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Nils on 05.09.2014 at 18:28:31,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\fsit9ray.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.09.2014 at 18:32:19,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Nils (administrator) on NILS-PC on 05-09-2014 18:32:58
Running from C:\Users\Nils\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1722010485-1478986846-2879839138-1000\...\Run: [Spotify] => C:\Users\Nils\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-26] (Spotify Ltd)
HKU\S-1-5-21-1722010485-1478986846-2879839138-1000\...\Run: [Spotify Web Helper] => C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-26] (Spotify Ltd)
Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D561050E1A8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Hide My Ass Proxy Extension - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\extension@hidemyass.com.xpi [2014-08-31]
FF Extension: Ghostery - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\firefox@ghostery.com.xpi [2014-08-19]
FF Extension: Self-Destructing Cookies - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-08-19]
FF Extension: NoScript - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF Extension: BetterPrivacy - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-19]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AODDriver; C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-09] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
S3 UDST7000BDA; C:\Windows\System32\Drivers\UDST7000BDA.sys [538768 2014-07-15] (TechniSat Digital S.A.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 18:32 - 2014-09-05 18:32 - 00000751 _____ () C:\Users\Nils\Desktop\JRT.txt
2014-09-05 18:28 - 2014-09-05 18:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-05 18:27 - 2014-09-05 18:27 - 00003547 _____ () C:\Users\Nils\Desktop\mbam.txt
2014-09-05 18:15 - 2014-09-05 18:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 18:14 - 2014-09-05 18:14 - 00011651 _____ () C:\Users\Nils\Desktop\AdwCleaner[S0].txt
2014-09-05 18:14 - 2014-09-05 18:14 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 18:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 18:14 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-05 18:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-05 18:12 - 2014-09-05 18:12 - 00000000 ____D () C:\AdwCleaner
2014-09-05 18:11 - 2014-09-05 18:11 - 01016261 _____ (Thisisu) C:\Users\Nils\Desktop\JRT.exe
2014-09-05 18:10 - 2014-09-05 18:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nils\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-05 18:10 - 2014-09-05 18:10 - 01370483 _____ () C:\Users\Nils\Desktop\adwcleaner_3.309.exe
2014-09-04 19:29 - 2014-09-04 19:29 - 00027462 _____ () C:\ComboFix.txt
2014-09-04 19:23 - 2014-09-04 19:29 - 00000000 ____D () C:\Qoobox
2014-09-04 19:23 - 2014-09-04 19:28 - 00000000 ____D () C:\Windows\erdnt
2014-09-04 19:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-04 19:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-04 19:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-04 19:22 - 2014-09-04 19:22 - 05576326 ____R (Swearware) C:\Users\Nils\Desktop\ComboFix.exe
2014-09-04 18:27 - 2014-09-04 18:27 - 00012396 _____ () C:\Users\Nils\Desktop\Avirae.txt
2014-09-04 18:17 - 2014-09-04 18:17 - 00004051 _____ () C:\Users\Nils\Desktop\gmer.txt
2014-09-04 17:57 - 2014-09-04 17:57 - 00380416 _____ () C:\Users\Nils\Downloads\yn11zb4n.exe
2014-09-04 17:47 - 2014-09-05 18:33 - 00010438 _____ () C:\Users\Nils\Desktop\FRST.txt
2014-09-04 17:47 - 2014-09-05 18:32 - 00000000 ____D () C:\FRST
2014-09-04 17:47 - 2014-09-04 17:48 - 00028151 _____ () C:\Users\Nils\Desktop\Addition.txt
2014-09-04 17:46 - 2014-09-04 17:46 - 02104832 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2014-09-04 17:46 - 2014-09-04 17:46 - 00000470 _____ () C:\Users\Nils\Desktop\defogger_disable.log
2014-09-04 17:46 - 2014-09-04 17:46 - 00000000 _____ () C:\Users\Nils\defogger_reenable
2014-09-04 17:45 - 2014-09-04 17:45 - 00050477 _____ () C:\Users\Nils\Downloads\Defogger.exe
2014-09-04 16:40 - 2014-09-04 16:46 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 16:40 - 2014-09-04 16:45 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-04 16:40 - 2014-09-04 16:39 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-04 16:39 - 2014-09-04 16:39 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Avira
2014-09-04 16:38 - 2014-09-04 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-04 16:38 - 2014-09-04 16:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-04 16:38 - 2014-09-04 16:40 - 00000000 ____D () C:\ProgramData\Avira
2014-09-04 16:38 - 2014-09-04 16:38 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-09-04 16:38 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-04 16:38 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-04 16:38 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-04 16:37 - 2014-09-04 16:37 - 00000000 ____D () C:\Windows\pss
2014-09-04 16:33 - 2014-09-04 16:35 - 149527616 _____ () C:\Users\Nils\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-09-04 16:32 - 2014-09-04 16:32 - 00000687 _____ () C:\awhC62B.tmp
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-03 21:50 - 2012-11-22 12:45 - 00000000 ____D () C:\Users\Nils\Desktop\FreeIMU-20121122_1126
2014-09-03 21:49 - 2014-09-03 21:49 - 03224287 _____ () C:\Users\Nils\Downloads\FreeIMU-20121122_1126.zip
2014-09-03 21:33 - 2014-09-03 21:42 - 00000000 ____D () C:\Users\Nils\Desktop\arduimu_vD
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Documents\Arduino
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Arduino
2014-09-03 21:32 - 2014-09-03 21:32 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000995 _____ () C:\Users\Public\Desktop\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000000 ____D () C:\Program Files (x86)\Arduino
2014-09-03 21:30 - 2014-09-03 21:31 - 55119888 _____ () C:\Users\Nils\Downloads\arduino-1.0.5-r2-windows.exe
2014-09-03 21:26 - 2014-09-03 21:26 - 00016221 _____ () C:\Users\Nils\Downloads\arduimu_vD.rar
2014-09-03 16:11 - 2014-09-03 16:11 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk(1).zip
2014-09-03 16:00 - 2014-09-03 16:00 - 00000000 __RHD () C:\Users\Nils\AppData\Roaming\SecuROM
2014-09-03 15:59 - 2014-09-03 15:59 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(2).exe
2014-09-03 14:27 - 2014-09-03 14:27 - 00000687 _____ () C:\awh7A1F.tmp
2014-09-03 14:25 - 2014-09-03 14:25 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(1).exe
2014-09-03 14:21 - 2014-09-03 14:21 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft.exe
2014-09-03 14:10 - 2014-09-03 15:59 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-03 14:10 - 2014-09-03 14:09 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 14:09 - 2014-09-03 14:09 - 00918952 _____ (Oracle Corporation) C:\Users\Nils\Downloads\jxpiinstall.exe
2014-09-03 14:09 - 2014-09-03 14:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-03 14:07 - 2011-08-09 12:14 - 00695296 _____ (AnjoCaido) C:\Users\Nils\Desktop\MinecraftSP.exe
2014-09-03 14:07 - 2004-01-01 23:19 - 302548481 _____ (InstallShield Software Corporation) C:\Users\Nils\Desktop\cs16full standalone.exe
2014-09-03 14:06 - 2014-09-03 14:06 - 00270142 _____ () C:\Users\Nils\Documents\Minecraft.exe
2014-09-03 14:03 - 2014-09-03 14:04 - 285203507 _____ () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings.rar
2014-09-03 13:58 - 2014-09-03 13:58 - 00652192 _____ (Steamless) C:\Users\Nils\Documents\Steamless Counter Strike Source Pack.exe
2014-09-03 13:40 - 2014-09-03 13:40 - 00002027 _____ () C:\Users\Nils\Desktop\Counter-Strike Source.lnk
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:37 - 2014-09-03 13:40 - 00000000 ____D () C:\Program Files (x86)\Counter-Strike Source
2014-09-03 13:34 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Nils\AppData\Roaming\SESSEC
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Nils\AppData\Roaming\OYVXKZPY
2014-08-31 14:28 - 2014-08-31 14:29 - 23207244 _____ () C:\Users\Nils\Downloads\youscope-wave.flac
2014-08-29 16:18 - 2014-08-29 16:18 - 00002684 _____ () C:\Users\Nils\AppData\Local\recently-used.xbel
2014-08-28 18:58 - 2014-08-28 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 1.5.3
2014-08-28 18:57 - 2014-08-28 18:58 - 00000000 ____D () C:\Program Files\wings3d_1.5.3
2014-08-28 18:56 - 2014-08-28 18:56 - 16062920 _____ () C:\Users\Nils\Downloads\wings-x64-1.5.3.exe
2014-08-28 18:51 - 2014-08-28 18:51 - 00001049 _____ () C:\Users\Public\Desktop\KiCad.lnk
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KiCad
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\Program Files (x86)\KiCad
2014-08-28 15:22 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:22 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:22 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 13:26 - 2014-08-28 13:29 - 207245212 _____ () C:\Users\Nils\Downloads\KiCad_stable-2013.07.07-BZR4022_Win_full_version.exe
2014-08-21 19:43 - 2014-08-21 19:43 - 00000000 ____D () C:\Program Files\Recuva
2014-08-21 19:42 - 2014-08-21 19:42 - 04210920 _____ (Piriform Ltd) C:\Users\Nils\Downloads\rcsetup151.exe
2014-08-21 13:53 - 2014-08-21 13:55 - 00000000 ____D () C:\Users\Nils\Desktop\Neuer Ordner
2014-08-21 13:53 - 2014-08-21 13:53 - 00121069 _____ () C:\Users\Nils\Downloads\memtest86+-5.01.usb.installer.zip
2014-08-20 23:39 - 2014-08-21 00:12 - 00077688 _____ () C:\Users\Nils\Desktop\Unbenannt 1.ods
2014-08-20 16:39 - 2014-08-20 16:39 - 04526080 _____ () C:\Users\Nils\Downloads\FRITZ.Box_Fon_WLAN_7113.60.04.68.image
2014-08-20 12:48 - 2014-08-20 12:48 - 00195072 _____ () C:\Users\Nils\Downloads\BERECHNUNG_PT1000.XLS
2014-08-19 19:49 - 2014-08-19 19:49 - 00015127 _____ () C:\Users\Nils\Documents\Unbenannt 1.ods
2014-08-19 17:27 - 2014-08-19 17:27 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\OpenOffice
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-08-19 17:26 - 2014-08-19 17:26 - 00000000 ____D () C:\Users\Nils\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-08-19 17:24 - 2014-08-19 17:25 - 164962843 _____ () C:\Users\Nils\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-08-18 17:34 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\Nils\AppData\Local\gtk-2.0
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieUserList
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieSiteList
2014-08-15 00:20 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 00:20 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 00:20 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 00:20 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 00:20 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 00:20 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 00:20 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 00:20 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 19:36 - 2014-08-14 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2014-08-14 19:36 - 2014-08-14 19:39 - 00000000 ____D () C:\Program Files (x86)\Voobly
2014-08-14 19:36 - 2014-08-14 19:36 - 09961548 _____ (Voobly ) C:\Users\Nils\Downloads\voobly-v2.1.67.1.exe
2014-08-14 19:36 - 2014-08-14 19:36 - 00000983 _____ () C:\Users\Nils\Desktop\Voobly.lnk
2014-08-14 17:31 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 17:31 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 17:31 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 17:31 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 17:31 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 17:31 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 17:31 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 17:31 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 17:31 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 17:31 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 17:31 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 17:31 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 17:31 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 17:31 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 17:31 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 17:31 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 17:31 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 17:31 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 17:31 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 17:31 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 17:31 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 17:31 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 17:30 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 17:30 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 17:30 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 17:30 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 17:30 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 17:30 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 17:30 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 17:30 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 17:30 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 17:30 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 17:30 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 17:30 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 17:30 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 17:30 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 17:30 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 17:30 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 17:30 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 17:30 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 17:30 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 17:30 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 17:30 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 17:30 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 17:30 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 17:30 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 17:30 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 17:30 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 17:30 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 17:30 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 17:30 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 17:30 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 17:30 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 17:30 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 17:30 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 17:30 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 17:30 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 17:30 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 17:30 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 17:30 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 17:30 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 17:30 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 17:30 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 17:30 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 17:30 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 17:30 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 17:30 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 17:30 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 17:30 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 17:30 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 17:30 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 17:24 - 2014-09-05 18:27 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn Hamachi
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-14 17:23 - 2014-08-14 17:23 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi.msi
2014-08-12 21:19 - 2014-08-12 21:19 - 00000219 _____ () C:\Windows\Directx.log
2014-08-12 21:19 - 2014-08-12 21:19 - 00000000 ____D () C:\Program Files (x86)\directx
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-08-11 18:38 - 2014-08-11 18:38 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Riot Games
2014-08-11 18:37 - 2014-08-11 18:38 - 34888568 _____ (Riot Games) C:\Users\Nils\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-08-11 15:52 - 2008-01-19 01:10 - 00154168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys
2014-08-11 15:50 - 2014-08-11 16:26 - 00000000 ____D () C:\Program Files (x86)\vLite
2014-08-11 15:50 - 2014-08-11 15:50 - 01620715 _____ (Dino Nuhagic (nuhi) ) C:\Users\Nils\Downloads\vLite-1.2.installer.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00518940 _____ () C:\Users\Nils\Downloads\wimfltr.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vLite
2014-08-11 15:49 - 2014-08-11 16:15 - 2463242240 _____ () C:\Users\Nils\Downloads\X15-65740.iso
2014-08-11 15:32 - 2014-08-11 15:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\WinRAR
2014-08-11 15:30 - 2014-08-11 15:31 - 00000000 ____D () C:\Users\Nils\Desktop\stick
2014-08-11 15:30 - 2014-08-11 15:30 - 02060744 _____ () C:\Users\Nils\Downloads\winrar-x64-510d.exe
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 15:20 - 2014-08-11 15:24 - 348127232 _____ () C:\Users\Nils\Downloads\android-x86-4.4-RC2.iso
2014-08-10 11:30 - 2014-08-10 11:30 - 00400569 _____ () C:\Users\Nils\Downloads\agmp3plugin.exe
2014-08-10 11:28 - 2014-08-10 11:28 - 00001164 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 11:27 - 2014-08-10 11:27 - 00000435 _____ () C:\Windows\cdplayer.ini
2014-08-10 11:23 - 2014-08-10 11:30 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-08-10 11:23 - 2014-08-10 11:28 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-10 11:23 - 2014-08-10 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-08-10 11:21 - 2014-08-10 11:21 - 00471536 _____ () C:\Users\Nils\Downloads\download_audiograbber.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00587776 _____ (Igor Pavlov) C:\Users\Nils\Downloads\7za.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00078848 _____ () C:\Users\Nils\Downloads\Archive.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00043008 _____ () C:\Users\Nils\Downloads\39dll.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00005845 _____ () C:\Users\Nils\Downloads\txt.sec
2014-08-09 17:54 - 2014-08-09 17:54 - 00000000 ____D () C:\Users\Nils\Downloads\Resources
2014-08-09 17:42 - 2014-08-09 17:42 - 00000034 _____ () C:\Windows\AvastEmUpdate.ini
2014-08-09 17:42 - 2014-08-09 17:42 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-09 17:41 - 2014-08-09 17:41 - 00519488 _____ (AVAST Software) C:\Users\Nils\Downloads\avastclear.exe
2014-08-09 17:37 - 2014-08-09 17:43 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\AVAST Software
2014-08-09 17:37 - 2014-08-09 17:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-09 17:36 - 2014-08-09 17:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-09 17:36 - 2014-08-09 17:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 17:36 - 2014-08-09 17:36 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407598624688
2014-08-09 17:36 - 2014-08-09 17:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 17:29 - 2014-08-09 17:29 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi_CB-DL-Manager [1].exe
2014-08-09 17:19 - 2014-09-05 00:08 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Local\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-09 17:17 - 2014-08-09 17:17 - 00787392 _____ ( ) C:\Users\Nils\Downloads\hamachi_CB-DL-Manager.exe
2014-08-09 17:16 - 2014-08-09 17:16 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Nils\Downloads\SkypeSetup.exe
2014-08-09 16:17 - 2014-08-09 16:42 - 361544078 _____ () C:\Users\Nils\Downloads\gta2installer.zip
2014-08-09 16:16 - 2014-08-09 16:17 - 01101648 _____ () C:\Users\Nils\Downloads\Grand Theft Auto GTA 2 - CHIP-Installer.exe
2014-08-09 15:08 - 2014-08-09 15:08 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk.zip
2014-08-09 15:08 - 2014-08-09 15:08 - 00000948 _____ () C:\Users\Nils\Downloads\aoe2-vista-win7-fix.zip
2014-08-09 15:05 - 2014-08-09 16:09 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-09 15:04 - 2014-08-09 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-08-09 15:03 - 2014-08-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-08-09 14:58 - 2014-08-14 19:44 - 00000000 ____D () C:\Users\Nils\Desktop\Age of Empires II & The Conquerors
2014-08-09 14:54 - 2014-09-03 13:37 - 00000000 ____D () C:\Users\Nils\Desktop\Counter Strike Source
2014-08-09 14:53 - 2014-08-09 14:54 - 00000000 ____D () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings
2014-08-09 14:53 - 2006-10-10 07:56 - 733777632 _____ () C:\Users\Nils\Desktop\Counter Strike Source.install.exe
2014-08-08 19:07 - 2014-08-08 19:07 - 00008628 _____ () C:\Users\Nils\Downloads\p.txt
2014-08-08 18:19 - 2014-08-08 19:07 - 397550563 _____ () C:\Users\Nils\Downloads\CarTFT_EX70-2_Windows_Drivers.zip
2014-08-08 18:19 - 2014-08-08 19:02 - 375104654 _____ () C:\Users\Nils\Downloads\CarTFT_X70EX-2_BASIC_Android.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 18:33 - 2014-09-04 17:47 - 00010438 _____ () C:\Users\Nils\Desktop\FRST.txt
2014-09-05 18:33 - 2014-07-14 11:29 - 01522184 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 18:32 - 2014-09-05 18:32 - 00000751 _____ () C:\Users\Nils\Desktop\JRT.txt
2014-09-05 18:32 - 2014-09-04 17:47 - 00000000 ____D () C:\FRST
2014-09-05 18:32 - 2014-07-14 17:07 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Spotify
2014-09-05 18:32 - 2010-11-21 08:50 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 18:32 - 2010-11-21 08:50 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-09-05 18:32 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 18:28 - 2014-09-05 18:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-05 18:27 - 2014-09-05 18:27 - 00003547 _____ () C:\Users\Nils\Desktop\mbam.txt
2014-09-05 18:27 - 2014-09-05 18:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 18:27 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn Hamachi
2014-09-05 18:27 - 2014-07-14 11:51 - 00000000 _____ () C:\ProgramData\Gpu.log
2014-09-05 18:26 - 2010-11-21 05:47 - 00165694 _____ () C:\Windows\PFRO.log
2014-09-05 18:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 18:26 - 2009-07-14 06:51 - 00035437 _____ () C:\Windows\setupact.log
2014-09-05 18:20 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 18:20 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 18:14 - 2014-09-05 18:14 - 00011651 _____ () C:\Users\Nils\Desktop\AdwCleaner[S0].txt
2014-09-05 18:14 - 2014-09-05 18:14 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 18:12 - 2014-09-05 18:12 - 00000000 ____D () C:\AdwCleaner
2014-09-05 18:11 - 2014-09-05 18:11 - 01016261 _____ (Thisisu) C:\Users\Nils\Desktop\JRT.exe
2014-09-05 18:11 - 2014-09-05 18:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nils\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-05 18:10 - 2014-09-05 18:10 - 01370483 _____ () C:\Users\Nils\Desktop\adwcleaner_3.309.exe
2014-09-05 00:08 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Skype
2014-09-04 19:29 - 2014-09-04 19:29 - 00027462 _____ () C:\ComboFix.txt
2014-09-04 19:29 - 2014-09-04 19:23 - 00000000 ____D () C:\Qoobox
2014-09-04 19:29 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-04 19:28 - 2014-09-04 19:23 - 00000000 ____D () C:\Windows\erdnt
2014-09-04 19:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-04 19:26 - 2014-07-14 17:56 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe
2014-09-04 19:22 - 2014-09-04 19:22 - 05576326 ____R (Swearware) C:\Users\Nils\Desktop\ComboFix.exe
2014-09-04 18:27 - 2014-09-04 18:27 - 00012396 _____ () C:\Users\Nils\Desktop\Avirae.txt
2014-09-04 18:17 - 2014-09-04 18:17 - 00004051 _____ () C:\Users\Nils\Desktop\gmer.txt
2014-09-04 17:57 - 2014-09-04 17:57 - 00380416 _____ () C:\Users\Nils\Downloads\yn11zb4n.exe
2014-09-04 17:48 - 2014-09-04 17:47 - 00028151 _____ () C:\Users\Nils\Desktop\Addition.txt
2014-09-04 17:46 - 2014-09-04 17:46 - 02104832 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2014-09-04 17:46 - 2014-09-04 17:46 - 00000470 _____ () C:\Users\Nils\Desktop\defogger_disable.log
2014-09-04 17:46 - 2014-09-04 17:46 - 00000000 _____ () C:\Users\Nils\defogger_reenable
2014-09-04 17:46 - 2014-07-14 11:29 - 00000000 ____D () C:\Users\Nils
2014-09-04 17:45 - 2014-09-04 17:45 - 00050477 _____ () C:\Users\Nils\Downloads\Defogger.exe
2014-09-04 16:46 - 2014-09-04 16:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 16:45 - 2014-09-04 16:40 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-04 16:45 - 2014-09-04 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-04 16:45 - 2014-09-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-04 16:40 - 2014-09-04 16:38 - 00000000 ____D () C:\ProgramData\Avira
2014-09-04 16:39 - 2014-09-04 16:40 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-04 16:39 - 2014-09-04 16:39 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Avira
2014-09-04 16:38 - 2014-09-04 16:38 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-09-04 16:37 - 2014-09-04 16:37 - 00000000 ____D () C:\Windows\pss
2014-09-04 16:35 - 2014-09-04 16:33 - 149527616 _____ () C:\Users\Nils\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-09-04 16:32 - 2014-09-04 16:32 - 00000687 _____ () C:\awhC62B.tmp
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-03 21:49 - 2014-09-03 21:49 - 03224287 _____ () C:\Users\Nils\Downloads\FreeIMU-20121122_1126.zip
2014-09-03 21:42 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Desktop\arduimu_vD
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Documents\Arduino
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Arduino
2014-09-03 21:32 - 2014-09-03 21:32 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000995 _____ () C:\Users\Public\Desktop\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000000 ____D () C:\Program Files (x86)\Arduino
2014-09-03 21:32 - 2014-07-31 14:01 - 00012926 _____ () C:\Windows\DPINST.LOG
2014-09-03 21:31 - 2014-09-03 21:30 - 55119888 _____ () C:\Users\Nils\Downloads\arduino-1.0.5-r2-windows.exe
2014-09-03 21:26 - 2014-09-03 21:26 - 00016221 _____ () C:\Users\Nils\Downloads\arduimu_vD.rar
2014-09-03 16:11 - 2014-09-03 16:11 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk(1).zip
2014-09-03 16:00 - 2014-09-03 16:00 - 00000000 __RHD () C:\Users\Nils\AppData\Roaming\SecuROM
2014-09-03 15:59 - 2014-09-03 15:59 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(2).exe
2014-09-03 15:59 - 2014-09-03 14:10 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft
2014-09-03 14:27 - 2014-09-03 14:27 - 00000687 _____ () C:\awh7A1F.tmp
2014-09-03 14:25 - 2014-09-03 14:25 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(1).exe
2014-09-03 14:21 - 2014-09-03 14:21 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft.exe
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-03 14:09 - 2014-09-03 14:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 14:09 - 2014-09-03 14:09 - 00918952 _____ (Oracle Corporation) C:\Users\Nils\Downloads\jxpiinstall.exe
2014-09-03 14:09 - 2014-09-03 14:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-03 14:06 - 2014-09-03 14:06 - 00270142 _____ () C:\Users\Nils\Documents\Minecraft.exe
2014-09-03 14:04 - 2014-09-03 14:03 - 285203507 _____ () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings.rar
2014-09-03 13:58 - 2014-09-03 13:58 - 00652192 _____ (Steamless) C:\Users\Nils\Documents\Steamless Counter Strike Source Pack.exe
2014-09-03 13:40 - 2014-09-03 13:40 - 00002027 _____ () C:\Users\Nils\Desktop\Counter-Strike Source.lnk
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:37 - 00000000 ____D () C:\Program Files (x86)\Counter-Strike Source
2014-09-03 13:37 - 2014-08-09 14:54 - 00000000 ____D () C:\Users\Nils\Desktop\Counter Strike Source
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Nils\AppData\Roaming\SESSEC
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Nils\AppData\Roaming\OYVXKZPY
2014-08-31 20:19 - 2014-07-16 22:09 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\vlc
2014-08-31 14:29 - 2014-08-31 14:28 - 23207244 _____ () C:\Users\Nils\Downloads\youscope-wave.flac
2014-08-29 16:18 - 2014-08-29 16:18 - 00002684 _____ () C:\Users\Nils\AppData\Local\recently-used.xbel
2014-08-29 16:18 - 2014-07-14 22:18 - 00000000 ____D () C:\Users\Nils\.gimp-2.8
2014-08-28 18:58 - 2014-08-28 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 1.5.3
2014-08-28 18:58 - 2014-08-28 18:57 - 00000000 ____D () C:\Program Files\wings3d_1.5.3
2014-08-28 18:56 - 2014-08-28 18:56 - 16062920 _____ () C:\Users\Nils\Downloads\wings-x64-1.5.3.exe
2014-08-28 18:51 - 2014-08-28 18:51 - 00001049 _____ () C:\Users\Public\Desktop\KiCad.lnk
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KiCad
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\Program Files (x86)\KiCad
2014-08-28 17:49 - 2014-07-14 17:13 - 00000000 ____D () C:\Users\Nils\AppData\Local\Spotify
2014-08-28 17:49 - 2009-07-14 06:45 - 00304712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 13:29 - 2014-08-28 13:26 - 207245212 _____ () C:\Users\Nils\Downloads\KiCad_stable-2013.07.07-BZR4022_Win_full_version.exe
2014-08-23 04:07 - 2014-08-28 15:22 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:22 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:22 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 19:43 - 2014-08-21 19:43 - 00000000 ____D () C:\Program Files\Recuva
2014-08-21 19:42 - 2014-08-21 19:42 - 04210920 _____ (Piriform Ltd) C:\Users\Nils\Downloads\rcsetup151.exe
2014-08-21 13:55 - 2014-08-21 13:53 - 00000000 ____D () C:\Users\Nils\Desktop\Neuer Ordner
2014-08-21 13:53 - 2014-08-21 13:53 - 00121069 _____ () C:\Users\Nils\Downloads\memtest86+-5.01.usb.installer.zip
2014-08-21 00:12 - 2014-08-20 23:39 - 00077688 _____ () C:\Users\Nils\Desktop\Unbenannt 1.ods
2014-08-20 16:39 - 2014-08-20 16:39 - 04526080 _____ () C:\Users\Nils\Downloads\FRITZ.Box_Fon_WLAN_7113.60.04.68.image
2014-08-20 14:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 12:48 - 2014-08-20 12:48 - 00195072 _____ () C:\Users\Nils\Downloads\BERECHNUNG_PT1000.XLS
2014-08-19 19:49 - 2014-08-19 19:49 - 00015127 _____ () C:\Users\Nils\Documents\Unbenannt 1.ods
2014-08-19 19:08 - 2014-07-14 11:32 - 00067128 _____ () C:\Users\Nils\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-19 17:27 - 2014-08-19 17:27 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\OpenOffice
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-08-19 17:26 - 2014-08-19 17:26 - 00000000 ____D () C:\Users\Nils\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-08-19 17:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 17:25 - 2014-08-19 17:24 - 164962843 _____ () C:\Users\Nils\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-08-18 17:35 - 2014-08-18 17:34 - 00000000 ____D () C:\Users\Nils\AppData\Local\gtk-2.0
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieUserList
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieSiteList
2014-08-15 13:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 10:30 - 2014-09-04 16:38 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-09-04 16:38 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-09-04 16:38 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-15 00:20 - 2014-07-30 11:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 19:44 - 2014-08-09 14:58 - 00000000 ____D () C:\Users\Nils\Desktop\Age of Empires II & The Conquerors
2014-08-14 19:39 - 2014-08-14 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2014-08-14 19:39 - 2014-08-14 19:36 - 00000000 ____D () C:\Program Files (x86)\Voobly
2014-08-14 19:36 - 2014-08-14 19:36 - 09961548 _____ (Voobly ) C:\Users\Nils\Downloads\voobly-v2.1.67.1.exe
2014-08-14 19:36 - 2014-08-14 19:36 - 00000983 _____ () C:\Users\Nils\Desktop\Voobly.lnk
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-14 17:23 - 2014-08-14 17:23 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi.msi
2014-08-12 21:19 - 2014-08-12 21:19 - 00000219 _____ () C:\Windows\Directx.log
2014-08-12 21:19 - 2014-08-12 21:19 - 00000000 ____D () C:\Program Files (x86)\directx
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-08-12 21:18 - 2014-07-14 11:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-11 18:38 - 2014-08-11 18:38 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Riot Games
2014-08-11 18:38 - 2014-08-11 18:37 - 34888568 _____ (Riot Games) C:\Users\Nils\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-08-11 16:26 - 2014-08-11 15:50 - 00000000 ____D () C:\Program Files (x86)\vLite
2014-08-11 16:15 - 2014-08-11 15:49 - 2463242240 _____ () C:\Users\Nils\Downloads\X15-65740.iso
2014-08-11 15:50 - 2014-08-11 15:50 - 01620715 _____ (Dino Nuhagic (nuhi) ) C:\Users\Nils\Downloads\vLite-1.2.installer.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00518940 _____ () C:\Users\Nils\Downloads\wimfltr.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vLite
2014-08-11 15:32 - 2014-08-11 15:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\WinRAR
2014-08-11 15:31 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\Desktop\stick
2014-08-11 15:30 - 2014-08-11 15:30 - 02060744 _____ () C:\Users\Nils\Downloads\winrar-x64-510d.exe
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 15:24 - 2014-08-11 15:20 - 348127232 _____ () C:\Users\Nils\Downloads\android-x86-4.4-RC2.iso
2014-08-10 11:35 - 2014-07-14 11:29 - 00000000 ____D () C:\Users\Nils\AppData\Local\VirtualStore
2014-08-10 11:30 - 2014-08-10 11:30 - 00400569 _____ () C:\Users\Nils\Downloads\agmp3plugin.exe
2014-08-10 11:30 - 2014-08-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-08-10 11:28 - 2014-08-10 11:28 - 00001164 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 11:28 - 2014-08-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-10 11:27 - 2014-08-10 11:27 - 00000435 _____ () C:\Windows\cdplayer.ini
2014-08-10 11:23 - 2014-08-10 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-08-10 11:21 - 2014-08-10 11:21 - 00471536 _____ () C:\Users\Nils\Downloads\download_audiograbber.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00587776 _____ (Igor Pavlov) C:\Users\Nils\Downloads\7za.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00078848 _____ () C:\Users\Nils\Downloads\Archive.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00043008 _____ () C:\Users\Nils\Downloads\39dll.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00005845 _____ () C:\Users\Nils\Downloads\txt.sec
2014-08-09 17:54 - 2014-08-09 17:54 - 00000000 ____D () C:\Users\Nils\Downloads\Resources
2014-08-09 17:43 - 2014-08-09 17:37 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\AVAST Software
2014-08-09 17:43 - 2014-08-09 17:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-09 17:43 - 2014-08-09 17:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 17:42 - 2014-08-09 17:42 - 00000034 _____ () C:\Windows\AvastEmUpdate.ini
2014-08-09 17:42 - 2014-08-09 17:42 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-09 17:41 - 2014-08-09 17:41 - 00519488 _____ (AVAST Software) C:\Users\Nils\Downloads\avastclear.exe
2014-08-09 17:37 - 2014-08-09 17:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-09 17:36 - 2014-08-09 17:36 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407598624688
2014-08-09 17:36 - 2014-08-09 17:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 17:29 - 2014-08-09 17:29 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi_CB-DL-Manager [1].exe
2014-08-09 17:19 - 2014-08-09 17:19 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Local\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-09 17:17 - 2014-08-09 17:17 - 00787392 _____ ( ) C:\Users\Nils\Downloads\hamachi_CB-DL-Manager.exe
2014-08-09 17:16 - 2014-08-09 17:16 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Nils\Downloads\SkypeSetup.exe
2014-08-09 16:42 - 2014-08-09 16:17 - 361544078 _____ () C:\Users\Nils\Downloads\gta2installer.zip
2014-08-09 16:31 - 2014-07-15 12:17 - 00001001 _____ () C:\Users\Nils\Desktop\DVBViewer TE2.lnk
2014-08-09 16:17 - 2014-08-09 16:16 - 01101648 _____ () C:\Users\Nils\Downloads\Grand Theft Auto GTA 2 - CHIP-Installer.exe
2014-08-09 16:09 - 2014-08-09 15:05 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-09 15:08 - 2014-08-09 15:08 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk.zip
2014-08-09 15:08 - 2014-08-09 15:08 - 00000948 _____ () C:\Users\Nils\Downloads\aoe2-vista-win7-fix.zip
2014-08-09 15:04 - 2014-08-09 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-08-09 15:03 - 2014-08-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-08-09 14:54 - 2014-08-09 14:53 - 00000000 ____D () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings
2014-08-08 21:48 - 2014-07-29 23:51 - 00000000 ____D () C:\Users\Nils\dl-fldigi.files
2014-08-08 19:07 - 2014-08-08 19:07 - 00008628 _____ () C:\Users\Nils\Downloads\p.txt
2014-08-08 19:07 - 2014-08-08 18:19 - 397550563 _____ () C:\Users\Nils\Downloads\CarTFT_EX70-2_Windows_Drivers.zip
2014-08-08 19:02 - 2014-08-08 18:19 - 375104654 _____ () C:\Users\Nils\Downloads\CarTFT_X70EX-2_BASIC_Android.zip
2014-08-07 04:06 - 2014-08-14 17:30 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 17:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Nils\AppData\Local\Temp\avgnt.exe
C:\Users\Nils\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 14:41

==================== End Of Log ============================
--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Nils at 2014-09-05 18:33:24
Running from C:\Users\Nils\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Catalyst Control Center Core Implementation (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help English (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help French (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help German (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0210.2206.39615 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0210.2206.39615 - ATI) Hidden
Counter-Strike: Source (HKLM-x32\...\Counter-Strike: Source) (Version:  - Valve)
Dl-Fldigi 3.21.50 (HKLM-x32\...\Dl-Fldigi-3.21.50) (Version: 3.21.50 - Fldigi developers)
DVBViewer TE2 (HKLM-x32\...\DVBViewer TE2_is1) (Version:  - CM&V)
EAGLE 7.0.0 (HKLM-x32\...\EAGLE 7.0.0) (Version: 7.0.0 - CadSoft Computer GmbH)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPU Boost Driver (HKLM-x32\...\{B8887E02-C910-4498-A7C0-186ABFDCD110}) (Version: 1.01.15 - ASUS)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HD-V9.4 (HKLM-x32\...\HD-V9.4) (Version: 1.34.8.12 - HD-V9.4)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
KiCad 2013.07.07 (HKLM-x32\...\KiCad) (Version: 2013.07.07 - )
Lazarus 1.2.4 (HKLM\...\lazarus_is1) (Version: 1.2.4 - Lazarus Team)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
RAPID Mode (Version: 1.0.1.68 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
TechniSat DVB-PC TV Star (HKLM-x32\...\{CE9F9FBC-5253-46D2-9883-09E55003D794}) (Version: 1.0.0 - TechniSat)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
vLite (HKLM-x32\...\vLite_is1) (Version: 1.2 - Dino Nuhagic (nuhi))
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
Windows 7 Codec Pack 4.0.9 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.9 - Windows 7 Codec Pack)
Wings 3D 1.5.3 (HKLM-x32\...\Wings 3D 1.5.3) (Version:  - )
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-08-2014 10:50:58 Windows Update
26-08-2014 14:45:02 Windows Update
28-08-2014 13:25:07 Windows Update
02-09-2014 09:16:38 Windows Update
03-09-2014 12:09:52 Installed Java 7 Update 67
03-09-2014 19:32:35 Gerätetreiber-Paketinstallation: Arduino LLC (www.arduino.cc) Anschlüsse (COM & LPT)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-04 19:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A7E86B7-1B7A-427A-A43D-CF86881C04D2} - System32\Tasks\ASUS\Gpu Boost Driver => C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe [2010-03-27] (
ASUSTeK Computer Inc.)
Task: {BE6D4175-D219-4B4F-ADBD-A0E9BD2D3FE6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {D9D7CAD7-4878-4BAC-BA72-167CB32390C8} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)

==================== Loaded Modules (whitelisted) =============

2014-07-14 11:47 - 2014-07-14 11:47 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00610872 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-14 11:49 - 2010-03-12 05:40 - 04449632 _____ () C:\Program Files (x86)\ASUS\GPU Boost Driver\Platform.dll
2014-07-14 11:49 - 2010-03-12 05:40 - 00423256 _____ () C:\Program Files (x86)\ASUS\GPU Boost Driver\Device.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 36966968 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-05 18:09 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Nils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 12:02 - 2014-05-06 11:24 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00103424 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\PAL.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00039424 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SATA.dll
2014-07-14 12:02 - 2014-05-19 20:19 - 00038400 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAT.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00031232 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SMINI.dll
2014-07-14 12:02 - 2014-05-19 20:19 - 00029696 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAS.dll
2014-07-14 21:16 - 2014-08-26 12:28 - 00867896 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00886840 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00108600 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-14 17:25 - 2014-07-14 17:25 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Nils^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BoostUpdater.lnk => C:\Windows\pss\BoostUpdater.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nils^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^genesis_09031222.lnk => C:\Windows\pss\genesis_09031222.lnk.Startup
MSCONFIG\startupreg: genesis_09031222 => "c:\users\nils\appdata\local\genesis_09031222\genesis_09031222.exe" /r
MSCONFIG\startupreg: InetStat => C:\Users\Nils\AppData\Roaming\InetStat\inetstat.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Voobly => "C:\Program Files (x86)\Voobly\voobly.exe" --startup

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-04 19:26:20.052
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-04 19:26:20.005
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 39%
Total physical RAM: 7935.16 MB
Available physical RAM: 4804.59 MB
Total Pagefile: 15868.5 MB
Available Pagefile: 12570.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:58.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 50B522E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Danke

Nils

M-K-D-B 06.09.2014 10:49
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
C:\Windows\Installer\MSICC22.tmp-
C:\Windows\Installer\MSI8937.tmp-
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 4
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :folderfind
    HD-V9.4

    :regfind
    HD-V9.4
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST.

nonever_ 08.09.2014 16:13
Hat alles etwas länger geaduert wegen Wochenende:
Frst Fix:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Nils at 2014-09-08 16:04:55 Run:1
Running from C:\Users\Nils\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Windows\Installer\MSICC22.tmp-
C:\Windows\Installer\MSI8937.tmp-
EmptyTemp:
end
       
*****************

C:\Windows\Installer\MSICC22.tmp- => Moved successfully.
C:\Windows\Installer\MSI8937.tmp- => Moved successfully.
EmptyTemp: => Removed 522.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4639be3fc528e64597849b6fd01a4bd5
# engine=20052
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-08 02:51:49
# local_time=2014-09-08 04:51:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 68469 2096506 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 443268 161817759 0 0
# scanned=197138
# found=16
# cleaned=16
# scan_time=2452
sh=5BC816F6746772550442DF5EF61AEBF65462EAE2 ft=1 fh=c71c0011342b22c0 vn="Win32/Verti.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Boost\BoostUpdater.exe.vir"
sh=651317F9B5D38A3BE370C48C65900FD87385EA68 ft=1 fh=90ccb86302cd4fe7 vn="Variante von Win64/Riskware.NetFilter.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\nethfdrv.sys.vir"
sh=3C543EA6E9B5C291741D24B410B96DDAE62B832B ft=1 fh=2254007f89bd6bee vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\Installer\MSI8937.tmp-\sppsm.dll"
sh=1B33474BF5751208FAAE12D2D64A38FE729494DE ft=1 fh=aa88147e9c17280e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\Installer\MSI8937.tmp-\spusm.dll"
sh=CA20E9F7D772272DDE9D5F89A53FC315734BE656 ft=1 fh=494d8b050ecfc745 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\Installer\MSI8937.tmp-\srptc.dll"
sh=3C543EA6E9B5C291741D24B410B96DDAE62B832B ft=1 fh=2254007f89bd6bee vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\Installer\MSICC22.tmp-\sppsm.dll"
sh=1B33474BF5751208FAAE12D2D64A38FE729494DE ft=1 fh=aa88147e9c17280e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\Installer\MSICC22.tmp-\spusm.dll"
sh=477A331069886D0F312BEDECAD429FEE56A2FFCC ft=1 fh=d30adda072777884 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\Installer\MSICC22.tmp-\srbs.dll"
sh=CFFC69E98EBBCCF56321723C27819DF8B3591935 ft=1 fh=58de4202d40fb7e0 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\Installer\MSICC22.tmp-\srbu.dll"
sh=CA20E9F7D772272DDE9D5F89A53FC315734BE656 ft=1 fh=494d8b050ecfc745 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\Installer\MSICC22.tmp-\srptc.dll"
sh=6C3225176308660614C9C6A3E08352775AA22A52 ft=1 fh=c71c001161089574 vn="Variante von Win32/RiskWare.NetFilter.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\hfpapi.dll.vir"
sh=3ADCE1850D6DC6FF4D1BE5F149020C7313CA6562 ft=1 fh=c71c00111a550fed vn="Variante von Win32/Amonetize.AZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\nethtsrv.exe.vir"
sh=BB4F8760B54C70AD7243F9235B6AD4F0027FC6E0 ft=1 fh=62406181a14ca0fd vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nils\Downloads\download_audiograbber.exe"
sh=8DAE5B6E0637AEF558ED04E5F290D52FBA612497 ft=1 fh=74bc3bfe4773d766 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nils\Downloads\hamachi_CB-DL-Manager.exe"
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nils\Downloads\rcsetup151.exe"
sh=0FC2E006F0DE58F67D950B56C02007B11DB3224C ft=1 fh=1fa07f4ba775acdc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nils\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
Checkup
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Adobe Flash Player 14.0.0.145 
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Edit:
Lookup vergessen:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 17:06 on 08/09/2014 by Nils
Administrator - Elevation successful

========== folderfind ==========

Searching for "HD-V9.4"
No folders found.

========== regfind ==========

Searching for "HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2549C85C-D960-4F0D-BD95-77DC5388BD8B}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2868debc-60d3-432c-bad5-9e9229c15eb9}]
"AppName"="HD-V9.4-bg.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2868debc-60d3-432c-bad5-9e9229c15eb9}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F79FBA2-481C-4E45-B551-852F8DF3B854}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E73E205-7985-4AF0-92EE-3F5A32952C45}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f661f04-74ee-4be3-b076-d69b6abb3f2b}]
"AppName"="HD-V9.4-codedownloader.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f661f04-74ee-4be3-b076-d69b6abb3f2b}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64A66DE8-E263-48BC-A19D-D6261C98AFF8}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{921570E7-8DE1-4F9C-B2BD-2D74DA14525B}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9347567-9BA1-4A5F-8E53-C2208981A4E}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7F1E877-D848-4541-BC47-7399E108B96}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0B72849-F6E8-47BF-A540-EE6AA8EB8D61}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C25EE722-4F4F-4F3B-AEAD-E1CDE097FF56}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBFD18CF-AAB1-48C5-BD99-868683CFE81}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE821D56-A66-4435-B4B9-1FF594B2D232}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3063FCE-4E3B-47D5-8245-56FAF8224D4}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HD-V9.4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2868debc-60d3-432c-bad5-9e9229c15eb9}]
"AppName"="HD-V9.4-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2868debc-60d3-432c-bad5-9e9229c15eb9}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f661f04-74ee-4be3-b076-d69b6abb3f2b}]
"AppName"="HD-V9.4-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f661f04-74ee-4be3-b076-d69b6abb3f2b}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2868debc-60d3-432c-bad5-9e9229c15eb9}]
"AppName"="HD-V9.4-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2868debc-60d3-432c-bad5-9e9229c15eb9}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f661f04-74ee-4be3-b076-d69b6abb3f2b}]
"AppName"="HD-V9.4-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f661f04-74ee-4be3-b076-d69b6abb3f2b}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD-V9.4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD-V9.4]
"DisplayName"="HD-V9.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD-V9.4]
"DisplayIcon"="C:\Program Files (x86)\HD-V9.4\utils.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD-V9.4]
"Publisher"="HD-V9.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD-V9.4]
"UninstallString"="C:\Program Files (x86)\HD-V9.4\Uninstall.exe /fcp=1"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HD-V9.4]
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2549C85C-D960-4F0D-BD95-77DC5388BD8B}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2868debc-60d3-432c-bad5-9e9229c15eb9}]
"AppName"="HD-V9.4-bg.exe"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2868debc-60d3-432c-bad5-9e9229c15eb9}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F79FBA2-481C-4E45-B551-852F8DF3B854}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E73E205-7985-4AF0-92EE-3F5A32952C45}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f661f04-74ee-4be3-b076-d69b6abb3f2b}]
"AppName"="HD-V9.4-codedownloader.exe"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f661f04-74ee-4be3-b076-d69b6abb3f2b}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64A66DE8-E263-48BC-A19D-D6261C98AFF8}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{921570E7-8DE1-4F9C-B2BD-2D74DA14525B}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9347567-9BA1-4A5F-8E53-C2208981A4E}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7F1E877-D848-4541-BC47-7399E108B96}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0B72849-F6E8-47BF-A540-EE6AA8EB8D61}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C25EE722-4F4F-4F3B-AEAD-E1CDE097FF56}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBFD18CF-AAB1-48C5-BD99-868683CFE81}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE821D56-A66-4435-B4B9-1FF594B2D232}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3063FCE-4E3B-47D5-8245-56FAF8224D4}]
"AppPath"="C:\Program Files (x86)\HD-V9.4"
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HD-V9.4]
[HKEY_USERS\S-1-5-21-1722010485-1478986846-2879839138-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HD-V9.4]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HD-V9.4]

Searching for "        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#452882118802D1FA&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamsungRapidDiskFltr]
"TargetDiskId2Str1"="aSsmnu gSS D48 0VE O21G0 B              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamsungRapidDiskFltr]
"TargetDiskId2Str2"="Samsung SSD 840 EVO 120G                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#452882118802D1FA&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SamsungRapidDiskFltr]
"TargetDiskId2Str1"="aSsmnu gSS D48 0VE O21G0 B              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SamsungRapidDiskFltr]
"TargetDiskId2Str2"="Samsung SSD 840 EVO 120G                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#452882118802D1FA&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamsungRapidDiskFltr]
"TargetDiskId2Str1"="aSsmnu gSS D48 0VE O21G0 B              "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamsungRapidDiskFltr]
"TargetDiskId2Str2"="Samsung SSD 840 EVO 120G                "

-= EOF =-
Frst:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Nils (administrator) on NILS-PC on 08-09-2014 17:09:22
Running from C:\Users\Nils\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1722010485-1478986846-2879839138-1000\...\Run: [Spotify] => C:\Users\Nils\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-26] (Spotify Ltd)
HKU\S-1-5-21-1722010485-1478986846-2879839138-1000\...\Run: [Spotify Web Helper] => C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-26] (Spotify Ltd)
Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D561050E1A8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Hide My Ass Proxy Extension - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\extension@hidemyass.com.xpi [2014-08-31]
FF Extension: Ghostery - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\firefox@ghostery.com.xpi [2014-08-19]
FF Extension: Self-Destructing Cookies - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-08-19]
FF Extension: NoScript - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF Extension: BetterPrivacy - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\fsit9ray.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-19]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AODDriver; C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-09] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
R3 UDST7000BDA; C:\Windows\System32\Drivers\UDST7000BDA.sys [538768 2014-07-15] (TechniSat Digital S.A.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 17:06 - 2014-09-08 17:07 - 00025168 _____ () C:\Users\Nils\Desktop\SystemLook.txt
2014-09-08 17:06 - 2014-09-08 17:06 - 00165376 _____ () C:\Users\Nils\Desktop\SystemLook_x64.exe
2014-09-08 17:06 - 2014-09-08 17:06 - 00000701 _____ () C:\Users\Nils\Desktop\checkup.txt
2014-09-08 17:04 - 2014-09-08 17:04 - 00854417 _____ () C:\Users\Nils\Desktop\SecurityCheck.exe
2014-09-08 16:08 - 2014-09-08 16:08 - 02347384 _____ (ESET) C:\Users\Nils\Downloads\esetsmartinstaller_deu.exe
2014-09-08 16:08 - 2014-09-08 16:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-08 16:04 - 2014-09-08 16:04 - 00000000 ____D () C:\Users\Nils\Desktop\FRST-OlderVersion
2014-09-05 18:32 - 2014-09-05 18:32 - 00000751 _____ () C:\Users\Nils\Desktop\JRT.txt
2014-09-05 18:28 - 2014-09-05 18:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-05 18:27 - 2014-09-05 18:27 - 00003547 _____ () C:\Users\Nils\Desktop\mbam.txt
2014-09-05 18:15 - 2014-09-05 18:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 18:14 - 2014-09-05 18:14 - 00011651 _____ () C:\Users\Nils\Desktop\AdwCleaner[S0].txt
2014-09-05 18:14 - 2014-09-05 18:14 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 18:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 18:14 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-05 18:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-05 18:12 - 2014-09-05 18:12 - 00000000 ____D () C:\AdwCleaner
2014-09-05 18:11 - 2014-09-05 18:11 - 01016261 _____ (Thisisu) C:\Users\Nils\Desktop\JRT.exe
2014-09-05 18:10 - 2014-09-05 18:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nils\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-05 18:10 - 2014-09-05 18:10 - 01370483 _____ () C:\Users\Nils\Desktop\adwcleaner_3.309.exe
2014-09-04 19:29 - 2014-09-04 19:29 - 00027462 _____ () C:\ComboFix.txt
2014-09-04 19:23 - 2014-09-04 19:29 - 00000000 ____D () C:\Qoobox
2014-09-04 19:23 - 2014-09-04 19:28 - 00000000 ____D () C:\Windows\erdnt
2014-09-04 19:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-04 19:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-04 19:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-04 19:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-04 19:22 - 2014-09-04 19:22 - 05576326 ____R (Swearware) C:\Users\Nils\Desktop\ComboFix.exe
2014-09-04 18:27 - 2014-09-04 18:27 - 00012396 _____ () C:\Users\Nils\Desktop\Avirae.txt
2014-09-04 18:17 - 2014-09-04 18:17 - 00004051 _____ () C:\Users\Nils\Desktop\gmer.txt
2014-09-04 17:57 - 2014-09-04 17:57 - 00380416 _____ () C:\Users\Nils\Downloads\yn11zb4n.exe
2014-09-04 17:47 - 2014-09-08 17:09 - 00010564 _____ () C:\Users\Nils\Desktop\FRST.txt
2014-09-04 17:47 - 2014-09-08 17:09 - 00000000 ____D () C:\FRST
2014-09-04 17:47 - 2014-09-05 18:33 - 00016047 _____ () C:\Users\Nils\Desktop\Addition.txt
2014-09-04 17:46 - 2014-09-08 16:04 - 02105344 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2014-09-04 17:46 - 2014-09-04 17:46 - 00000470 _____ () C:\Users\Nils\Desktop\defogger_disable.log
2014-09-04 17:46 - 2014-09-04 17:46 - 00000000 _____ () C:\Users\Nils\defogger_reenable
2014-09-04 17:45 - 2014-09-04 17:45 - 00050477 _____ () C:\Users\Nils\Downloads\Defogger.exe
2014-09-04 16:40 - 2014-09-04 16:46 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 16:40 - 2014-09-04 16:45 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-04 16:40 - 2014-09-04 16:39 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-04 16:39 - 2014-09-04 16:39 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Avira
2014-09-04 16:38 - 2014-09-04 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-04 16:38 - 2014-09-04 16:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-04 16:38 - 2014-09-04 16:40 - 00000000 ____D () C:\ProgramData\Avira
2014-09-04 16:38 - 2014-09-04 16:38 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-09-04 16:38 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-04 16:38 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-04 16:38 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-04 16:37 - 2014-09-04 16:37 - 00000000 ____D () C:\Windows\pss
2014-09-04 16:33 - 2014-09-04 16:35 - 149527616 _____ () C:\Users\Nils\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-09-04 16:32 - 2014-09-04 16:32 - 00000687 _____ () C:\awhC62B.tmp
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-03 21:50 - 2012-11-22 12:45 - 00000000 ____D () C:\Users\Nils\Desktop\FreeIMU-20121122_1126
2014-09-03 21:49 - 2014-09-03 21:49 - 03224287 _____ () C:\Users\Nils\Downloads\FreeIMU-20121122_1126.zip
2014-09-03 21:33 - 2014-09-03 21:42 - 00000000 ____D () C:\Users\Nils\Desktop\arduimu_vD
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Documents\Arduino
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Arduino
2014-09-03 21:32 - 2014-09-03 21:32 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000995 _____ () C:\Users\Public\Desktop\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000000 ____D () C:\Program Files (x86)\Arduino
2014-09-03 21:30 - 2014-09-03 21:31 - 55119888 _____ () C:\Users\Nils\Downloads\arduino-1.0.5-r2-windows.exe
2014-09-03 21:26 - 2014-09-03 21:26 - 00016221 _____ () C:\Users\Nils\Downloads\arduimu_vD.rar
2014-09-03 16:11 - 2014-09-03 16:11 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk(1).zip
2014-09-03 16:00 - 2014-09-03 16:00 - 00000000 __RHD () C:\Users\Nils\AppData\Roaming\SecuROM
2014-09-03 15:59 - 2014-09-03 15:59 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(2).exe
2014-09-03 14:27 - 2014-09-03 14:27 - 00000687 _____ () C:\awh7A1F.tmp
2014-09-03 14:25 - 2014-09-03 14:25 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(1).exe
2014-09-03 14:21 - 2014-09-03 14:21 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft.exe
2014-09-03 14:10 - 2014-09-03 15:59 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-03 14:10 - 2014-09-03 14:09 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-03 14:10 - 2014-09-03 14:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 14:09 - 2014-09-03 14:09 - 00918952 _____ (Oracle Corporation) C:\Users\Nils\Downloads\jxpiinstall.exe
2014-09-03 14:09 - 2014-09-03 14:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-03 14:07 - 2011-08-09 12:14 - 00695296 _____ (AnjoCaido) C:\Users\Nils\Desktop\MinecraftSP.exe
2014-09-03 14:07 - 2004-01-01 23:19 - 302548481 _____ (InstallShield Software Corporation) C:\Users\Nils\Desktop\cs16full standalone.exe
2014-09-03 14:06 - 2014-09-03 14:06 - 00270142 _____ () C:\Users\Nils\Documents\Minecraft.exe
2014-09-03 14:03 - 2014-09-03 14:04 - 285203507 _____ () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings.rar
2014-09-03 13:58 - 2014-09-03 13:58 - 00652192 _____ (Steamless) C:\Users\Nils\Documents\Steamless Counter Strike Source Pack.exe
2014-09-03 13:40 - 2014-09-03 13:40 - 00002027 _____ () C:\Users\Nils\Desktop\Counter-Strike Source.lnk
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:37 - 2014-09-03 13:40 - 00000000 ____D () C:\Program Files (x86)\Counter-Strike Source
2014-09-03 13:34 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Nils\AppData\Roaming\SESSEC
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Nils\AppData\Roaming\OYVXKZPY
2014-08-31 14:28 - 2014-08-31 14:29 - 23207244 _____ () C:\Users\Nils\Downloads\youscope-wave.flac
2014-08-29 16:18 - 2014-08-29 16:18 - 00002684 _____ () C:\Users\Nils\AppData\Local\recently-used.xbel
2014-08-28 18:58 - 2014-08-28 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 1.5.3
2014-08-28 18:57 - 2014-08-28 18:58 - 00000000 ____D () C:\Program Files\wings3d_1.5.3
2014-08-28 18:56 - 2014-08-28 18:56 - 16062920 _____ () C:\Users\Nils\Downloads\wings-x64-1.5.3.exe
2014-08-28 18:51 - 2014-08-28 18:51 - 00001049 _____ () C:\Users\Public\Desktop\KiCad.lnk
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KiCad
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\Program Files (x86)\KiCad
2014-08-28 15:22 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:22 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:22 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 13:26 - 2014-08-28 13:29 - 207245212 _____ () C:\Users\Nils\Downloads\KiCad_stable-2013.07.07-BZR4022_Win_full_version.exe
2014-08-21 19:43 - 2014-08-21 19:43 - 00000000 ____D () C:\Program Files\Recuva
2014-08-21 13:53 - 2014-08-21 13:55 - 00000000 ____D () C:\Users\Nils\Desktop\Neuer Ordner
2014-08-21 13:53 - 2014-08-21 13:53 - 00121069 _____ () C:\Users\Nils\Downloads\memtest86+-5.01.usb.installer.zip
2014-08-20 23:39 - 2014-08-21 00:12 - 00077688 _____ () C:\Users\Nils\Desktop\Unbenannt 1.ods
2014-08-20 16:39 - 2014-08-20 16:39 - 04526080 _____ () C:\Users\Nils\Downloads\FRITZ.Box_Fon_WLAN_7113.60.04.68.image
2014-08-20 12:48 - 2014-08-20 12:48 - 00195072 _____ () C:\Users\Nils\Downloads\BERECHNUNG_PT1000.XLS
2014-08-19 19:49 - 2014-08-19 19:49 - 00015127 _____ () C:\Users\Nils\Documents\Unbenannt 1.ods
2014-08-19 17:27 - 2014-08-19 17:27 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\OpenOffice
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-08-19 17:26 - 2014-08-19 17:26 - 00000000 ____D () C:\Users\Nils\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-08-19 17:24 - 2014-08-19 17:25 - 164962843 _____ () C:\Users\Nils\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-08-18 17:34 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\Nils\AppData\Local\gtk-2.0
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieUserList
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieSiteList
2014-08-15 00:20 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 00:20 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 00:20 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 00:20 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 00:20 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 00:20 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 00:20 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 00:20 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 19:36 - 2014-08-14 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2014-08-14 19:36 - 2014-08-14 19:39 - 00000000 ____D () C:\Program Files (x86)\Voobly
2014-08-14 19:36 - 2014-08-14 19:36 - 09961548 _____ (Voobly ) C:\Users\Nils\Downloads\voobly-v2.1.67.1.exe
2014-08-14 19:36 - 2014-08-14 19:36 - 00000983 _____ () C:\Users\Nils\Desktop\Voobly.lnk
2014-08-14 17:31 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 17:31 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 17:31 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 17:31 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 17:31 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 17:31 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 17:31 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 17:31 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 17:31 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 17:31 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 17:31 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 17:31 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 17:31 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 17:31 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 17:31 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 17:31 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 17:31 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 17:31 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 17:31 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 17:31 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 17:31 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 17:31 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 17:31 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 17:31 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 17:31 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 17:30 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 17:30 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 17:30 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 17:30 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 17:30 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 17:30 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 17:30 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 17:30 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 17:30 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 17:30 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 17:30 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 17:30 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 17:30 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 17:30 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 17:30 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 17:30 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 17:30 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 17:30 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 17:30 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 17:30 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 17:30 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 17:30 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 17:30 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 17:30 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 17:30 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 17:30 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 17:30 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 17:30 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 17:30 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 17:30 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 17:30 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 17:30 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 17:30 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 17:30 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 17:30 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 17:30 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 17:30 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 17:30 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 17:30 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 17:30 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 17:30 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 17:30 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 17:30 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 17:30 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 17:30 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 17:30 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 17:30 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 17:30 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 17:30 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 17:24 - 2014-09-08 16:06 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn Hamachi
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-14 17:23 - 2014-08-14 17:23 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi.msi
2014-08-12 21:19 - 2014-08-12 21:19 - 00000219 _____ () C:\Windows\Directx.log
2014-08-12 21:19 - 2014-08-12 21:19 - 00000000 ____D () C:\Program Files (x86)\directx
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-08-11 18:38 - 2014-08-11 18:38 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Riot Games
2014-08-11 18:37 - 2014-08-11 18:38 - 34888568 _____ (Riot Games) C:\Users\Nils\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-08-11 15:52 - 2008-01-19 01:10 - 00154168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys
2014-08-11 15:50 - 2014-08-11 16:26 - 00000000 ____D () C:\Program Files (x86)\vLite
2014-08-11 15:50 - 2014-08-11 15:50 - 01620715 _____ (Dino Nuhagic (nuhi) ) C:\Users\Nils\Downloads\vLite-1.2.installer.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00518940 _____ () C:\Users\Nils\Downloads\wimfltr.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vLite
2014-08-11 15:49 - 2014-08-11 16:15 - 2463242240 _____ () C:\Users\Nils\Downloads\X15-65740.iso
2014-08-11 15:32 - 2014-08-11 15:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\WinRAR
2014-08-11 15:30 - 2014-08-11 15:31 - 00000000 ____D () C:\Users\Nils\Desktop\stick
2014-08-11 15:30 - 2014-08-11 15:30 - 02060744 _____ () C:\Users\Nils\Downloads\winrar-x64-510d.exe
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 15:20 - 2014-08-11 15:24 - 348127232 _____ () C:\Users\Nils\Downloads\android-x86-4.4-RC2.iso
2014-08-10 11:30 - 2014-08-10 11:30 - 00400569 _____ () C:\Users\Nils\Downloads\agmp3plugin.exe
2014-08-10 11:28 - 2014-08-10 11:28 - 00001164 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 11:27 - 2014-08-10 11:27 - 00000435 _____ () C:\Windows\cdplayer.ini
2014-08-10 11:23 - 2014-08-10 11:30 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-08-10 11:23 - 2014-08-10 11:28 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-10 11:23 - 2014-08-10 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-08-09 17:54 - 2014-08-09 17:54 - 00587776 _____ (Igor Pavlov) C:\Users\Nils\Downloads\7za.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00078848 _____ () C:\Users\Nils\Downloads\Archive.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00043008 _____ () C:\Users\Nils\Downloads\39dll.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00005845 _____ () C:\Users\Nils\Downloads\txt.sec
2014-08-09 17:54 - 2014-08-09 17:54 - 00000000 ____D () C:\Users\Nils\Downloads\Resources
2014-08-09 17:42 - 2014-08-09 17:42 - 00000034 _____ () C:\Windows\AvastEmUpdate.ini
2014-08-09 17:42 - 2014-08-09 17:42 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-09 17:41 - 2014-08-09 17:41 - 00519488 _____ (AVAST Software) C:\Users\Nils\Downloads\avastclear.exe
2014-08-09 17:37 - 2014-08-09 17:43 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\AVAST Software
2014-08-09 17:37 - 2014-08-09 17:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-09 17:36 - 2014-08-09 17:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-09 17:36 - 2014-08-09 17:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 17:36 - 2014-08-09 17:36 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407598624688
2014-08-09 17:36 - 2014-08-09 17:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 17:29 - 2014-08-09 17:29 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi_CB-DL-Manager [1].exe
2014-08-09 17:19 - 2014-09-05 00:08 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Local\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-09 17:16 - 2014-08-09 17:16 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Nils\Downloads\SkypeSetup.exe
2014-08-09 16:17 - 2014-08-09 16:42 - 361544078 _____ () C:\Users\Nils\Downloads\gta2installer.zip
2014-08-09 16:16 - 2014-08-09 16:17 - 01101648 _____ () C:\Users\Nils\Downloads\Grand Theft Auto GTA 2 - CHIP-Installer.exe
2014-08-09 15:08 - 2014-08-09 15:08 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk.zip
2014-08-09 15:08 - 2014-08-09 15:08 - 00000948 _____ () C:\Users\Nils\Downloads\aoe2-vista-win7-fix.zip
2014-08-09 15:05 - 2014-08-09 16:09 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-09 15:04 - 2014-08-09 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-08-09 15:03 - 2014-08-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-08-09 14:58 - 2014-08-14 19:44 - 00000000 ____D () C:\Users\Nils\Desktop\Age of Empires II & The Conquerors
2014-08-09 14:54 - 2014-09-03 13:37 - 00000000 ____D () C:\Users\Nils\Desktop\Counter Strike Source
2014-08-09 14:53 - 2014-08-09 14:54 - 00000000 ____D () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings
2014-08-09 14:53 - 2006-10-10 07:56 - 733777632 _____ () C:\Users\Nils\Desktop\Counter Strike Source.install.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 17:09 - 2014-09-04 17:47 - 00010564 _____ () C:\Users\Nils\Desktop\FRST.txt
2014-09-08 17:09 - 2014-09-04 17:47 - 00000000 ____D () C:\FRST
2014-09-08 17:07 - 2014-09-08 17:06 - 00025168 _____ () C:\Users\Nils\Desktop\SystemLook.txt
2014-09-08 17:06 - 2014-09-08 17:06 - 00165376 _____ () C:\Users\Nils\Desktop\SystemLook_x64.exe
2014-09-08 17:06 - 2014-09-08 17:06 - 00000701 _____ () C:\Users\Nils\Desktop\checkup.txt
2014-09-08 17:04 - 2014-09-08 17:04 - 00854417 _____ () C:\Users\Nils\Desktop\SecurityCheck.exe
2014-09-08 16:13 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 16:13 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 16:12 - 2010-11-21 08:50 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-09-08 16:12 - 2010-11-21 08:50 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-09-08 16:12 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 16:11 - 2014-07-14 17:07 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Spotify
2014-09-08 16:09 - 2014-07-14 11:29 - 01921352 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 16:08 - 2014-09-08 16:08 - 02347384 _____ (ESET) C:\Users\Nils\Downloads\esetsmartinstaller_deu.exe
2014-09-08 16:08 - 2014-09-08 16:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-08 16:06 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn Hamachi
2014-09-08 16:06 - 2014-07-14 11:51 - 00000000 _____ () C:\ProgramData\Gpu.log
2014-09-08 16:06 - 2010-11-21 05:47 - 00168296 _____ () C:\Windows\PFRO.log
2014-09-08 16:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 16:06 - 2009-07-14 06:51 - 00035605 _____ () C:\Windows\setupact.log
2014-09-08 16:04 - 2014-09-08 16:04 - 00000000 ____D () C:\Users\Nils\Desktop\FRST-OlderVersion
2014-09-08 16:04 - 2014-09-04 17:46 - 02105344 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2014-09-08 16:01 - 2014-07-14 17:13 - 00000000 ____D () C:\Users\Nils\AppData\Local\Spotify
2014-09-05 18:33 - 2014-09-04 17:47 - 00016047 _____ () C:\Users\Nils\Desktop\Addition.txt
2014-09-05 18:32 - 2014-09-05 18:32 - 00000751 _____ () C:\Users\Nils\Desktop\JRT.txt
2014-09-05 18:28 - 2014-09-05 18:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-05 18:27 - 2014-09-05 18:27 - 00003547 _____ () C:\Users\Nils\Desktop\mbam.txt
2014-09-05 18:27 - 2014-09-05 18:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 18:14 - 2014-09-05 18:14 - 00011651 _____ () C:\Users\Nils\Desktop\AdwCleaner[S0].txt
2014-09-05 18:14 - 2014-09-05 18:14 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 18:14 - 2014-09-05 18:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 18:12 - 2014-09-05 18:12 - 00000000 ____D () C:\AdwCleaner
2014-09-05 18:11 - 2014-09-05 18:11 - 01016261 _____ (Thisisu) C:\Users\Nils\Desktop\JRT.exe
2014-09-05 18:11 - 2014-09-05 18:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nils\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-05 18:10 - 2014-09-05 18:10 - 01370483 _____ () C:\Users\Nils\Desktop\adwcleaner_3.309.exe
2014-09-05 00:08 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Skype
2014-09-04 19:29 - 2014-09-04 19:29 - 00027462 _____ () C:\ComboFix.txt
2014-09-04 19:29 - 2014-09-04 19:23 - 00000000 ____D () C:\Qoobox
2014-09-04 19:29 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-04 19:28 - 2014-09-04 19:23 - 00000000 ____D () C:\Windows\erdnt
2014-09-04 19:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-04 19:26 - 2014-07-14 17:56 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe
2014-09-04 19:22 - 2014-09-04 19:22 - 05576326 ____R (Swearware) C:\Users\Nils\Desktop\ComboFix.exe
2014-09-04 18:27 - 2014-09-04 18:27 - 00012396 _____ () C:\Users\Nils\Desktop\Avirae.txt
2014-09-04 18:17 - 2014-09-04 18:17 - 00004051 _____ () C:\Users\Nils\Desktop\gmer.txt
2014-09-04 17:57 - 2014-09-04 17:57 - 00380416 _____ () C:\Users\Nils\Downloads\yn11zb4n.exe
2014-09-04 17:46 - 2014-09-04 17:46 - 00000470 _____ () C:\Users\Nils\Desktop\defogger_disable.log
2014-09-04 17:46 - 2014-09-04 17:46 - 00000000 _____ () C:\Users\Nils\defogger_reenable
2014-09-04 17:46 - 2014-07-14 11:29 - 00000000 ____D () C:\Users\Nils
2014-09-04 17:45 - 2014-09-04 17:45 - 00050477 _____ () C:\Users\Nils\Downloads\Defogger.exe
2014-09-04 16:46 - 2014-09-04 16:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 16:45 - 2014-09-04 16:40 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-04 16:45 - 2014-09-04 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-04 16:45 - 2014-09-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-04 16:40 - 2014-09-04 16:38 - 00000000 ____D () C:\ProgramData\Avira
2014-09-04 16:39 - 2014-09-04 16:40 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-04 16:39 - 2014-09-04 16:39 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Avira
2014-09-04 16:38 - 2014-09-04 16:38 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-09-04 16:37 - 2014-09-04 16:37 - 00000000 ____D () C:\Windows\pss
2014-09-04 16:35 - 2014-09-04 16:33 - 149527616 _____ () C:\Users\Nils\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-09-04 16:32 - 2014-09-04 16:32 - 00000687 _____ () C:\awhC62B.tmp
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-04 16:28 - 2014-09-04 16:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-03 21:49 - 2014-09-03 21:49 - 03224287 _____ () C:\Users\Nils\Downloads\FreeIMU-20121122_1126.zip
2014-09-03 21:42 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Desktop\arduimu_vD
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\Documents\Arduino
2014-09-03 21:33 - 2014-09-03 21:33 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Arduino
2014-09-03 21:32 - 2014-09-03 21:32 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000995 _____ () C:\Users\Public\Desktop\Arduino.lnk
2014-09-03 21:32 - 2014-09-03 21:32 - 00000000 ____D () C:\Program Files (x86)\Arduino
2014-09-03 21:32 - 2014-07-31 14:01 - 00012926 _____ () C:\Windows\DPINST.LOG
2014-09-03 21:31 - 2014-09-03 21:30 - 55119888 _____ () C:\Users\Nils\Downloads\arduino-1.0.5-r2-windows.exe
2014-09-03 21:26 - 2014-09-03 21:26 - 00016221 _____ () C:\Users\Nils\Downloads\arduimu_vD.rar
2014-09-03 16:11 - 2014-09-03 16:11 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk(1).zip
2014-09-03 16:00 - 2014-09-03 16:00 - 00000000 __RHD () C:\Users\Nils\AppData\Roaming\SecuROM
2014-09-03 15:59 - 2014-09-03 15:59 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(2).exe
2014-09-03 15:59 - 2014-09-03 14:10 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\.minecraft
2014-09-03 14:27 - 2014-09-03 14:27 - 00000687 _____ () C:\awh7A1F.tmp
2014-09-03 14:25 - 2014-09-03 14:25 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft(1).exe
2014-09-03 14:21 - 2014-09-03 14:21 - 00675988 _____ () C:\Users\Nils\Downloads\Minecraft.exe
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 14:10 - 2014-09-03 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-03 14:09 - 2014-09-03 14:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-03 14:09 - 2014-09-03 14:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 14:09 - 2014-09-03 14:09 - 00918952 _____ (Oracle Corporation) C:\Users\Nils\Downloads\jxpiinstall.exe
2014-09-03 14:09 - 2014-09-03 14:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-03 14:06 - 2014-09-03 14:06 - 00270142 _____ () C:\Users\Nils\Documents\Minecraft.exe
2014-09-03 14:04 - 2014-09-03 14:03 - 285203507 _____ () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings.rar
2014-09-03 13:58 - 2014-09-03 13:58 - 00652192 _____ (Steamless) C:\Users\Nils\Documents\Steamless Counter Strike Source Pack.exe
2014-09-03 13:40 - 2014-09-03 13:40 - 00002027 _____ () C:\Users\Nils\Desktop\Counter-Strike Source.lnk
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2014-09-03 13:40 - 2014-09-03 13:37 - 00000000 ____D () C:\Program Files (x86)\Counter-Strike Source
2014-09-03 13:37 - 2014-08-09 14:54 - 00000000 ____D () C:\Users\Nils\Desktop\Counter Strike Source
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Nils\AppData\Roaming\SESSEC
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Nils\AppData\Roaming\OYVXKZPY
2014-08-31 20:19 - 2014-07-16 22:09 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\vlc
2014-08-31 14:29 - 2014-08-31 14:28 - 23207244 _____ () C:\Users\Nils\Downloads\youscope-wave.flac
2014-08-29 16:18 - 2014-08-29 16:18 - 00002684 _____ () C:\Users\Nils\AppData\Local\recently-used.xbel
2014-08-29 16:18 - 2014-07-14 22:18 - 00000000 ____D () C:\Users\Nils\.gimp-2.8
2014-08-28 18:58 - 2014-08-28 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 1.5.3
2014-08-28 18:58 - 2014-08-28 18:57 - 00000000 ____D () C:\Program Files\wings3d_1.5.3
2014-08-28 18:56 - 2014-08-28 18:56 - 16062920 _____ () C:\Users\Nils\Downloads\wings-x64-1.5.3.exe
2014-08-28 18:51 - 2014-08-28 18:51 - 00001049 _____ () C:\Users\Public\Desktop\KiCad.lnk
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KiCad
2014-08-28 18:51 - 2014-08-28 18:51 - 00000000 ____D () C:\Program Files (x86)\KiCad
2014-08-28 17:49 - 2009-07-14 06:45 - 00304712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 13:29 - 2014-08-28 13:26 - 207245212 _____ () C:\Users\Nils\Downloads\KiCad_stable-2013.07.07-BZR4022_Win_full_version.exe
2014-08-23 04:07 - 2014-08-28 15:22 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:22 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:22 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 19:43 - 2014-08-21 19:43 - 00000000 ____D () C:\Program Files\Recuva
2014-08-21 13:55 - 2014-08-21 13:53 - 00000000 ____D () C:\Users\Nils\Desktop\Neuer Ordner
2014-08-21 13:53 - 2014-08-21 13:53 - 00121069 _____ () C:\Users\Nils\Downloads\memtest86+-5.01.usb.installer.zip
2014-08-21 00:12 - 2014-08-20 23:39 - 00077688 _____ () C:\Users\Nils\Desktop\Unbenannt 1.ods
2014-08-20 16:39 - 2014-08-20 16:39 - 04526080 _____ () C:\Users\Nils\Downloads\FRITZ.Box_Fon_WLAN_7113.60.04.68.image
2014-08-20 14:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 12:48 - 2014-08-20 12:48 - 00195072 _____ () C:\Users\Nils\Downloads\BERECHNUNG_PT1000.XLS
2014-08-19 19:49 - 2014-08-19 19:49 - 00015127 _____ () C:\Users\Nils\Documents\Unbenannt 1.ods
2014-08-19 19:08 - 2014-07-14 11:32 - 00067128 _____ () C:\Users\Nils\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-19 17:27 - 2014-08-19 17:27 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\OpenOffice
2014-08-19 17:27 - 2014-08-19 17:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-08-19 17:26 - 2014-08-19 17:26 - 00000000 ____D () C:\Users\Nils\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-08-19 17:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 17:25 - 2014-08-19 17:24 - 164962843 _____ () C:\Users\Nils\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-08-18 17:35 - 2014-08-18 17:34 - 00000000 ____D () C:\Users\Nils\AppData\Local\gtk-2.0
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieUserList
2014-08-15 22:41 - 2014-08-15 22:41 - 00000000 __SHD () C:\Users\Nils\AppData\Local\EmieSiteList
2014-08-15 13:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 10:30 - 2014-09-04 16:38 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-09-04 16:38 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-09-04 16:38 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-15 00:20 - 2014-07-30 11:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 19:44 - 2014-08-09 14:58 - 00000000 ____D () C:\Users\Nils\Desktop\Age of Empires II & The Conquerors
2014-08-14 19:39 - 2014-08-14 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2014-08-14 19:39 - 2014-08-14 19:36 - 00000000 ____D () C:\Program Files (x86)\Voobly
2014-08-14 19:36 - 2014-08-14 19:36 - 09961548 _____ (Voobly ) C:\Users\Nils\Downloads\voobly-v2.1.67.1.exe
2014-08-14 19:36 - 2014-08-14 19:36 - 00000983 _____ () C:\Users\Nils\Desktop\Voobly.lnk
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\LogMeIn
2014-08-14 17:24 - 2014-08-14 17:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-14 17:23 - 2014-08-14 17:23 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi.msi
2014-08-12 21:19 - 2014-08-12 21:19 - 00000219 _____ () C:\Windows\Directx.log
2014-08-12 21:19 - 2014-08-12 21:19 - 00000000 ____D () C:\Program Files (x86)\directx
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-08-12 21:18 - 2014-07-14 11:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-11 18:38 - 2014-08-11 18:38 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Riot Games
2014-08-11 18:38 - 2014-08-11 18:37 - 34888568 _____ (Riot Games) C:\Users\Nils\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-08-11 16:26 - 2014-08-11 15:50 - 00000000 ____D () C:\Program Files (x86)\vLite
2014-08-11 16:15 - 2014-08-11 15:49 - 2463242240 _____ () C:\Users\Nils\Downloads\X15-65740.iso
2014-08-11 15:50 - 2014-08-11 15:50 - 01620715 _____ (Dino Nuhagic (nuhi) ) C:\Users\Nils\Downloads\vLite-1.2.installer.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00518940 _____ () C:\Users\Nils\Downloads\wimfltr.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vLite
2014-08-11 15:32 - 2014-08-11 15:32 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\WinRAR
2014-08-11 15:31 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\Desktop\stick
2014-08-11 15:30 - 2014-08-11 15:30 - 02060744 _____ () C:\Users\Nils\Downloads\winrar-x64-510d.exe
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 15:30 - 2014-08-11 15:30 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 15:24 - 2014-08-11 15:20 - 348127232 _____ () C:\Users\Nils\Downloads\android-x86-4.4-RC2.iso
2014-08-10 11:35 - 2014-07-14 11:29 - 00000000 ____D () C:\Users\Nils\AppData\Local\VirtualStore
2014-08-10 11:30 - 2014-08-10 11:30 - 00400569 _____ () C:\Users\Nils\Downloads\agmp3plugin.exe
2014-08-10 11:30 - 2014-08-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-08-10 11:28 - 2014-08-10 11:28 - 00001164 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 11:28 - 2014-08-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-10 11:27 - 2014-08-10 11:27 - 00000435 _____ () C:\Windows\cdplayer.ini
2014-08-10 11:23 - 2014-08-10 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-08-09 17:54 - 2014-08-09 17:54 - 00587776 _____ (Igor Pavlov) C:\Users\Nils\Downloads\7za.exe
2014-08-09 17:54 - 2014-08-09 17:54 - 00078848 _____ () C:\Users\Nils\Downloads\Archive.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00043008 _____ () C:\Users\Nils\Downloads\39dll.dll
2014-08-09 17:54 - 2014-08-09 17:54 - 00005845 _____ () C:\Users\Nils\Downloads\txt.sec
2014-08-09 17:54 - 2014-08-09 17:54 - 00000000 ____D () C:\Users\Nils\Downloads\Resources
2014-08-09 17:43 - 2014-08-09 17:37 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\AVAST Software
2014-08-09 17:43 - 2014-08-09 17:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-09 17:43 - 2014-08-09 17:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 17:42 - 2014-08-09 17:42 - 00000034 _____ () C:\Windows\AvastEmUpdate.ini
2014-08-09 17:42 - 2014-08-09 17:42 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-09 17:41 - 2014-08-09 17:41 - 00519488 _____ (AVAST Software) C:\Users\Nils\Downloads\avastclear.exe
2014-08-09 17:37 - 2014-08-09 17:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-09 17:36 - 2014-08-09 17:36 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407598624688
2014-08-09 17:36 - 2014-08-09 17:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-09 17:29 - 2014-08-09 17:29 - 08499200 _____ () C:\Users\Nils\Downloads\hamachi_CB-DL-Manager [1].exe
2014-08-09 17:19 - 2014-08-09 17:19 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\Users\Nils\AppData\Local\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-09 17:16 - 2014-08-09 17:16 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Nils\Downloads\SkypeSetup.exe
2014-08-09 16:42 - 2014-08-09 16:17 - 361544078 _____ () C:\Users\Nils\Downloads\gta2installer.zip
2014-08-09 16:31 - 2014-07-15 12:17 - 00001001 _____ () C:\Users\Nils\Desktop\DVBViewer TE2.lnk
2014-08-09 16:17 - 2014-08-09 16:16 - 01101648 _____ () C:\Users\Nils\Downloads\Grand Theft Auto GTA 2 - CHIP-Installer.exe
2014-08-09 16:09 - 2014-08-09 15:05 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-09 15:08 - 2014-08-09 15:08 - 01659099 _____ () C:\Users\Nils\Downloads\aokpatch2a-crk.zip
2014-08-09 15:08 - 2014-08-09 15:08 - 00000948 _____ () C:\Users\Nils\Downloads\aoe2-vista-win7-fix.zip
2014-08-09 15:04 - 2014-08-09 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-08-09 15:03 - 2014-08-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-08-09 14:54 - 2014-08-09 14:53 - 00000000 ____D () C:\Users\Nils\Desktop\AoE 2 - The Age of Kings

Some content of TEMP:
====================
C:\Users\Nils\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 14:41

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Nils at 2014-09-08 17:09:47
Running from C:\Users\Nils\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Catalyst Control Center Core Implementation (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help English (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help French (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help German (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0210.2206.39615 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0210.2206.39615 - ATI) Hidden
Counter-Strike: Source (HKLM-x32\...\Counter-Strike: Source) (Version:  - Valve)
Dl-Fldigi 3.21.50 (HKLM-x32\...\Dl-Fldigi-3.21.50) (Version: 3.21.50 - Fldigi developers)
DVBViewer TE2 (HKLM-x32\...\DVBViewer TE2_is1) (Version:  - CM&V)
EAGLE 7.0.0 (HKLM-x32\...\EAGLE 7.0.0) (Version: 7.0.0 - CadSoft Computer GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPU Boost Driver (HKLM-x32\...\{B8887E02-C910-4498-A7C0-186ABFDCD110}) (Version: 1.01.15 - ASUS)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HD-V9.4 (HKLM-x32\...\HD-V9.4) (Version: 1.34.8.12 - HD-V9.4)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
KiCad 2013.07.07 (HKLM-x32\...\KiCad) (Version: 2013.07.07 - )
Lazarus 1.2.4 (HKLM\...\lazarus_is1) (Version: 1.2.4 - Lazarus Team)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
RAPID Mode (Version: 1.0.1.68 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
TechniSat DVB-PC TV Star (HKLM-x32\...\{CE9F9FBC-5253-46D2-9883-09E55003D794}) (Version: 1.0.0 - TechniSat)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
vLite (HKLM-x32\...\vLite_is1) (Version: 1.2 - Dino Nuhagic (nuhi))
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
Windows 7 Codec Pack 4.0.9 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.9 - Windows 7 Codec Pack)
Wings 3D 1.5.3 (HKLM-x32\...\Wings 3D 1.5.3) (Version:  - )
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-08-2014 10:50:58 Windows Update
26-08-2014 14:45:02 Windows Update
28-08-2014 13:25:07 Windows Update
02-09-2014 09:16:38 Windows Update
03-09-2014 12:09:52 Installed Java 7 Update 67
03-09-2014 19:32:35 Gerätetreiber-Paketinstallation: Arduino LLC (www.arduino.cc) Anschlüsse (COM & LPT)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-04 19:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A7E86B7-1B7A-427A-A43D-CF86881C04D2} - System32\Tasks\ASUS\Gpu Boost Driver => C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe [2010-03-27] (
ASUSTeK Computer Inc.)
Task: {BE6D4175-D219-4B4F-ADBD-A0E9BD2D3FE6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {D9D7CAD7-4878-4BAC-BA72-167CB32390C8} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)

==================== Loaded Modules (whitelisted) =============

2014-07-14 11:47 - 2014-07-14 11:47 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00610872 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-14 11:49 - 2010-03-12 05:40 - 04449632 _____ () C:\Program Files (x86)\ASUS\GPU Boost Driver\Platform.dll
2014-07-14 11:49 - 2010-03-12 05:40 - 00423256 _____ () C:\Program Files (x86)\ASUS\GPU Boost Driver\Device.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 36966968 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-08 16:06 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Nils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 12:02 - 2014-05-06 11:24 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00103424 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\PAL.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00039424 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SATA.dll
2014-07-14 12:02 - 2014-05-19 20:19 - 00038400 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAT.dll
2014-07-14 12:02 - 2014-05-19 20:20 - 00031232 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SMINI.dll
2014-07-14 12:02 - 2014-05-19 20:19 - 00029696 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAS.dll
2014-07-14 21:16 - 2014-08-26 12:28 - 00867896 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00886840 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-07-14 17:13 - 2014-08-26 12:28 - 00108600 _____ () C:\Users\Nils\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-14 17:25 - 2014-07-14 17:25 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2014-07-23 20:45 - 2014-07-23 20:46 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Nils^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BoostUpdater.lnk => C:\Windows\pss\BoostUpdater.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nils^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^genesis_09031222.lnk => C:\Windows\pss\genesis_09031222.lnk.Startup
MSCONFIG\startupreg: genesis_09031222 => "c:\users\nils\appdata\local\genesis_09031222\genesis_09031222.exe" /r
MSCONFIG\startupreg: InetStat => C:\Users\Nils\AppData\Roaming\InetStat\inetstat.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Voobly => "C:\Program Files (x86)\Voobly\voobly.exe" --startup

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2014 05:04:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/08/2014 04:08:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/08/2014 04:08:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/08/2014 04:07:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2014 04:03:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 09:47:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/08/2014 04:07:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/08/2014 04:02:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (09/08/2014 05:04:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/08/2014 04:08:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nils\Downloads\esetsmartinstaller_deu.exe

Error: (09/08/2014 04:08:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nils\Downloads\esetsmartinstaller_deu.exe

Error: (09/08/2014 04:07:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2014 04:03:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 09:47:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-09-04 19:26:20.052
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-04 19:26:20.005
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 44%
Total physical RAM: 7935.16 MB
Available physical RAM: 4427.02 MB
Total Pagefile: 15868.5 MB
Available Pagefile: 12060.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:56.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 50B522E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Danke

Nils

M-K-D-B 09.09.2014 08:55
Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD-V9.4
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\HD-V9.4
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.








Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
  • Verwende für jede Anwendung und jeden Account ein anderes Passwort.
  • Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
  • Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
  • Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
  • Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
  • Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.





Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Adobe Flash Player
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

nonever_ 10.09.2014 15:15
Scheint alles wieder fit zu sein, das fixlog war auch unauffällig... Da kann ich nur ein ganz großes Danke für die Kompetente Hilfe geben ;-)

Nils

M-K-D-B 11.09.2014 10:29
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19