Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7: Maus klickt selbstständig (https://www.trojaner-board.de/142323-windows-7-maus-klickt-selbststaendig.html)

GorillazZz 30.09.2013 13:04
Windows 7: Maus klickt selbstständig
 
Hallo,

seit etwa einer Woche klickt meine Maus von alleine bzw. wechselt von Fifa 14 auf dem Desktop, ohne dass ich Alt+Tab verwendet habe. Ich habe einen Scan mit Avast durchgeführt, jedoch fand der keinen Virus. Wie kann ich das Problem beheben?

schrauber 30.09.2013 15:19
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


GorillazZz 30.09.2013 15:37
Danke schon einmal, hier die Logs:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Daniel (administrator) on MD-PET on 30-09-2013 16:28:44
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Electronic Arts) E:\Origin\Origin.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-05-08] (AMD)
MountPoints2: {d2e6ec34-fffa-11df-9770-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBDF9AC662F12CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: 127.0.0.1 uswest.battle.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\user.js
FF NetworkProxy: "http", "84.73.125.222"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Daniel\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Daniel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Geolocater - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\geolocater@3liz.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: firefox - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
S4 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S4 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2011-07-08] (Arainia Solutions)
S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()

==================== Drivers (Whitelisted) ====================

S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-09-27] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-09-27] ()
S3 cpuz130; \??\C:\Users\Daniel\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 odysseyIM3; \??\C:\Windows\system32\DRIVERS\odysseyIM3.sys [x]
S3 PCANDIS5; \??\C:\Windows\system32\PCANDIS5.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 16:28 - 2013-09-30 16:28 - 01953880 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-09-30 16:28 - 2013-09-30 16:28 - 00000000 ____D C:\FRST
2013-09-30 08:02 - 2013-09-30 08:02 - 00979896 _____ C:\Windows\Minidump\093013-27534-01.dmp
2013-09-27 12:57 - 2013-09-27 12:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Daniel\Desktop\HiJackThis204.exe
2013-09-27 08:57 - 2013-09-27 08:57 - 00000000 ____D C:\Windows\pss
2013-09-26 11:18 - 2013-09-30 13:04 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 14
2013-09-26 11:11 - 2013-09-26 11:12 - 00000734 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-09-26 11:10 - 2013-09-26 11:11 - 00018511 _____ C:\Windows\DirectX.log
2013-09-23 17:33 - 2013-09-23 17:33 - 00015766 _____ C:\Users\Daniel\Desktop\Studienplan.xlsx
2013-09-23 12:34 - 2013-09-23 12:34 - 00000000 ____D C:\Users\Daniel\Downloads\BoSa
2013-09-21 13:52 - 2013-09-30 08:02 - 00002386 _____ C:\Windows\setupact.log
2013-09-21 13:52 - 2013-09-21 13:52 - 00001100 _____ C:\Windows\PFRO.log
2013-09-21 13:52 - 2013-09-21 13:52 - 00000000 _____ C:\Windows\setuperr.log
2013-09-20 11:03 - 2013-09-20 11:03 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-20 11:03 - 2013-09-20 11:03 - 00000000 ____D C:\Program Files\Java
2013-09-20 07:54 - 2013-09-20 11:03 - 00000000 ____D C:\ProgramData\Oracle
2013-09-20 07:54 - 2013-09-20 07:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-20 07:54 - 2013-09-20 07:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-19 19:28 - 2013-09-19 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-19 19:28 - 2013-09-19 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-11 22:58 - 2013-09-11 22:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\cef-cache
2013-09-11 22:57 - 2013-09-26 23:13 - 00001527 _____ C:\Users\Daniel\Desktop\partypoker.lnk
2013-09-11 22:57 - 2013-09-11 22:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Party
2013-09-11 09:48 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 09:48 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 09:48 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 09:48 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 09:48 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 09:48 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 09:48 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 09:48 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 09:48 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 09:48 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 09:48 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 09:48 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 09:43 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:43 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:43 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:43 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:43 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:43 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:43 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:43 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:43 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:43 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:43 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:43 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:43 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:43 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:43 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:43 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:43 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:43 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:43 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:43 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:43 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:43 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:43 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:43 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:43 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:43 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 23:45 - 2013-09-10 23:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-10 10:59 - 2013-09-10 10:59 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 14 Demo
2013-09-08 10:35 - 2013-09-08 10:41 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-09-08 10:35 - 2013-09-08 10:35 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\ProgramData\BlueStacks
2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\Program Files (x86)\BlueStacks

==================== One Month Modified Files and Folders =======

2013-09-30 16:28 - 2013-09-30 16:28 - 01953880 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-09-30 16:28 - 2013-09-30 16:28 - 00000000 ____D C:\FRST
2013-09-30 16:28 - 2013-05-04 08:22 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\NetSpeedMonitor
2013-09-30 16:06 - 2013-05-18 10:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-30 15:15 - 2010-10-23 00:30 - 02047122 _____ C:\Windows\WindowsUpdate.log
2013-09-30 13:04 - 2013-09-26 11:18 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 14
2013-09-30 08:09 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-30 08:09 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-30 08:07 - 2009-07-14 19:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-09-30 08:07 - 2009-07-14 19:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-09-30 08:07 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 08:02 - 2013-09-30 08:02 - 00979896 _____ C:\Windows\Minidump\093013-27534-01.dmp
2013-09-30 08:02 - 2013-09-21 13:52 - 00002386 _____ C:\Windows\setupact.log
2013-09-30 08:02 - 2012-07-05 12:03 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-30 08:02 - 2011-02-15 22:59 - 00000000 ____D C:\Windows\Minidump
2013-09-30 08:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 23:38 - 2010-10-23 10:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TS3Client
2013-09-28 12:39 - 2010-10-22 20:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ICQ
2013-09-27 18:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-27 17:27 - 2010-10-22 20:34 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
2013-09-27 16:56 - 2010-11-24 22:55 - 00000322 _____ C:\Users\Daniel\Desktop\Neues Textdokument.txt
2013-09-27 16:24 - 2013-01-22 10:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2013-09-27 16:01 - 2011-07-10 19:16 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-09-27 16:00 - 2011-07-08 21:52 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-27 13:21 - 2010-10-22 19:04 - 00030528 _____ C:\Windows\GVTDrv64.sys
2013-09-27 13:20 - 2010-10-22 19:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-27 13:19 - 2010-10-22 18:58 - 00000236 _____ C:\service.log
2013-09-27 12:56 - 2013-09-27 12:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Daniel\Desktop\HiJackThis204.exe
2013-09-27 08:57 - 2013-09-27 08:57 - 00000000 ____D C:\Windows\pss
2013-09-26 23:13 - 2013-09-11 22:57 - 00001527 _____ C:\Users\Daniel\Desktop\partypoker.lnk
2013-09-26 22:40 - 2010-10-22 19:38 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-26 11:12 - 2013-09-26 11:11 - 00000734 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-09-26 11:11 - 2013-09-26 11:10 - 00018511 _____ C:\Windows\DirectX.log
2013-09-23 17:33 - 2013-09-23 17:33 - 00015766 _____ C:\Users\Daniel\Desktop\Studienplan.xlsx
2013-09-23 12:34 - 2013-09-23 12:34 - 00000000 ____D C:\Users\Daniel\Downloads\BoSa
2013-09-21 13:52 - 2013-09-21 13:52 - 00001100 _____ C:\Windows\PFRO.log
2013-09-21 13:52 - 2013-09-21 13:52 - 00000000 _____ C:\Windows\setuperr.log
2013-09-21 12:24 - 2010-10-22 18:33 - 00000000 ____D C:\Users\Daniel\AppData\Local\Microsoft Games
2013-09-21 12:21 - 2010-10-22 19:34 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-21 11:23 - 2010-10-23 01:23 - 00000000 ____D C:\Windows\Panther
2013-09-21 10:07 - 2012-05-04 05:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-20 18:06 - 2013-05-18 10:59 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 18:06 - 2012-04-02 23:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 18:06 - 2011-05-19 10:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 11:03 - 2013-09-20 11:03 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-20 11:03 - 2013-09-20 11:03 - 00000000 ____D C:\Program Files\Java
2013-09-20 11:03 - 2013-09-20 07:54 - 00000000 ____D C:\ProgramData\Oracle
2013-09-20 11:03 - 2013-03-05 06:07 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-09-20 11:03 - 2012-02-20 10:19 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-20 11:03 - 2010-12-27 12:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-20 11:03 - 2010-12-27 12:58 - 00000000 ____D C:\Program Files\WinRAR
2013-09-20 07:54 - 2013-09-20 07:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-20 07:54 - 2013-09-20 07:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-20 07:54 - 2012-06-14 20:54 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-20 07:54 - 2012-01-01 16:40 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-20 07:40 - 2010-10-22 19:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Mozilla
2013-09-19 19:59 - 2011-01-13 18:29 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-09-19 19:39 - 2013-09-19 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-19 19:28 - 2013-09-19 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 15:58 - 2012-10-19 12:16 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-09-16 22:12 - 2012-09-11 14:47 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 13
2013-09-14 11:21 - 2013-06-16 13:39 - 00000000 ____D C:\Windows\rescache
2013-09-12 21:09 - 2013-08-29 14:47 - 00000000 ____D C:\ProgramData\TP-LINK
2013-09-12 20:24 - 2011-06-16 00:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 08:47 - 2011-04-21 21:42 - 00000000 ____D C:\ProgramData\DivX
2013-09-12 08:47 - 2011-04-21 21:42 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-11 22:58 - 2013-09-11 22:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\cef-cache
2013-09-11 22:57 - 2013-09-11 22:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Party
2013-09-11 20:32 - 2010-10-22 18:33 - 00000000 ___RD C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 20:32 - 2010-10-22 18:33 - 00000000 ___RD C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 20:32 - 2009-07-14 06:45 - 00449976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 20:17 - 2010-10-23 10:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\TeamSpeak 3 Client
2013-09-11 09:48 - 2013-07-11 07:39 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 09:47 - 2010-10-22 19:30 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 23:50 - 2010-10-23 12:15 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe
2013-09-10 23:45 - 2013-09-10 23:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-10 23:45 - 2010-10-23 12:15 - 00000000 ____D C:\ProgramData\Adobe
2013-09-10 10:59 - 2013-09-10 10:59 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 14 Demo
2013-09-10 08:21 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-08 10:53 - 2013-07-29 17:53 - 00000064 _____ C:\Users\Daniel\Desktop\bic02.txt
2013-09-08 10:41 - 2013-09-08 10:35 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-09-08 10:35 - 2013-09-08 10:35 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\ProgramData\BlueStacks
2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\Program Files (x86)\BlueStacks

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 00:09

==================== End Of Log ============================
--- --- ---




Und Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by Daniel at 2013-09-30 16:29:01
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
@BIOS (x32 Version: 2.08)
3DMark06 (x32 Version: 1.2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Age of Empire 2 HD (c) Ensemble Studios version 1 (x32 Version: 1)
Agfa ePhoto CL18 Digital Camera Driver (x32)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD AVIVO64 Codecs (Version: 12.4.100.20508)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
AMD Steady Video Plug-In  (Version: 2.04.0000)
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225)
AMD Wireless Display v3.0 (Version: 1.0.0.10)
Audacity 2.0.3 (x32 Version: 2.0.3)
AutoGreen B10.0517.1 (x32 Version: 1.00.0000)
AutoIt v3.3.6.1 (x32)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Battle.net (x32)
BlueStacks App Player (x32 Version: 0.7.17.916)
BlueStacks Notification Center (x32 Version: 0.7.17.916)
Bonjour (x32 Version: 1.0.106)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
CCleaner (Version: 3.20)
Counter-Strike (x32)
Counter-Strike: Condition Zero (x32)
CPUID CPU-Z 1.66.1
Diablo III (x32 Version: 1.0.8.16603)
DivX-Setup (x32 Version: 2.6.1.84)
D-Link AirPlus G+ Wireless Adapter Utility (x32)
D-Link AirPlus G+ Wireless LAN Adapter (x32)
Dropbox (HKCU Version: 2.0.22)
EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKCU Version: 1.5.3.0)
Easy Tune 6 B10.0516.1 (x32 Version: 1.00.0000)
EasySaver B9.1214.1  (x32 Version: 1.00.0000)
ElsterFormular (x32 Version: 14.1.11318)
FIFA 13 (x32 Version: 1.0.0.0)
FIFA 14 (x32 Version: 1.0.0.1)
Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0)
Futuremark SystemInfo (x32 Version: 3.21.2.1)
Gigabyte Raid Configurer (x32 Version: 1.00.0001)
GIMP 2.8.0 (Version: 2.8.0)
Gizmo Central (x32 Version: v2.7.9)
GTR Evolution (x32)
GUILD WARS (x32)
HydraVision (x32 Version: 4.2.236.0)
ICQ7M (x32 Version: 7.8)
ID3-TagIT 3 (x32 Version: 3)
ImgBurn (x32 Version: 2.5.5.0)
IrfanView (remove only) (x32 Version: 4.36)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MAX-FX Tools (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0)
NetSpeedMonitor 2.5.4.0 x64 (Version: 2.5.4.0)
Notepad++ (x32 Version: 5.9)
ON_OFF Charge B10.0427.1 (x32 Version: 1.00.0001)
OpenAL (x32)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Opera 12.16 (x32 Version: 12.16.1860)
Origin (x32 Version: 8.5.0.4515)
PantsOff 2.0 (x32 Version: 2.0)
partypoker (x32)
paw·ned² v1.3 (x32)
PlugY, The Survival Kit (x32 Version: 10.00)
PokerStars (x32)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
Rosetta Stone Version 3 (x32 Version: 3.4.7.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Steam (x32 Version: 1.0.0.0)
StreamTransport version: 1.0.2.2171 (x32)
TeamSpeak 3 Client (HKCU Version: 3.0.12)
TP-LINK TL-WN851ND Driver (x32 Version: 1.00.0000)
TP-LINK Wireless Configuration Utility (x32 Version: 2.01.0012)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Veetle TV 0.9.18 (x32 Version: 0.9.18)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
VLC media player 2.0.7 (x32 Version: 2.0.7)
vShare plugin 1.3 (x32 Version: 1.3)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
WinZip 14.5 (x32 Version: 14.5.9095)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (x32)
Xfire (remove only) (x32)
Xvid Video Codec (x32 Version: 1.3.2)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2011-05-16 17:36 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 uswest.battle.net

==================== Scheduled Tasks (whitelisted) =============

Task: {03EA7BC7-FF87-47C9-B5DE-45DEDEE91191} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {5CB8A854-B90F-41B7-9577-0EDF2A90DCE5} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-31] (Microsoft Corporation)
Task: {6BF5C14B-23B9-4A7F-AC1F-283FF4938807} - System32\Tasks\{3D12AF5E-C8D8-4511-BDAD-DA770A92A9F6} => E:\Max Payne\MaxPayne.exe
Task: {77B4AE45-5C2E-4AA2-A1C7-D7BD52A44108} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {77DFB7E9-7056-4985-82CA-CA8D8D13BC51} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2011-07-08] (Arainia Solutions)
Task: {A939CAD5-3B6E-46E2-8CD8-2BB89B32E21D} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {B54E4261-F783-4B80-B8AB-4532A7928E3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 22:30 - 2013-03-28 22:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-09-30 12:04 - 2013-09-30 09:17 - 02102784 _____ () C:\Program Files\Alwil Software\Avast5\defs\13093000\algo.dll
2013-08-29 14:48 - 2011-08-17 19:38 - 01410048 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2013-08-29 14:48 - 2011-08-17 19:38 - 00167424 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2013-08-29 14:48 - 2011-08-17 19:38 - 00128000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2013-08-29 14:48 - 2011-08-17 19:38 - 00111616 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2013-09-19 19:28 - 2013-09-19 19:28 - 03007384 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-09-19 19:28 - 2013-09-19 19:28 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-09-19 19:28 - 2013-09-19 19:28 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-11-30 15:54 - 2013-09-18 16:02 - 00062976 _____ () E:\Origin\tufao.dll
2013-09-19 19:28 - 2013-09-19 19:28 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-11 16:06 - 2013-09-11 16:06 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2013 04:02:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 11.2.0.81, Zeitstempel: 0x521fe6a1
Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00017378
ID des fehlerhaften Prozesses: 0x1410
Startzeit der fehlerhaften Anwendung: 0xDivX Plus Player.exe0
Pfad der fehlerhaften Anwendung: DivX Plus Player.exe1
Pfad des fehlerhaften Moduls: DivX Plus Player.exe2
Berichtskennung: DivX Plus Player.exe3

Error: (09/14/2013 10:29:18 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/12/2013 10:29:12 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b84

Startzeit: 01ceafe0b252273e

Endzeit: 30

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID:

Error: (09/11/2013 10:58:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: pprekop.exe, Version: 4.2.0.172, Zeitstempel: 0xole32.dll
Name des fehlerhaften Moduls: 5.1.2600.2182, Version: 10017bed, Zeitstempel: 0x%6
Ausnahmecode: 0x%7
Fehleroffset: 0x%8
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xpprekop.exe0
Pfad der fehlerhaften Anwendung: pprekop.exe1
Pfad des fehlerhaften Moduls: pprekop.exe2
Berichtskennung: pprekop.exe3

Error: (09/01/2013 08:36:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_FontCache, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b8479b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000009e5d
ID des fehlerhaften Prozesses: 0x404
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_FontCache0
Pfad der fehlerhaften Anwendung: svchost.exe_FontCache1
Pfad des fehlerhaften Moduls: svchost.exe_FontCache2
Berichtskennung: svchost.exe_FontCache3

Error: (09/01/2013 08:03:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc1d5
Name des fehlerhaften Moduls: mozalloc.dll, Version: 23.0.1.4974, Zeitstempel: 0x520ba12c
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001988
ID des fehlerhaften Prozesses: 0x1e94
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/26/2013 10:02:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Dropbox.exe, Version: 2.0.22.0, Zeitstempel: 0x515f37bb
Name des fehlerhaften Moduls: libcef.dll, Version: 1.1364.1123.0, Zeitstempel: 0x513530d7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005fd4a
ID des fehlerhaften Prozesses: 0x1260
Startzeit der fehlerhaften Anwendung: 0xDropbox.exe0
Pfad der fehlerhaften Anwendung: Dropbox.exe1
Pfad des fehlerhaften Moduls: Dropbox.exe2
Berichtskennung: Dropbox.exe3

Error: (08/09/2013 10:39:37 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fc0

Startzeit: 01ce94dbe3fe8a8e

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 37410225-00cf-11e3-ba1e-1c6f6546542d

Error: (07/28/2013 09:04:21 PM) (Source: Application Hang) (User: )
Description: Programm fifa13.exe, Version 1.8.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10c0

Startzeit: 01ce8bb1e57db72b

Endzeit: 133

Anwendungspfad: E:\FIFA 12\FIFA 13\Game\fifa13.exe

Berichts-ID:

Error: (07/18/2013 09:11:58 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b2c

Startzeit: 01ce83c2cabc4786

Endzeit: 43

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: e47a4ad5-efdd-11e2-950c-1c6f6546542d


System errors:
=============
Error: (09/30/2013 04:16:32 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/30/2013 09:05:58 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/30/2013 08:02:44 AM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa800adbd2d0, 0xfffff8800456ecf0, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP093013-27534-01

Error: (09/30/2013 08:02:29 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎30.‎09.‎2013 um 00:22:59 unerwartet heruntergefahren.

Error: (09/29/2013 01:46:33 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎29.‎09.‎2013 um 13:45:12 unerwartet heruntergefahren.

Error: (09/29/2013 10:57:35 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/28/2013 07:12:05 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/27/2013 04:44:14 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (09/26/2013 08:07:27 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/25/2013 02:13:42 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (01/25/2012 05:01:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 400 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (01/25/2012 04:54:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3626 seconds with 3060 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8189.55 MB
Available physical RAM: 5710.39 MB
Total Pagefile: 16377.29 MB
Available Pagefile: 13696.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:3.22 GB) NTFS
Drive d: (FIFA 14) (CDROM) (Total:7.47 GB) (Free:0 GB) UDF
Drive e: (Backup) (Fixed) (Total:596.17 GB) (Free:466.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: CAC8E1ED)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: E97DAECD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 01.10.2013 07:55
Schon mal ne andere Maus versucht?

GorillazZz 01.10.2013 08:20
Zitat:
Zitat von schrauber (Beitrag 1166506)
Schon mal ne andere Maus versucht?
Ja, natürlich... geändert hat es sich damit leider nicht.

schrauber 01.10.2013 18:41
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

GorillazZz 01.10.2013 19:31
Ok, ich habe Combofix heruntergeladen, die Internetverbindung getrennt und Avast deaktiviert. Danach habe ich Combofix durchlaufen lassen, von alleine hat er keinen Neustart erfordert, hab den aber trotzdem durchgeführt. Eine Fehlermeldung oder so kam nach dem Neustart nicht. Avast ist jetzt natürlich wieder aktiv.

Hier der Log:

Code:
ComboFix 13-10-01.03 - Daniel 01.10.2013  20:20:41.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8190.4730 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\Install.exe
c:\program files (x86)\StartSearch plugin
c:\program files (x86)\StartSearch plugin\IEhelperActiveX.dll
c:\program files (x86)\StartSearch plugin\uninst.exe
c:\program files (x86)\StartSearch plugin\vShareBar.dll
c:\program files (x86)\StartSearch plugin\vshareplg.crx
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-01 bis 2013-10-01  ))))))))))))))))))))))))))))))
.
.
2013-10-01 18:24 . 2013-10-01 18:24        --------        d-----w-        c:\users\DJ\AppData\Local\temp
2013-10-01 18:24 . 2013-10-01 18:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-10-01 12:50 . 2013-10-01 12:50        --------        d-----w-        c:\programdata\ATI
2013-10-01 12:50 . 2013-10-01 12:50        --------        d-----w-        c:\program files (x86)\AMD AVT
2013-10-01 12:49 . 2013-10-01 12:49        --------        d-----w-        c:\windows\LastGood
2013-10-01 12:46 . 2013-10-01 12:48        --------        d-----w-        c:\programdata\Package Cache
2013-10-01 12:37 . 2013-10-01 12:37        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFFE69A0-4338-44C1-8FC1-C0D7210AD694}\offreg.dll
2013-10-01 06:01 . 2013-09-05 05:32        9694160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFFE69A0-4338-44C1-8FC1-C0D7210AD694}\mpengine.dll
2013-09-30 14:28 . 2013-09-30 14:28        --------        d-----w-        C:\FRST
2013-09-20 09:03 . 2013-09-20 09:03        312744        ----a-w-        c:\windows\system32\javaws.exe
2013-09-20 09:03 . 2013-09-20 09:03        189352        ----a-w-        c:\windows\system32\javaw.exe
2013-09-20 09:03 . 2013-09-20 09:03        189352        ----a-w-        c:\windows\system32\java.exe
2013-09-20 09:03 . 2013-09-20 09:03        108968        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2013-09-20 09:03 . 2013-09-20 09:03        --------        d-----w-        c:\program files\Java
2013-09-20 05:54 . 2013-09-20 05:54        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-09-20 05:54 . 2013-09-20 09:03        --------        d-----w-        c:\programdata\Oracle
2013-09-20 05:54 . 2013-09-20 05:54        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-20 05:54 . 2013-09-20 05:54        --------        d-----w-        c:\program files (x86)\Java
2013-09-19 17:28 . 2013-09-19 17:39        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-09-11 20:58 . 2013-09-11 20:58        --------        d-----w-        c:\users\Daniel\AppData\Roaming\cef-cache
2013-09-11 20:57 . 2013-09-11 20:57        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Party
2013-09-11 20:57 . 2013-09-11 20:57        --------        d-----w-        C:\Programs
2013-09-11 07:43 . 2013-07-26 02:24        14172672        ----a-w-        c:\windows\system32\shell32.dll
2013-09-08 08:35 . 2013-09-08 08:35        --------        d-----w-        c:\program files (x86)\BlueStacks
2013-09-08 08:35 . 2013-09-08 08:35        --------        d-----w-        c:\programdata\BlueStacks
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 15:27 . 2010-10-22 18:34        25640        ----a-w-        c:\windows\etdrv.sys
2013-09-27 11:21 . 2010-10-22 17:04        30528        ----a-w-        c:\windows\GVTDrv64.sys
2013-09-27 11:20 . 2010-10-22 17:03        25640        ----a-w-        c:\windows\gdrv.sys
2013-09-20 16:06 . 2012-04-02 21:13        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 16:06 . 2011-05-19 08:18        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 09:03 . 2013-03-05 04:07        1095080        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-09-20 09:03 . 2012-02-20 08:19        973736        ----a-w-        c:\windows\system32\deployJava1.dll
2013-09-20 05:54 . 2012-06-14 18:54        868264        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-09-20 05:54 . 2012-01-01 14:40        790440        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-09-11 07:47 . 2010-10-22 17:30        79143768        ----a-w-        c:\windows\system32\MRT.exe
2013-08-31 00:14 . 2013-08-31 00:14        78432        ----a-w-        c:\windows\system32\atimpc64.dll
2013-08-31 00:14 . 2013-08-31 00:14        78432        ----a-w-        c:\windows\system32\amdpcom64.dll
2013-08-31 00:14 . 2013-08-31 00:14        71704        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2013-08-31 00:14 . 2013-08-31 00:14        71704        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2013-08-31 00:14 . 2013-08-31 00:14        125824        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2013-08-31 00:14 . 2011-12-06 02:11        142792        ----a-w-        c:\windows\system32\atiuxp64.dll
2013-08-31 00:13 . 2013-08-31 00:13        114488        ----a-w-        c:\windows\system32\atiu9p64.dll
2013-08-31 00:13 . 2012-09-28 01:10        97984        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2013-08-31 00:13 . 2011-12-06 03:16        1233080        ----a-w-        c:\windows\system32\aticfx64.dll
2013-08-31 00:13 . 2013-08-31 00:13        1027544        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2013-08-31 00:13 . 2011-12-06 02:51        9464840        ----a-w-        c:\windows\system32\atidxx64.dll
2013-08-31 00:13 . 2013-08-31 00:13        8215992        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2013-08-31 00:13 . 2013-08-31 00:13        6176008        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2013-08-31 00:13 . 2013-08-31 00:13        6189416        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2013-08-31 00:13 . 2013-08-31 00:13        6767240        ----a-w-        c:\windows\system32\atiumd6a.dll
2013-08-31 00:13 . 2013-08-31 00:13        7256496        ----a-w-        c:\windows\system32\atiumd64.dll
2013-08-31 00:11 . 2013-08-31 00:11        12528640        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2013-08-30 23:48 . 2013-08-30 23:48        127488        ----a-w-        c:\windows\system32\coinst_13.152.dll
2013-08-30 23:48 . 2013-08-30 23:48        229376        ----a-w-        c:\windows\system32\clinfo.exe
2013-08-30 23:47 . 2013-08-30 23:47        98816        ----a-w-        c:\windows\system32\OpenVideo64.dll
2013-08-30 23:47 . 2013-08-30 23:47        83456        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2013-08-30 23:47 . 2013-08-30 23:47        86528        ----a-w-        c:\windows\system32\OVDecode64.dll
2013-08-30 23:47 . 2013-08-30 23:47        73216        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2013-08-30 23:47 . 2013-08-30 23:47        28192256        ----a-w-        c:\windows\system32\amdocl64.dll
2013-08-30 23:45 . 2013-08-30 23:45        23760896        ----a-w-        c:\windows\SysWow64\amdocl.dll
2013-08-30 23:43 . 2013-08-30 23:43        63488        ----a-w-        c:\windows\system32\OpenCL.dll
2013-08-30 23:43 . 2013-08-30 23:43        57344        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2013-08-30 23:35 . 2013-08-30 23:35        25387520        ----a-w-        c:\windows\system32\atio6axx.dll
2013-08-30 23:18 . 2013-08-30 23:18        368640        ----a-w-        c:\windows\system32\atiapfxx.exe
2013-08-30 23:18 . 2013-08-30 23:18        62464        ----a-w-        c:\windows\system32\aticalrt64.dll
2013-08-30 23:18 . 2013-08-30 23:18        52224        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2013-08-30 23:18 . 2013-08-30 23:18        55808        ----a-w-        c:\windows\system32\aticalcl64.dll
2013-08-30 23:18 . 2013-08-30 23:18        49152        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2013-08-30 23:17 . 2013-08-30 23:17        15716352        ----a-w-        c:\windows\system32\aticaldd64.dll
2013-08-30 23:14 . 2013-08-30 23:14        14302208        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2013-08-30 23:13 . 2013-08-30 23:13        21400064        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2013-08-30 22:59 . 2013-08-30 22:59        442368        ----a-w-        c:\windows\system32\atidemgy.dll
2013-08-30 22:58 . 2013-08-30 22:58        26112        ----a-w-        c:\windows\system32\atimuixx.dll
2013-08-30 22:58 . 2013-08-30 22:58        571904        ----a-w-        c:\windows\system32\atieclxx.exe
2013-08-30 22:57 . 2013-08-30 22:57        239616        ----a-w-        c:\windows\system32\atiesrxx.exe
2013-08-30 22:56 . 2013-08-30 22:56        190976        ----a-w-        c:\windows\system32\atitmm64.dll
2013-08-30 22:33 . 2013-08-30 22:33        784384        ----a-w-        c:\windows\system32\atiadlxx.dll
2013-08-30 22:33 . 2013-08-30 22:33        594944        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2013-08-30 22:33 . 2013-08-30 22:33        43520        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2013-08-30 22:32 . 2013-08-30 22:32        75264        ----a-w-        c:\windows\system32\atig6pxx.dll
2013-08-30 22:32 . 2013-08-30 22:32        69632        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32        69632        ----a-w-        c:\windows\system32\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32        100352        ----a-w-        c:\windows\system32\atig6txx.dll
2013-08-30 22:32 . 2013-08-30 22:32        96768        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2013-08-30 22:32 . 2013-08-30 22:32        618496        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2013-08-30 17:58 . 2013-08-30 17:58        51200        ----a-w-        c:\windows\system32\kdbsdk64.dll
2013-08-30 17:53 . 2013-08-30 17:53        38912        ----a-w-        c:\windows\SysWow64\kdbsdk32.dll
2013-08-30 07:48 . 2013-03-04 13:11        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-03-04 13:11        204880        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-02-25 16:59        72016        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2011-04-15 12:29        1030952        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2010-10-22 17:56        378944        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2010-10-22 17:56        64288        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2010-10-22 17:56        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2010-10-22 17:56        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2010-10-22 17:56        41664        ----a-w-        c:\windows\avastSS.scr
2013-08-30 07:47 . 2011-01-15 06:30        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-08-26 09:13 . 2013-08-26 09:13        354656        ----a-w-        c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-08-07 22:54 . 2013-08-07 22:54        94208        ----a-w-        c:\windows\SysWow64\dpl100.dll
2013-08-07 02:22 . 2010-10-22 17:40        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-11 07:43        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 12:37        1888768        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 12:37        1620992        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 12:37        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 12:37        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 12:37        224256        ----a-w-        c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 12:37        1217024        ----a-w-        c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 12:37        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 12:37        1472512        ----a-w-        c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 12:37        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 12:37        663552        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 12:37        175104        ----a-w-        c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 12:37        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 12:37        1166848        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 12:37        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 12:37        1910208        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-07-05 08:40 . 2013-07-05 08:40        96256        ----a-w-        c:\windows\system32\drivers\AtihdW76.sys
2013-07-05 08:40 . 2013-07-05 08:40        110080        ----a-w-        c:\windows\system32\DelayAPO.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-05-08 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-8-29 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpuz130;cpuz130;c:\users\Daniel\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Daniel\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
R4 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47        133840        ----a-w-        c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\
FF - prefs.js: network.proxy.http - 84.73.125.222
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d869ed310000000000001c6f6546542d
FF - user.js: extensions.BabylonToolbar_i.hardId - d869ed310000000000001c6f6546542d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15390
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:21
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-vShare plugin - c:\program files (x86)\StartSearch plugin\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-01  20:26:14
ComboFix-quarantined-files.txt  2013-10-01 18:26
.
Vor Suchlauf: 2.525.573.120 Bytes frei
Nach Suchlauf: 2.622.021.632 Bytes frei
.
- - End Of File - - 1E0AEFD3CBC47B88ECAC1EFF4F4A2137
A36C5E4F47E84449FF07ED3517B43A31

schrauber 02.10.2013 07:16
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

GorillazZz 02.10.2013 08:20
Malwarebytes Anti-Malware-Log (Quickscan):

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Daniel :: MD-PET [Administrator]

02.10.2013 08:46:36
mbam-log-2013-10-02 (08-46-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232416
Laufzeit: 1 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner-Log (Teil 1):

Code:
# AdwCleaner v3.006 - Bericht erstellt am 02/10/2013 um 08:50:52
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Daniel - MD-PET
# Gestartet von : C:\Users\Daniel\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gefunden : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\user.js
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\Users\Daniel\AppData\Local\Babylon
Ordner Gefunden C:\Users\Daniel\AppData\LocalLow\boost_interprocess
Ordner Gefunden C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\jetpack

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\vShare.tv
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\StartSearch
Schlüssel Gefunden : [x64] HKCU\Software\vShare.tv
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\prefs.js ]

Zeile gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "d869ed310000000000001c6f6546542d");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.id", "d869ed310000000000001c6f6546542d");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15390");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:21:00");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Zeile gefunden : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3,firefox@tvunetworks.com:2,5,3,1,vshare@toolbar:1.0.0,{73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9,{b749fc7c-e949-44[...]
Zeile gefunden : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gefunden : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gefunden : user_pref("vshare.install.date", "1313842828");
Zeile gefunden : user_pref("vshare.install.finished", "1.0.0");
Zeile gefunden : user_pref("vshare.install.fresh", "false");
Zeile gefunden : user_pref("vshare.install.guid", "{18657c25-f5f7-42bf-8ba1-aeac6e2f8670}");
Zeile gefunden : user_pref("vshare.install.newtab", false);

[ Datei : C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\1rf1u4lq.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6602 octets] - [02/10/2013 08:50:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6662 octets] ##########
AdwCleaner-Log (Teil 2):

Code:
# AdwCleaner v3.006 - Bericht erstellt am 02/10/2013 um 08:52:22
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Daniel - MD-PET
# Gestartet von : C:\Users\Daniel\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Daniel\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Daniel\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\jetpack
Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\foxydeal.sqlite
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKLM\Software\Babylon

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "d869ed310000000000001c6f6546542d");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "d869ed310000000000001c6f6546542d");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15390");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:21:00");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3,firefox@tvunetworks.com:2,5,3,1,vshare@toolbar:1.0.0,{73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9,{b749fc7c-e949-44[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("vshare.install.date", "1313842828");
Zeile gelöscht : user_pref("vshare.install.finished", "1.0.0");
Zeile gelöscht : user_pref("vshare.install.fresh", "false");
Zeile gelöscht : user_pref("vshare.install.guid", "{18657c25-f5f7-42bf-8ba1-aeac6e2f8670}");
Zeile gelöscht : user_pref("vshare.install.newtab", false);

[ Datei : C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\1rf1u4lq.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6766 octets] - [02/10/2013 08:50:52]
AdwCleaner[S0].txt - [6527 octets] - [02/10/2013 08:52:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6587 octets] ##########
Junkware Removal Tool-Log (ohne Avast und Internetverbindung gestartet):

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on 02.10.2013 at  9:02:27,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\437epjhp.default\prefs.js

user_pref("extensions.geolocater.localhost", "{\"tayjvx9j\":{\"name\":\"25746 Lohe-Rickelshof\",\"coords\":{\"longitude\":9.0642659999998,\"latitude\":54.18666,\"accuracy\":10
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\437epjhp.default\minidumps [226 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.10.2013 at  9:06:44,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und abschließend der FRST-Log:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Daniel (administrator) on MD-PET on 02-10-2013 09:11:49
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-05-08] (AMD)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBDF9AC662F12CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default
FF NetworkProxy: "http", "84.73.125.222"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Daniel\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Daniel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Geolocater - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\geolocater@3liz.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: firefox - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\437epjhp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
S4 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S4 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2011-07-08] (Arainia Solutions)
S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()

==================== Drivers (Whitelisted) ====================

S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-27] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-09-27] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-09-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\C:\Users\Daniel\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 odysseyIM3; \??\C:\Windows\system32\DRIVERS\odysseyIM3.sys [x]
S3 PCANDIS5; \??\C:\Windows\system32\PCANDIS5.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 09:11 - 2013-10-02 09:11 - 01953880 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-02 09:06 - 2013-10-02 09:06 - 00001582 _____ C:\Users\Daniel\Desktop\JRT.txt
2013-10-02 09:02 - 2013-10-02 09:02 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 09:01 - 2013-10-02 09:01 - 01030305 _____ (Thisisu) C:\Users\Daniel\Downloads\JRT.exe
2013-10-02 08:50 - 2013-10-02 08:52 - 00000000 ____D C:\AdwCleaner
2013-10-02 08:45 - 2013-10-02 08:45 - 01045226 _____ C:\Users\Daniel\Downloads\adwcleaner.exe
2013-10-01 20:26 - 2013-10-01 20:26 - 00026714 _____ C:\ComboFix.txt
2013-10-01 20:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-01 20:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-01 20:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-01 20:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-01 20:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-01 20:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-01 20:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-01 20:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-01 20:15 - 2013-10-01 20:26 - 00000000 ____D C:\Qoobox
2013-10-01 20:15 - 2013-10-01 20:24 - 00000000 ____D C:\Windows\erdnt
2013-10-01 20:14 - 2013-10-01 20:14 - 05132885 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 ____D C:\ProgramData\ATI
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-10-01 14:49 - 2013-10-01 14:49 - 00060993 _____ C:\Windows\SysWOW64\CCCInstall_201310011449582792.log
2013-10-01 14:47 - 2013-10-02 08:15 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-01 14:46 - 2013-10-01 14:48 - 00000000 ____D C:\ProgramData\Package Cache
2013-09-30 16:28 - 2013-09-30 16:28 - 00000000 ____D C:\FRST
2013-09-30 08:02 - 2013-09-30 08:02 - 00979896 _____ C:\Windows\Minidump\093013-27534-01.dmp
2013-09-27 12:57 - 2013-09-27 12:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Daniel\Desktop\HiJackThis204.exe
2013-09-27 08:57 - 2013-09-27 08:57 - 00000000 ____D C:\Windows\pss
2013-09-26 11:18 - 2013-10-01 23:41 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 14
2013-09-26 11:11 - 2013-09-26 11:12 - 00000734 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-09-26 11:10 - 2013-09-26 11:11 - 00018511 _____ C:\Windows\DirectX.log
2013-09-23 17:33 - 2013-09-23 17:33 - 00015766 _____ C:\Users\Daniel\Desktop\Studienplan.xlsx
2013-09-23 12:34 - 2013-09-23 12:34 - 00000000 ____D C:\Users\Daniel\Downloads\BoSa
2013-09-21 13:52 - 2013-10-02 09:08 - 00003049 _____ C:\Windows\setupact.log
2013-09-21 13:52 - 2013-10-01 20:28 - 00139000 _____ C:\Windows\PFRO.log
2013-09-21 13:52 - 2013-09-21 13:52 - 00000000 _____ C:\Windows\setuperr.log
2013-09-20 11:03 - 2013-09-20 11:03 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-20 11:03 - 2013-09-20 11:03 - 00000000 ____D C:\Program Files\Java
2013-09-20 07:54 - 2013-09-20 11:03 - 00000000 ____D C:\ProgramData\Oracle
2013-09-20 07:54 - 2013-09-20 07:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-20 07:54 - 2013-09-20 07:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-19 19:28 - 2013-09-19 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-19 19:28 - 2013-09-19 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-11 22:58 - 2013-09-11 22:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\cef-cache
2013-09-11 22:57 - 2013-09-26 23:13 - 00001527 _____ C:\Users\Daniel\Desktop\partypoker.lnk
2013-09-11 22:57 - 2013-09-11 22:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Party
2013-09-11 09:48 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 09:48 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 09:48 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 09:48 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 09:48 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 09:48 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 09:48 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 09:48 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 09:48 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 09:48 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 09:48 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 09:48 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 09:48 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 09:48 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 09:43 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:43 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:43 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:43 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:43 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:43 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:43 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:43 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:43 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:43 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:43 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:43 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:43 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:43 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:43 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:43 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:43 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:43 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:43 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:43 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:43 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:43 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:43 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:43 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:43 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:43 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:43 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 23:45 - 2013-09-10 23:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-10 10:59 - 2013-09-10 10:59 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 14 Demo
2013-09-08 10:35 - 2013-09-08 10:41 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-09-08 10:35 - 2013-09-08 10:35 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\ProgramData\BlueStacks
2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\Program Files (x86)\BlueStacks

==================== One Month Modified Files and Folders =======

2013-10-02 09:11 - 2013-10-02 09:11 - 01953880 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-02 09:11 - 2013-05-04 08:22 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\NetSpeedMonitor
2013-10-02 09:08 - 2013-09-21 13:52 - 00003049 _____ C:\Windows\setupact.log
2013-10-02 09:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 09:07 - 2010-10-23 00:30 - 01150036 _____ C:\Windows\WindowsUpdate.log
2013-10-02 09:06 - 2013-10-02 09:06 - 00001582 _____ C:\Users\Daniel\Desktop\JRT.txt
2013-10-02 09:06 - 2013-05-18 10:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 09:02 - 2013-10-02 09:02 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 09:01 - 2013-10-02 09:01 - 01030305 _____ (Thisisu) C:\Users\Daniel\Downloads\JRT.exe
2013-10-02 09:00 - 2009-07-14 19:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2013-10-02 09:00 - 2009-07-14 19:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2013-10-02 09:00 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-02 09:00 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 09:00 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 08:52 - 2013-10-02 08:50 - 00000000 ____D C:\AdwCleaner
2013-10-02 08:45 - 2013-10-02 08:45 - 01045226 _____ C:\Users\Daniel\Downloads\adwcleaner.exe
2013-10-02 08:15 - 2013-10-01 14:47 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-02 08:02 - 2012-07-05 12:03 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-01 23:41 - 2013-09-26 11:18 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 14
2013-10-01 20:28 - 2013-09-21 13:52 - 00139000 _____ C:\Windows\PFRO.log
2013-10-01 20:26 - 2013-10-01 20:26 - 00026714 _____ C:\ComboFix.txt
2013-10-01 20:26 - 2013-10-01 20:15 - 00000000 ____D C:\Qoobox
2013-10-01 20:24 - 2013-10-01 20:15 - 00000000 ____D C:\Windows\erdnt
2013-10-01 20:24 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-01 20:14 - 2013-10-01 20:14 - 05132885 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 ____D C:\ProgramData\ATI
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-10-01 14:50 - 2012-01-28 10:28 - 00000000 ____D C:\ProgramData\AMD
2013-10-01 14:49 - 2013-10-01 14:49 - 00060993 _____ C:\Windows\SysWOW64\CCCInstall_201310011449582792.log
2013-10-01 14:49 - 2012-01-28 10:40 - 00000000 ____D C:\Program Files\ATI Technologies
2013-10-01 14:48 - 2013-10-01 14:46 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-01 09:21 - 2010-10-30 01:38 - 00007599 _____ C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2013-09-30 22:16 - 2011-01-13 18:29 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-09-30 22:07 - 2010-10-23 10:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TS3Client
2013-09-30 21:36 - 2010-10-22 20:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ICQ
2013-09-30 16:28 - 2013-09-30 16:28 - 00000000 ____D C:\FRST
2013-09-30 08:02 - 2013-09-30 08:02 - 00979896 _____ C:\Windows\Minidump\093013-27534-01.dmp
2013-09-30 08:02 - 2011-02-15 22:59 - 00000000 ____D C:\Windows\Minidump
2013-09-27 18:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-27 17:27 - 2010-10-22 20:34 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
2013-09-27 16:56 - 2010-11-24 22:55 - 00000322 _____ C:\Users\Daniel\Desktop\Neues Textdokument.txt
2013-09-27 16:24 - 2013-01-22 10:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2013-09-27 16:01 - 2011-07-10 19:16 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-09-27 16:00 - 2011-07-08 21:52 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-27 13:21 - 2010-10-22 19:04 - 00030528 _____ C:\Windows\GVTDrv64.sys
2013-09-27 13:20 - 2010-10-22 19:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-27 13:19 - 2010-10-22 18:58 - 00000236 _____ C:\service.log
2013-09-27 12:56 - 2013-09-27 12:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Daniel\Desktop\HiJackThis204.exe
2013-09-27 08:57 - 2013-09-27 08:57 - 00000000 ____D C:\Windows\pss
2013-09-26 23:13 - 2013-09-11 22:57 - 00001527 _____ C:\Users\Daniel\Desktop\partypoker.lnk
2013-09-26 22:40 - 2010-10-22 19:38 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-26 11:12 - 2013-09-26 11:11 - 00000734 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2013-09-26 11:11 - 2013-09-26 11:10 - 00018511 _____ C:\Windows\DirectX.log
2013-09-23 17:33 - 2013-09-23 17:33 - 00015766 _____ C:\Users\Daniel\Desktop\Studienplan.xlsx
2013-09-23 12:34 - 2013-09-23 12:34 - 00000000 ____D C:\Users\Daniel\Downloads\BoSa
2013-09-21 13:52 - 2013-09-21 13:52 - 00000000 _____ C:\Windows\setuperr.log
2013-09-21 12:24 - 2010-10-22 18:33 - 00000000 ____D C:\Users\Daniel\AppData\Local\Microsoft Games
2013-09-21 12:21 - 2010-10-22 19:34 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-21 11:23 - 2010-10-23 01:23 - 00000000 ____D C:\Windows\Panther
2013-09-21 10:07 - 2012-05-04 05:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-20 18:06 - 2013-05-18 10:59 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 18:06 - 2012-04-02 23:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 18:06 - 2011-05-19 10:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 11:03 - 2013-09-20 11:03 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-20 11:03 - 2013-09-20 11:03 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-20 11:03 - 2013-09-20 11:03 - 00000000 ____D C:\Program Files\Java
2013-09-20 11:03 - 2013-09-20 07:54 - 00000000 ____D C:\ProgramData\Oracle
2013-09-20 11:03 - 2013-03-05 06:07 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-09-20 11:03 - 2012-02-20 10:19 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-20 11:03 - 2010-12-27 12:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-20 11:03 - 2010-12-27 12:58 - 00000000 ____D C:\Program Files\WinRAR
2013-09-20 07:54 - 2013-09-20 07:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-20 07:54 - 2013-09-20 07:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-20 07:54 - 2013-09-20 07:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-20 07:54 - 2012-06-14 20:54 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-20 07:54 - 2012-01-01 16:40 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-20 07:40 - 2010-10-22 19:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Mozilla
2013-09-19 19:39 - 2013-09-19 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-19 19:28 - 2013-09-19 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 15:58 - 2012-10-19 12:16 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-09-16 22:12 - 2012-09-11 14:47 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 13
2013-09-14 11:21 - 2013-06-16 13:39 - 00000000 ____D C:\Windows\rescache
2013-09-12 21:09 - 2013-08-29 14:47 - 00000000 ____D C:\ProgramData\TP-LINK
2013-09-12 20:24 - 2011-06-16 00:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 08:47 - 2011-04-21 21:42 - 00000000 ____D C:\ProgramData\DivX
2013-09-12 08:47 - 2011-04-21 21:42 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-11 22:58 - 2013-09-11 22:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\cef-cache
2013-09-11 22:57 - 2013-09-11 22:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Party
2013-09-11 20:32 - 2010-10-22 18:33 - 00000000 ___RD C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 20:32 - 2010-10-22 18:33 - 00000000 ___RD C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 20:32 - 2009-07-14 06:45 - 00449976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 20:17 - 2010-10-23 10:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\TeamSpeak 3 Client
2013-09-11 09:48 - 2013-07-11 07:39 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 09:47 - 2010-10-22 19:30 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 23:50 - 2010-10-23 12:15 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe
2013-09-10 23:45 - 2013-09-10 23:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-10 23:45 - 2010-10-23 12:15 - 00000000 ____D C:\ProgramData\Adobe
2013-09-10 10:59 - 2013-09-10 10:59 - 00000000 ____D C:\Users\Daniel\Documents\FIFA 14 Demo
2013-09-10 08:21 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-08 10:53 - 2013-07-29 17:53 - 00000064 _____ C:\Users\Daniel\Desktop\bic02.txt
2013-09-08 10:41 - 2013-09-08 10:35 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-09-08 10:35 - 2013-09-08 10:35 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\ProgramData\BlueStacks
2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\Program Files (x86)\BlueStacks

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 00:09

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 02.10.2013 19:36

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131