Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   alle Antiviren Syteme aus und alles ist extrem langsam (https://www.trojaner-board.de/145013-alle-antiviren-syteme-alles-extrem-langsam.html)

adan407 22.11.2013 15:32
alle Antiviren Syteme aus und alles ist extrem langsam
 
Hey TB Community,
erneut habe ich ein Problem mit meinem PC.
Zur Zeit weiß ich echt nicht was ich tun soll.
Ich zähle mal die Symptome auf:
-Der Pc startet extrem langsam ca. 5min im Willkommenscreen (Win7)
-Auch sonst extrem langsam
-Firefox freezt alle paar Sek.
-Es lassen sich sich keine Programme die ein administratives Ok brauchen
straten (z.B. Faber Security Scan oder Avast Security)
-Alle Antiviren Systeme sind aus (z.B. Windows Defender)

Das ist alles was mir bis jetzt aufgefallen ist.
Ich hoffe ihr könnt mir schonmal einen ersten Tipp geben.

MfG Adan

schrauber 22.11.2013 16:03
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


adan407 22.11.2013 16:23
Wie schon gesagt Programme die man als Admin ausführen muss. Kann ich nicht benutzten also auch Kein FRST

schrauber 23.11.2013 07:41
Dann von aussen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


adan407 23.11.2013 12:56

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013
Ran by SYSTEM on MININT-FBCPOCP on 23-11-2013 12:50:28
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\Curdt Marcus\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKU\Curdt Marcus\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3561816 2013-10-18] (Electronic Arts)
HKU\Curdt Marcus\...\Run: [AdobeBridge] - [x]
HKU\Curdt Marcus\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Curdt Marcus\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_IATIINE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\Curdt Marcus\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
HKU\Curdt Marcus\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\Curdt Marcus\...\Run: [iDevice Manager Launcher] - "C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDMLauncher.exe" /run
HKU\Curdt Marcus\...\Run: [AppsHat] - C:\Users\Curdt Marcus\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
Startup: C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-27] ()
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [653888 2013-10-03] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-31] ()
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-31] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-31] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-31] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [446976 2009-11-05] (Realtek Semiconductor Corporation                          )
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-23 12:50 - 2013-11-23 12:50 - 00000000 ____D C:\FRST
2013-11-22 15:11 - 2013-11-22 15:11 - 01957998 _____ (Farbar) C:\Users\Curdt Marcus\Downloads\FRST64.exe
2013-11-17 20:00 - 2013-11-17 21:05 - 00018180 _____ C:\Users\Curdt Marcus\Desktop\Bewerbung-1.sxw
2013-11-17 19:59 - 2013-11-17 19:59 - 00015932 _____ C:\Users\Curdt Marcus\Desktop\Lebenslauf-1.sxw
2013-11-17 01:41 - 2013-11-17 01:41 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\{2CB6E52B-A392-467A-914D-E9968946CAFF}
2013-11-16 10:31 - 2013-11-16 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-10 14:03 - 2013-11-10 14:03 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Blizzard Entertainment
2013-11-10 13:16 - 2013-11-16 12:02 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-11-10 13:16 - 2013-11-10 13:16 - 00001256 _____ C:\Users\Public\Desktop\Wetin3.lnk
2013-11-10 13:02 - 2013-11-10 13:09 - 83293072 _____ (Blizzard Entertainment) C:\Users\Curdt Marcus\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-11-10 11:43 - 2013-11-10 11:43 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Minibar
2013-11-10 11:43 - 2013-11-10 11:43 - 00000000 ____D C:\Program Files (x86)\Minibar
2013-11-10 11:39 - 2013-11-10 11:43 - 00000009 _____ C:\END
2013-11-10 11:39 - 2013-11-10 11:39 - 00239064 _____ C:\Users\Curdt Marcus\Downloads\MCPatcherPro_downloader-afQyrH7m.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00003288 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2013-11-10 11:39 - 2013-11-10 11:39 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\FilesFrog Update Checker
2013-11-10 11:23 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-11-09 16:14 - 2013-11-10 13:24 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.technic
2013-11-09 16:10 - 2013-11-10 11:45 - 02300919 _____ () C:\Users\Curdt Marcus\Desktop\TechnicLauncher.exe
2013-11-07 16:17 - 2013-11-07 16:17 - 01970848 _____ C:\Users\Curdt Marcus\Downloads\winrar-x64-500.exe
2013-11-07 16:14 - 2013-11-07 16:14 - 01609146 _____ C:\Users\Curdt Marcus\Downloads\wrar420d.exe
2013-11-07 16:14 - 2013-11-07 16:14 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-11-07 16:07 - 2013-11-07 16:08 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Curdt Marcus\Downloads\AdobeAIRInstaller.exe
2013-10-31 12:20 - 2013-10-31 12:20 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-10-28 18:00 - 2013-10-29 22:02 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-10-28 18:00 - 2013-10-28 18:00 - 00001400 _____ C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-10-28 17:59 - 2013-10-28 17:59 - 28382568 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367.exe
2013-10-28 17:59 - 2013-10-28 17:59 - 03174799 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367(1).exe.part
2013-10-27 21:33 - 2013-10-27 21:48 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\RIFT
2013-10-27 14:29 - 2013-10-27 14:29 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Guild Wars 2
2013-10-27 11:00 - 2013-10-27 11:00 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\ArmA 2
2013-10-26 17:27 - 2013-10-26 17:27 - 02945024 _____ C:\Users\Curdt Marcus\Downloads\Dotjosh.DayZCommander.Installer(1).msi
2013-10-26 17:01 - 2013-10-26 17:01 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\FreeFLVConverter
2013-10-26 17:01 - 2013-07-01 10:53 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-10-26 17:01 - 2011-09-28 09:18 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2013-10-26 17:01 - 2011-09-28 09:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-10-26 17:01 - 2011-09-28 09:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-10-26 17:01 - 2011-09-28 09:18 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2013-10-26 17:01 - 2011-09-28 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-10-26 17:01 - 2011-09-28 09:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-10-26 17:01 - 2011-09-28 09:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-10-26 17:01 - 2011-09-28 09:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-10-26 17:01 - 2011-09-28 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-10-26 17:01 - 2011-09-28 09:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-10-26 17:01 - 2011-09-28 09:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-10-26 16:58 - 2013-10-26 17:01 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-10-26 16:57 - 2013-10-26 16:58 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Curdt Marcus\Downloads\FreeFLVConverter75Setup.exe
2013-10-26 14:28 - 2013-10-26 14:29 - 32370848 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\Curdt Marcus\Downloads\FreeYouTubeToMP3Converter.exe
2013-10-24 12:27 - 2013-10-24 12:27 - 00000000 ____D C:\Program Files (x86)\Dungeon Defenders

==================== One Month Modified Files and Folders =======

2013-11-23 12:50 - 2013-11-23 12:50 - 00000000 ____D C:\FRST
2013-11-23 12:39 - 2012-12-19 15:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-23 12:39 - 2009-07-14 05:51 - 00020640 _____ C:\Windows\setupact.log
2013-11-22 15:58 - 2012-12-19 15:42 - 01523354 _____ C:\Windows\WindowsUpdate.log
2013-11-22 15:38 - 2012-12-24 20:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-22 15:30 - 2012-12-24 20:41 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-22 15:25 - 2011-04-12 08:43 - 01292842 _____ C:\Windows\System32\perfh007.dat
2013-11-22 15:25 - 2011-04-12 08:43 - 00333154 _____ C:\Windows\System32\perfc007.dat
2013-11-22 15:25 - 2009-07-14 06:13 - 00006248 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-22 15:11 - 2013-11-22 15:11 - 01957998 _____ (Farbar) C:\Users\Curdt Marcus\Downloads\FRST64.exe
2013-11-22 15:11 - 2013-02-03 18:31 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\CrashDumps
2013-11-22 14:38 - 2012-12-24 21:01 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-22 14:37 - 2009-07-14 05:45 - 00021840 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 14:37 - 2009-07-14 05:45 - 00021840 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 14:31 - 2013-02-25 16:36 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Skype
2013-11-22 14:31 - 2012-12-24 20:41 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-22 14:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 14:30 - 2013-08-09 13:34 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\LogMeIn Hamachi
2013-11-22 14:30 - 2012-12-24 20:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-22 14:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-22 14:02 - 2013-01-13 14:25 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Adobe
2013-11-22 14:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-11-20 19:09 - 2012-12-19 15:48 - 00000000 ____D C:\users\Curdt Marcus
2013-11-18 18:28 - 2013-05-20 11:12 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.minecraft
2013-11-17 21:05 - 2013-11-17 20:00 - 00018180 _____ C:\Users\Curdt Marcus\Desktop\Bewerbung-1.sxw
2013-11-17 19:59 - 2013-11-17 19:59 - 00015932 _____ C:\Users\Curdt Marcus\Desktop\Lebenslauf-1.sxw
2013-11-17 18:49 - 2012-12-27 16:54 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\TS3Client
2013-11-17 18:48 - 2012-12-27 16:53 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\TeamSpeak 3 Client
2013-11-17 01:41 - 2013-11-17 01:41 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\{2CB6E52B-A392-467A-914D-E9968946CAFF}
2013-11-17 00:15 - 2012-12-24 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-16 12:02 - 2013-11-10 13:16 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-11-16 10:31 - 2013-11-16 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 19:42 - 2013-06-10 16:04 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\AIMP3
2013-11-15 19:39 - 2013-03-03 21:31 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Audacity
2013-11-14 19:22 - 2013-07-20 21:03 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 19:22 - 2013-01-20 10:02 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-13 19:12 - 2013-08-31 15:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-10 14:03 - 2013-11-10 14:03 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Blizzard Entertainment
2013-11-10 13:24 - 2013-11-09 16:14 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.technic
2013-11-10 13:16 - 2013-11-10 13:16 - 00001256 _____ C:\Users\Public\Desktop\Wetin3.lnk
2013-11-10 13:09 - 2013-11-10 13:02 - 83293072 _____ (Blizzard Entertainment) C:\Users\Curdt Marcus\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-11-10 11:45 - 2013-11-09 16:10 - 02300919 _____ () C:\Users\Curdt Marcus\Desktop\TechnicLauncher.exe
2013-11-10 11:43 - 2013-11-10 11:43 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Minibar
2013-11-10 11:43 - 2013-11-10 11:43 - 00000000 ____D C:\Program Files (x86)\Minibar
2013-11-10 11:43 - 2013-11-10 11:39 - 00000009 _____ C:\END
2013-11-10 11:39 - 2013-11-10 11:39 - 00239064 _____ C:\Users\Curdt Marcus\Downloads\MCPatcherPro_downloader-afQyrH7m.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00003288 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2013-11-10 11:39 - 2013-11-10 11:39 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\FilesFrog Update Checker
2013-11-07 16:17 - 2013-11-07 16:17 - 01970848 _____ C:\Users\Curdt Marcus\Downloads\winrar-x64-500.exe
2013-11-07 16:17 - 2012-12-24 21:34 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:14 - 2013-11-07 16:14 - 01609146 _____ C:\Users\Curdt Marcus\Downloads\wrar420d.exe
2013-11-07 16:14 - 2013-11-07 16:14 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-11-07 16:08 - 2013-11-07 16:07 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Curdt Marcus\Downloads\AdobeAIRInstaller.exe
2013-11-03 15:15 - 2013-06-19 17:16 - 00517754 _____ () C:\Users\Curdt Marcus\Downloads\FTB_Launcher.exe
2013-11-03 15:15 - 2013-06-19 17:16 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\ftblauncher
2013-11-01 15:51 - 2013-02-23 17:46 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\ArmA 2 OA
2013-10-31 13:14 - 2013-09-01 13:50 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-31 13:14 - 2012-12-25 10:44 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-31 13:08 - 2013-09-01 13:49 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-31 13:07 - 2012-12-24 23:00 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-31 13:01 - 2012-12-25 10:44 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\PunkBuster
2013-10-31 12:20 - 2013-10-31 12:20 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-10-31 10:20 - 2010-11-21 04:47 - 00024518 _____ C:\Windows\PFRO.log
2013-10-29 22:02 - 2013-10-28 18:00 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-10-28 18:00 - 2013-10-28 18:00 - 00001400 _____ C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-10-28 17:59 - 2013-10-28 17:59 - 28382568 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367.exe
2013-10-28 17:59 - 2013-10-28 17:59 - 03174799 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367(1).exe.part
2013-10-27 22:28 - 2013-08-05 17:22 - 00005632 _____ C:\Users\Curdt Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-27 21:48 - 2013-10-27 21:33 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\RIFT
2013-10-27 14:29 - 2013-10-27 14:29 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Guild Wars 2
2013-10-27 11:00 - 2013-10-27 11:00 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\ArmA 2
2013-10-27 11:00 - 2012-12-19 15:44 - 00288411 _____ C:\Windows\DirectX.log
2013-10-26 17:27 - 2013-10-26 17:27 - 02945024 _____ C:\Users\Curdt Marcus\Downloads\Dotjosh.DayZCommander.Installer(1).msi
2013-10-26 17:01 - 2013-10-26 17:01 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\FreeFLVConverter
2013-10-26 17:01 - 2013-10-26 16:58 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-10-26 17:00 - 2012-12-24 20:41 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Adobe
2013-10-26 16:58 - 2013-10-26 16:57 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Curdt Marcus\Downloads\FreeFLVConverter75Setup.exe
2013-10-26 14:36 - 2013-01-10 15:10 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\DVDVideoSoft
2013-10-26 14:36 - 2013-01-10 15:10 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-26 14:29 - 2013-10-26 14:28 - 32370848 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\Curdt Marcus\Downloads\FreeYouTubeToMP3Converter.exe
2013-10-24 12:27 - 2013-10-24 12:27 - 00000000 ____D C:\Program Files (x86)\Dungeon Defenders
2013-10-24 12:13 - 2013-10-10 14:46 - 00000000 ____D C:\Users\Curdt Marcus\Desktop\Photoshop
2013-10-24 12:13 - 2013-03-24 12:04 - 00000132 _____ C:\Users\Curdt Marcus\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-10-24 10:11 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Curdt Marcus\fraps.exe
C:\Users\Curdt Marcus\Minecraft(2).exe
C:\Users\Curdt Marcus\AppData\Roaming\Origin


Some content of TEMP:
====================
C:\Users\Curdt Marcus\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\AskSLib.dll
C:\Users\Curdt Marcus\AppData\Local\Temp\AutoRun.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Curdt Marcus\AppData\Local\Temp\BackupSetup.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\cwcxyd6n.dll
C:\Users\Curdt Marcus\AppData\Local\Temp\devcon64.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Curdt Marcus\AppData\Local\Temp\eauninstall.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-b2788jnks.dll
C:\Users\Curdt Marcus\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Curdt Marcus\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Curdt Marcus\AppData\Local\Temp\nvStInst.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\oct48C5.tmp.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\oct7D2.tmp.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\octABBB.tmp.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\octC90A.tmp.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\octF43C.tmp.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\Quarantine.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Curdt Marcus\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\softonic_chr_1-8-16-10.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\sonarinst.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\tmp4C4B.tmp.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\tmp76D5.tmp.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\uninst1.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\unwise.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Curdt Marcus\AppData\Local\Temp\version51030bc4470a0.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

1
Restore point made on: 2013-11-22 15:59:51

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8136.92 MB
Available physical RAM: 7305.72 MB
Total Pagefile: 8135.12 MB
Available Pagefile: 7327.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:48.79 GB) NTFS
Drive e: () (Fixed) (Total:221.62 GB) (Free:161.85 GB) NTFS
Drive g: (Volume) (Fixed) (Total:931.51 GB) (Free:552.51 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:0.93 GB) (Free:0.65 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8F85853A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=222 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 32C6D9E4)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=06)


LastRegBack: 2013-11-22 15:52

==================== End Of Log ============================
--- --- ---

schrauber 24.11.2013 08:30
Versuch das mal im normalen Modus oder im abgesicherten:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

adan407 24.11.2013 11:11
Code:
ComboFix 13-11-23.02 - Curdt Marcus 24.11.2013  10:59:53.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8137.7246 [GMT 1:00]
ausgeführt von:: c:\users\Curdt Marcus\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Curdt Marcus\31c8fcc567a21c9494306c7d13dbddb4.jpg
c:\users\Curdt Marcus\AppData\Local\Minibar
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome.json
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome.pem
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\background.html
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content_menu.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content_pageutils.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content_popup.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content_toolbar.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content_toolbar_customfixes.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\initial_config.json
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango-ui\toolbar.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\main.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\manifest.json
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\MinibarPlugin.dll
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\popup.html
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\popup.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\tab.html
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome\tab.js
c:\users\Curdt Marcus\AppData\Local\Minibar\chrome_installer.js
c:\users\Curdt Marcus\AppData\Local\Minibar\common.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\content.xul
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\initial_config.json
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar_stub.html
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\install.rdf
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll
c:\users\Curdt Marcus\AppData\Local\Minibar\firefox_installer.js
c:\users\Curdt Marcus\AppData\Local\Minibar\ie_installer.js
c:\users\Curdt Marcus\AppData\Local\Minibar\minibar.crx
c:\users\Curdt Marcus\AppData\Local\Minibar\minibar.xpi
c:\users\Curdt Marcus\AppData\Local\Minibar\SettingsHelper.exe
c:\users\Curdt Marcus\AppData\Local\Minibar\Uninstall.exe
c:\users\Curdt Marcus\fraps.exe
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-10-24 bis 2013-11-24  ))))))))))))))))))))))))))))))
.
.
2013-11-24 10:07 . 2013-11-24 10:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-24 10:07 . 2013-11-24 10:07        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-11-23 11:50 . 2013-11-23 11:50        --------        d-----w-        C:\FRST
2013-11-10 13:03 . 2013-11-10 13:03        --------        d-----w-        c:\users\Curdt Marcus\AppData\Local\Blizzard Entertainment
2013-11-10 12:16 . 2013-11-16 11:02        --------        d-----w-        c:\program files (x86)\World of Warcraft
2013-11-10 12:16 . 2013-11-10 12:16        --------        d-----w-        c:\program files (x86)\Common Files\Blizzard Entertainment
2013-11-10 10:43 . 2013-11-10 10:43        --------        d-----w-        c:\users\Curdt Marcus\AppData\Local\AppsHat Mobile Apps
2013-11-10 10:43 . 2013-11-10 10:43        --------        d-----w-        c:\program files (x86)\Minibar
2013-11-10 10:39 . 2013-11-10 10:39        --------        d-----w-        c:\users\Curdt Marcus\AppData\Local\FilesFrog Update Checker
2013-11-10 10:23 . 2013-09-04 12:12        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2013-11-10 10:23 . 2013-09-04 12:11        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2013-11-10 10:23 . 2013-09-04 12:11        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2013-11-10 10:23 . 2013-09-04 12:11        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2013-11-10 10:23 . 2013-09-04 12:11        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2013-11-10 10:23 . 2013-09-04 12:11        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2013-11-10 10:23 . 2013-09-04 12:11        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys
2013-11-09 15:14 . 2013-11-10 12:24        --------        d-----w-        c:\users\Curdt Marcus\AppData\Roaming\.technic
2013-10-31 11:20 . 2013-10-31 11:20        --------        d-----w-        c:\program files (x86)\EA Games
2013-10-28 17:00 . 2013-10-29 21:02        --------        d-----w-        c:\program files (x86)\The Mighty Quest For Epic Loot
2013-10-27 20:33 . 2013-10-27 20:48        --------        d-----w-        c:\users\Curdt Marcus\AppData\Roaming\RIFT
2013-10-27 13:29 . 2013-10-27 13:29        --------        d-----w-        c:\users\Curdt Marcus\AppData\Roaming\Guild Wars 2
2013-10-27 10:24 . 2013-10-27 10:24        --------        d-----w-        c:\program files (x86)\Common Files\BattlEye
2013-10-27 10:00 . 2013-10-27 10:00        --------        d-----w-        c:\users\Curdt Marcus\AppData\Local\ArmA 2
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 18:22 . 2013-01-20 09:02        82896128        ----a-w-        c:\windows\system32\MRT.exe
2013-10-31 12:14 . 2013-09-01 12:50        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-10-31 12:14 . 2012-12-25 09:44        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-10-31 12:08 . 2013-09-01 12:49        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-10-31 12:07 . 2012-12-24 22:00        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-10-09 14:38 . 2012-12-24 19:39        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-22 23:28 . 2013-10-11 12:36        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-11 12:36        2876928        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-11 12:36        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-11 12:36        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-11 12:36        51712        ----a-w-        c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-11 12:36        2241024        ----a-w-        c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-11 12:36        1365504        ----a-w-        c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-11 12:36        603136        ----a-w-        c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-11 12:36        19252224        ----a-w-        c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-11 12:36        855552        ----a-w-        c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-11 12:36        3959296        ----a-w-        c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-11 12:36        53248        ----a-w-        c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-11 12:36        526336        ----a-w-        c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-11 12:36        67072        ----a-w-        c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-11 12:36        39936        ----a-w-        c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-11 12:36        136704        ----a-w-        c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-11 12:36        2647552        ----a-w-        c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-11 12:36        15404544        ----a-w-        c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-11 12:36        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-11 12:36        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-11 12:36        89600        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-11 12:36        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-10 17:05        497152        ----a-w-        c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-10 17:05        1903552        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 17:05        327168        ----a-w-        c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 17:05        231424        ----a-w-        c:\windows\SysWow64\mswsock.dll
2013-08-31 14:57 . 2013-08-31 14:57        378944        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-08-31 14:57 . 2013-08-31 14:57        189936        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-08-31 14:57 . 2013-08-31 14:57        1030952        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-08-29 02:17 . 2013-10-10 17:05        5549504        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 17:05        1732032        ----a-w-        c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 17:05        243712        ----a-w-        c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 17:05        859648        ----a-w-        c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 17:05        878080        ----a-w-        c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 17:05        3969472        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 17:05        3914176        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 17:05        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 17:05        1292192        ----a-w-        c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 17:05        619520        ----a-w-        c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 17:05        640512        ----a-w-        c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 17:05        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-08-29 01:29 . 2013-10-10 17:05        33280        ----a-w-        c:\windows\system32\drivers\usbser.sys
2013-08-29 00:49 . 2013-10-10 17:05        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 17:05        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 17:05        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 17:05        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 17:05        3155968        ----a-w-        c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 17:05        461312        ----a-w-        c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]
2013-09-19 05:23        331264        ----a-w-        c:\program files (x86)\Minibar\Minibar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-10-18 3561816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIINE.EXE" [2012-02-29 283232]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-07-12 2236816]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [x]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187B.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 15:02        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-24 14:38]
.
2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 19:41]
.
2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-06-19 22:45        3317616        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-06-19 22:45        3317616        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-06-19 22:45        3317616        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.doko-search.com/?babsrc=HP_ss&mntrId=0046001F3F008E83&affID=125836&tsp=5037
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a935efef-f719-d181-4d47-32c2ea4f6b33&searchtype=ds&q={searchTerms}&installDate=28/09/2013
IE: Free YouTube to MP3 Converter - c:\users\Curdt Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files (x86)\Minibar\Minibar.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\
FF - ExtSQL: 2013-10-31 12:19; battlefieldheroespatcher@ea.com; c:\users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\extensions\battlefieldheroespatcher@ea.com
FF - ExtSQL: 2013-11-10 11:42; {130a876e-28f8-41f2-911d-084e557b057a}; c:\users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\extensions\{130a876e-28f8-41f2-911d-084e557b057a}
FF - user.js: extensions.dokotoolbar.tlbrSrchUrl - hxxp://www.doko-search.com/?q={searchTerms}&babsrc=TB_ss&mntrId=0046001F3F008E83&affID=125836&tsp=5037
FF - user.js: extensions.dokotoolbar.tb_url - hxxp://www.doko-search.com/?q={searchTerms}&babsrc=TB_ss&mntrId=0046001F3F008E83&affID=125836&tsp=5037
FF - user.js: extensions.dokotoolbar.id - 004624c2000000000000001f3f008e83
FF - user.js: extensions.dokotoolbar.appId - {43083724-E0DA-43B9-B7D5-4C5EB0781850}
FF - user.js: extensions.dokotoolbar.instlDay - 15994
FF - user.js: extensions.dokotoolbar.vrsn - 1.8.26.9
FF - user.js: extensions.dokotoolbar.vrsni - 1.8.26.9
FF - user.js: extensions.dokotoolbar.vrsnTs - 1.8.26.921:27
FF - user.js: extensions.dokotoolbar.prtnrId - dokotoolbar
FF - user.js: extensions.dokotoolbar.prdct - dokotoolbar
FF - user.js: extensions.dokotoolbar.aflt - babsst
FF - user.js: extensions.dokotoolbar.smplGrp - none
FF - user.js: extensions.dokotoolbar.tlbrId - base
FF - user.js: extensions.dokotoolbar.instlRef - sst
FF - user.js: extensions.dokotoolbar.dfltLng - de
FF - user.js: extensions.dokotoolbar.excTlbr - false
FF - user.js: extensions.dokotoolbar.ffxUnstlRst - true
FF - user.js: extensions.dokotoolbar.admin - false
FF - user.js: extensions.dokotoolbar.autoRvrt - false
FF - user.js: extensions.dokotoolbar.rvrt - false
FF - user.js: extensions.dokotoolbar.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Pokki - %LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll
Wow6432Node-HKCU-Run-iDevice Manager Launcher - c:\program files (x86)\Software4u\iDevice Manager\Software4u.IDMLauncher.exe
Wow6432Node-HKCU-Run-AppsHat - c:\users\Curdt Marcus\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
Wow6432Node-HKLM-Run-Super-Charger - c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye for A2 - h:\steamlibrary\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_USERS\S-1-5-21-714820300-3119143247-1997101176-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,f6,7c,e7,59,aa,f5,c8,1d,ec,ed,f9,3a,b1,f5,3b,fa,2c,3c,ae,f1,
  e4,9e,de,c3,d9,1f,7d,5a,f0,ab,36,45,17,fd,fe,53,ce,f8,2e,d0,f1,44,2f,18,a5,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-24  11:08:41
ComboFix-quarantined-files.txt  2013-11-24 10:08
.
Vor Suchlauf: 16 Verzeichnis(se), 52.238.323.712 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 67.412.414.464 Bytes frei
.
- - End Of File - - 42F5BC8E640FC0C0A3F7FFA842C8D47C
A36C5E4F47E84449FF07ED3517B43A31

schrauber 25.11.2013 07:53
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

adan407 25.11.2013 13:48
Da ich immer noch keine Programme als Administrator ausführen kann wollte ich es wieder über Eingabeaufforderung probieren.

Doch jetzt kommt der Fehler :
Das zum Unterstützen des Abbildtyps erforderliche Subsystem ist nicht vorhanden.

MfG Adan

schrauber 26.11.2013 09:57
Was genau pasiert wenn Du das versuchst? Was passiert wenn du sie einfach mit Doppelklick startest?

adan407 26.11.2013 17:04
Also das Problem war :
Wenn ich als Admin ausführen gedrückt habe und dann den Kasten noch mit ok bestätigt habe blieb der dunklere Hintergrund noch etwas. Als er dann weg war ist allerdings nichts passiert.

Im abgesicherten Modus musste ich nichts als Admin ausführen und so hats jetzt geklappt.

Hier jetzt die Logs:

Anti-Malware
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.26.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 10.0.9200.16721
Curdt Marcus :: CURDTMARCUS-PC [Administrator]

26.11.2013 15:18:51
mbam-log-2013-11-26 (15-18-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 618978
Laufzeit: 1 Stunde(n), 9 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 14
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsPal\trz260.tmp.vir (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsPal\Uninstall.exe.vir (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Minibar\Minibar.dll.vir (PUP.Optional.MiniBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Curdt Marcus\AppData\Local\FilesFrog Update Checker\uninstall.exe.vir (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Curdt Marcus\AppData\Roaming\Movdap\trz731C.tmp.vir (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Curdt Marcus\AppData\Roaming\OpenCandy\F5DB304BE8E642AEBF48056C9811B6DC\Installer.exe.vir (PUP.Optional.Linkury.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\CURDTM~1\AppData\Local\Temp\OCS\ocs_v6r.exe.vir (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\CURDTM~1\AppData\Local\Temp\OCS\ocs_v7f.exe.vir (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Adobe\Adobe Audition CC\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curdt Marcus\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curdt Marcus\Downloads\gs_34075.exe (PUP.Optional.Freemium.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curdt Marcus\Downloads\pb35setup - CHIP-Downloader.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curdt Marcus\Sony Vegas Pro 12 for Free\vegas.pro.12.-patch.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
adw-cleaner
Code:
# AdwCleaner v3.013 - Bericht erstellt am 26/11/2013 um 16:41:01
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Curdt Marcus - CURDTMARCUS-PC
# Gestartet von : E:\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Curdt Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\Curdt Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\Curdt Marcus\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13957 octets] - [28/08/2013 12:56:23]
AdwCleaner[R1].txt - [11234 octets] - [26/11/2013 14:10:55]
AdwCleaner[R2].txt - [1453 octets] - [26/11/2013 16:40:01]
AdwCleaner[S0].txt - [13787 octets] - [28/08/2013 12:57:21]
AdwCleaner[S1].txt - [9704 octets] - [26/11/2013 14:11:53]
AdwCleaner[S2].txt - [1374 octets] - [26/11/2013 16:41:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1434 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Curdt Marcus on 26.11.2013 at 16:53:20,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-714820300-3119143247-1997101176-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_chr_1-8-16-10_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_chr_1-8-16-10_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\softonic_chr_1-8-16-10_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\softonic_chr_1-8-16-10_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3943312E-28AB-47F8-A642-F30B9B08C638}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Curdt Marcus\appdata\local\appshat mobile apps"
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{124FBF9C-C163-423E-93A2-AD84BACEE582}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{2A2CF623-C3F9-4DA5-B505-3BDED21DCCAD}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{2CB6E52B-A392-467A-914D-E9968946CAFF}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{715B4C12-31B1-4090-BE1E-15E276897BA6}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{87B425FD-C278-45C3-A35F-5F4C20706A37}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{A6E9DC32-BD07-459B-A597-6FEA47C80B2B}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{AC647FC4-151C-434F-9215-A6FBDB0450C6}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{B53EA8B5-BAE6-48E6-842A-21576030D41C}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{C67CA31C-954C-47A2-8D7F-9E9CF7681D3F}
Successfully deleted: [Empty Folder] C:\Users\Curdt Marcus\appdata\local\{F094A1F1-00E5-4584-832E-A6C8FFC513C8}



~~~ FireFox

Successfully deleted: [File] C:\Users\Curdt Marcus\AppData\Roaming\mozilla\firefox\profiles\7k6dwla6.default-1358074474981\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Curdt Marcus\AppData\Roaming\mozilla\firefox\profiles\7k6dwla6.default-1358074474981\minidumps [403 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.11.2013 at 16:54:59,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013
Ran by Curdt Marcus (administrator) on CURDTMARCUS-PC on 26-11-2013 16:56:21
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3561816 2013-10-18] (Electronic Arts)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_IATIINE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S2].txt [1514 2013-11-26] ()
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5e44d591-9d2f-46ec-9f21-702865bc2944.exe [180184 2013-11-24] (AVAST Software)
Startup: C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x015989730CE2CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Deutsches Wörterbuch - C:\Users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: DownloadHelper - C:\Users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: stylish - C:\Users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: Adblock Plus - C:\Users\Curdt Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\7k6dwla6.default-1358074474981\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\CURDTM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\CURDTM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-27] ()
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [653888 2013-10-03] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-31] ()
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-31] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-31] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-31] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [446976 2009-11-05] (Realtek Semiconductor Corporation                          )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 16:54 - 2013-11-26 16:54 - 00003341 _____ C:\Users\Curdt Marcus\Desktop\JRT.txt
2013-11-26 16:52 - 2013-11-25 09:28 - 01034531 _____ (Thisisu) C:\Users\Curdt Marcus\Desktop\JRT.exe
2013-11-25 13:31 - 2013-11-25 09:28 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Curdt Marcus\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-25 13:03 - 2013-11-25 13:03 - 00003408 ____N C:\bootsqm.dat
2013-11-24 11:08 - 2013-11-24 11:08 - 00033026 _____ C:\ComboFix.txt
2013-11-24 10:58 - 2013-11-24 11:08 - 00000000 ____D C:\Qoobox
2013-11-24 10:58 - 2013-11-24 11:07 - 00000000 ____D C:\Windows\erdnt
2013-11-24 10:58 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 10:58 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 10:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-24 10:57 - 2013-11-24 10:45 - 05149261 ____R (Swearware) C:\Users\Curdt Marcus\Desktop\ComboFix.exe
2013-11-23 12:50 - 2013-11-23 12:50 - 00000000 ____D C:\FRST
2013-11-22 15:11 - 2013-11-22 15:11 - 01957998 _____ (Farbar) C:\Users\Curdt Marcus\Downloads\FRST64.exe
2013-11-17 20:00 - 2013-11-17 21:05 - 00018180 _____ C:\Users\Curdt Marcus\Desktop\Bewerbung-1.sxw
2013-11-17 19:59 - 2013-11-17 19:59 - 00015932 _____ C:\Users\Curdt Marcus\Desktop\Lebenslauf-1.sxw
2013-11-16 10:31 - 2013-11-16 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-10 14:03 - 2013-11-10 14:03 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Blizzard Entertainment
2013-11-10 13:16 - 2013-11-16 12:02 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-11-10 13:16 - 2013-11-10 13:16 - 00001256 _____ C:\Users\Public\Desktop\Wetin3.lnk
2013-11-10 13:02 - 2013-11-10 13:09 - 83293072 _____ (Blizzard Entertainment) C:\Users\Curdt Marcus\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-11-10 11:43 - 2013-11-26 14:11 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2013-11-10 11:39 - 2013-11-10 11:39 - 00239064 _____ C:\Users\Curdt Marcus\Downloads\MCPatcherPro_downloader-afQyrH7m.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00003288 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2013-11-10 11:23 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-09 16:14 - 2013-11-10 13:24 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.technic
2013-11-09 16:10 - 2013-11-10 11:45 - 02300919 _____ () C:\Users\Curdt Marcus\Desktop\TechnicLauncher.exe
2013-11-07 16:17 - 2013-11-07 16:17 - 01970848 _____ C:\Users\Curdt Marcus\Downloads\winrar-x64-500.exe
2013-11-07 16:14 - 2013-11-07 16:18 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:14 - 2013-11-07 16:14 - 01609146 _____ C:\Users\Curdt Marcus\Downloads\wrar420d.exe
2013-11-07 16:14 - 2013-11-07 16:14 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-11-07 16:07 - 2013-11-07 16:08 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Curdt Marcus\Downloads\AdobeAIRInstaller.exe
2013-10-31 12:56 - 2013-10-31 12:57 - 00000000 ____D C:\Users\Curdt Marcus\Crap\Documents\Battlefield Heroes
2013-10-31 12:54 - 2013-10-31 12:54 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2013-10-31 12:20 - 2013-10-31 12:20 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-10-28 18:00 - 2013-10-29 22:02 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-10-28 18:00 - 2013-10-28 18:00 - 00001400 _____ C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-10-28 17:59 - 2013-10-28 17:59 - 28382568 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367.exe
2013-10-28 17:59 - 2013-10-28 17:59 - 03174799 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367(1).exe.part
2013-10-27 21:42 - 2013-10-27 21:42 - 00000000 ____D C:\Users\Curdt Marcus\Crap\Documents\RIFT
2013-10-27 21:33 - 2013-10-27 21:48 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\RIFT
2013-10-27 14:29 - 2013-10-27 14:29 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Guild Wars 2
2013-10-27 11:00 - 2013-10-27 11:00 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\ArmA 2

==================== One Month Modified Files and Folders =======

2013-11-26 16:54 - 2013-11-26 16:54 - 00003341 _____ C:\Users\Curdt Marcus\Desktop\JRT.txt
2013-11-26 16:53 - 2013-08-30 11:34 - 00000000 ____D C:\Windows\ERUNT
2013-11-26 16:42 - 2012-12-19 15:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-26 16:42 - 2009-07-14 05:51 - 00021144 _____ C:\Windows\setupact.log
2013-11-26 16:41 - 2013-08-28 12:56 - 00000000 ____D C:\AdwCleaner
2013-11-26 16:31 - 2010-11-21 04:47 - 00029282 _____ C:\Windows\PFRO.log
2013-11-26 16:29 - 2013-07-19 13:35 - 00000000 ____D C:\Users\Curdt Marcus\Sony Vegas Pro 12 for Free
2013-11-26 15:06 - 2009-07-14 05:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 15:06 - 2009-07-14 05:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 15:05 - 2011-04-12 08:43 - 01351010 _____ C:\Windows\system32\perfh007.dat
2013-11-26 15:05 - 2011-04-12 08:43 - 00351226 _____ C:\Windows\system32\perfc007.dat
2013-11-26 15:05 - 2009-07-14 06:13 - 00006248 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 15:01 - 2012-12-19 15:42 - 01597656 _____ C:\Windows\WindowsUpdate.log
2013-11-26 15:00 - 2013-01-13 14:25 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Adobe
2013-11-26 15:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-26 14:59 - 2013-08-09 13:34 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\LogMeIn Hamachi
2013-11-26 14:59 - 2012-12-24 20:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-26 14:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-26 14:51 - 2012-12-24 20:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 14:47 - 2012-12-24 20:41 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 14:37 - 2012-12-24 20:41 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 14:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 14:11 - 2013-11-10 11:43 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2013-11-26 14:06 - 2013-08-30 09:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-25 13:21 - 2013-02-03 18:31 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\CrashDumps
2013-11-25 13:21 - 2012-12-24 21:01 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-25 13:20 - 2013-08-31 15:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-25 13:03 - 2013-11-25 13:03 - 00003408 ____N C:\bootsqm.dat
2013-11-25 09:28 - 2013-11-26 16:52 - 01034531 _____ (Thisisu) C:\Users\Curdt Marcus\Desktop\JRT.exe
2013-11-25 09:28 - 2013-11-25 13:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Curdt Marcus\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-24 11:08 - 2013-11-24 11:08 - 00033026 _____ C:\ComboFix.txt
2013-11-24 11:08 - 2013-11-24 10:58 - 00000000 ____D C:\Qoobox
2013-11-24 11:07 - 2013-11-24 10:58 - 00000000 ____D C:\Windows\erdnt
2013-11-24 11:07 - 2012-12-19 15:48 - 00000000 ____D C:\Users\Curdt Marcus
2013-11-24 11:07 - 2009-07-14 03:34 - 00000243 _____ C:\Windows\system.ini
2013-11-24 10:45 - 2013-11-24 10:57 - 05149261 ____R (Swearware) C:\Users\Curdt Marcus\Desktop\ComboFix.exe
2013-11-23 12:50 - 2013-11-23 12:50 - 00000000 ____D C:\FRST
2013-11-22 15:11 - 2013-11-22 15:11 - 01957998 _____ (Farbar) C:\Users\Curdt Marcus\Downloads\FRST64.exe
2013-11-22 14:31 - 2013-02-25 16:36 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Skype
2013-11-18 18:28 - 2013-05-20 11:12 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.minecraft
2013-11-17 21:05 - 2013-11-17 20:00 - 00018180 _____ C:\Users\Curdt Marcus\Desktop\Bewerbung-1.sxw
2013-11-17 19:59 - 2013-11-17 19:59 - 00015932 _____ C:\Users\Curdt Marcus\Desktop\Lebenslauf-1.sxw
2013-11-17 18:49 - 2012-12-27 16:54 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\TS3Client
2013-11-17 18:48 - 2012-12-27 16:53 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\TeamSpeak 3 Client
2013-11-17 00:15 - 2012-12-24 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-16 12:02 - 2013-11-10 13:16 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-11-16 10:31 - 2013-11-16 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 19:42 - 2013-06-10 16:04 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\AIMP3
2013-11-15 19:39 - 2013-03-03 21:31 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Audacity
2013-11-14 19:24 - 2013-07-20 21:03 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 19:22 - 2013-01-20 10:02 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-10 14:03 - 2013-11-10 14:03 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Blizzard Entertainment
2013-11-10 13:24 - 2013-11-09 16:14 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.technic
2013-11-10 13:16 - 2013-11-10 13:16 - 00001256 _____ C:\Users\Public\Desktop\Wetin3.lnk
2013-11-10 13:09 - 2013-11-10 13:02 - 83293072 _____ (Blizzard Entertainment) C:\Users\Curdt Marcus\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-11-10 11:45 - 2013-11-09 16:10 - 02300919 _____ () C:\Users\Curdt Marcus\Desktop\TechnicLauncher.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00239064 _____ C:\Users\Curdt Marcus\Downloads\MCPatcherPro_downloader-afQyrH7m.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00003288 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2013-11-07 16:18 - 2013-11-07 16:14 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-11-07 16:17 - 2013-11-07 16:17 - 01970848 _____ C:\Users\Curdt Marcus\Downloads\winrar-x64-500.exe
2013-11-07 16:17 - 2012-12-24 21:34 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:14 - 2013-11-07 16:14 - 01609146 _____ C:\Users\Curdt Marcus\Downloads\wrar420d.exe
2013-11-07 16:14 - 2013-11-07 16:14 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-11-07 16:08 - 2013-11-07 16:07 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Curdt Marcus\Downloads\AdobeAIRInstaller.exe
2013-11-03 15:15 - 2013-06-19 17:16 - 00517754 _____ () C:\Users\Curdt Marcus\Downloads\FTB_Launcher.exe
2013-11-03 15:15 - 2013-06-19 17:16 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\ftblauncher
2013-11-01 15:51 - 2013-02-23 17:46 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\ArmA 2 OA
2013-10-31 13:14 - 2013-09-01 13:50 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-31 13:14 - 2012-12-25 10:44 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-31 13:08 - 2013-09-01 13:49 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-31 13:07 - 2012-12-24 23:00 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-31 13:01 - 2012-12-25 10:44 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\PunkBuster
2013-10-31 12:57 - 2013-10-31 12:56 - 00000000 ____D C:\Users\Curdt Marcus\Crap\Documents\Battlefield Heroes
2013-10-31 12:54 - 2013-10-31 12:54 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2013-10-31 12:20 - 2013-10-31 12:20 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-10-29 22:02 - 2013-10-28 18:00 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-10-28 18:00 - 2013-10-28 18:00 - 00001400 _____ C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-10-28 17:59 - 2013-10-28 17:59 - 28382568 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367.exe
2013-10-28 17:59 - 2013-10-28 17:59 - 03174799 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367(1).exe.part
2013-10-27 22:28 - 2013-08-05 17:22 - 00005632 _____ C:\Users\Curdt Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-27 21:48 - 2013-10-27 21:33 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\RIFT
2013-10-27 21:42 - 2013-10-27 21:42 - 00000000 ____D C:\Users\Curdt Marcus\Crap\Documents\RIFT
2013-10-27 14:29 - 2013-10-27 14:29 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Guild Wars 2
2013-10-27 14:29 - 2013-01-04 20:08 - 00000000 ____D C:\Users\Curdt Marcus\Crap\Documents\Guild Wars 2
2013-10-27 11:00 - 2013-10-27 11:00 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\ArmA 2
2013-10-27 11:00 - 2013-03-02 14:55 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2013-10-27 11:00 - 2013-02-23 17:46 - 00000000 ____D C:\Users\Curdt Marcus\Crap\Documents\ArmA 2
2013-10-27 11:00 - 2012-12-19 15:44 - 00288411 _____ C:\Windows\DirectX.log

Files to move or delete:
====================
C:\Users\Curdt Marcus\Minecraft(2).exe
C:\Users\Curdt Marcus\AppData\Roaming\Origin


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-22 15:52

==================== End Of Log ============================
--- --- ---


Bis jetzt sind noch keine Besserungen zuerkennen.
Nur mal so als kleiner Zwischenstand.

MfG Adan

schrauber 27.11.2013 10:16
Wenn Du im Admin Account bist und FRST im normalen Modus startest sollte es funktionieren. Ich brauche ein Log aus dem normalen Modus.

adan407 27.11.2013 14:24
War im Admin Account musste aber trotzdem als Admin asuführen machen.
Ging also nicht. Habs jez nochmal so gemacht wie du es mir in einer der vorherigen Antworten gesagt hast.
Hoffe das passt so.

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013
Ran by SYSTEM on MININT-EVES5UR on 27-11-2013 14:19:19
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5e44d591-9d2f-46ec-9f21-702865bc2944.exe [180184 2013-11-24] (AVAST Software)
HKU\Curdt Marcus\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKU\Curdt Marcus\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3561816 2013-10-18] (Electronic Arts)
HKU\Curdt Marcus\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Curdt Marcus\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_IATIINE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\Curdt Marcus\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
Startup: C:\Users\Curdt Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-27] ()
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [653888 2013-10-03] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-31] ()
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-31] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-31] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-31] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [446976 2009-11-05] (Realtek Semiconductor Corporation                          )
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 14:10 - 2013-11-22 15:17 - 01957998 _____ (Farbar) C:\Users\Curdt Marcus\Desktop\FRST64.exe
2013-11-26 16:54 - 2013-11-26 16:54 - 00003341 _____ C:\Users\Curdt Marcus\Desktop\JRT.txt
2013-11-25 13:03 - 2013-11-25 13:03 - 00003408 ____N C:\bootsqm.dat
2013-11-24 11:08 - 2013-11-24 11:08 - 00033026 _____ C:\ComboFix.txt
2013-11-24 10:58 - 2013-11-24 11:08 - 00000000 ____D C:\Qoobox
2013-11-24 10:58 - 2013-11-24 11:07 - 00000000 ____D C:\Windows\erdnt
2013-11-24 10:58 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-24 10:58 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-24 10:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-24 10:58 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-23 12:50 - 2013-11-23 12:50 - 00000000 ____D C:\FRST
2013-11-22 15:11 - 2013-11-22 15:11 - 01957998 _____ (Farbar) C:\Users\Curdt Marcus\Downloads\FRST64.exe
2013-11-17 20:00 - 2013-11-17 21:05 - 00018180 _____ C:\Users\Curdt Marcus\Desktop\Bewerbung-1.sxw
2013-11-17 19:59 - 2013-11-17 19:59 - 00015932 _____ C:\Users\Curdt Marcus\Desktop\Lebenslauf-1.sxw
2013-11-16 10:31 - 2013-11-16 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-10 14:03 - 2013-11-10 14:03 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Blizzard Entertainment
2013-11-10 13:16 - 2013-11-16 12:02 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-11-10 13:16 - 2013-11-10 13:16 - 00001256 _____ C:\Users\Public\Desktop\Wetin3.lnk
2013-11-10 13:02 - 2013-11-10 13:09 - 83293072 _____ (Blizzard Entertainment) C:\Users\Curdt Marcus\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00239064 _____ C:\Users\Curdt Marcus\Downloads\MCPatcherPro_downloader-afQyrH7m.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00003288 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2013-11-10 11:23 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-10 11:23 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-11-09 16:14 - 2013-11-10 13:24 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.technic
2013-11-09 16:10 - 2013-11-10 11:45 - 02300919 _____ () C:\Users\Curdt Marcus\Desktop\TechnicLauncher.exe
2013-11-07 16:17 - 2013-11-07 16:17 - 01970848 _____ C:\Users\Curdt Marcus\Downloads\winrar-x64-500.exe
2013-11-07 16:14 - 2013-11-07 16:14 - 01609146 _____ C:\Users\Curdt Marcus\Downloads\wrar420d.exe
2013-11-07 16:14 - 2013-11-07 16:14 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-11-07 16:07 - 2013-11-07 16:08 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Curdt Marcus\Downloads\AdobeAIRInstaller.exe
2013-10-31 12:20 - 2013-10-31 12:20 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-10-28 18:00 - 2013-10-29 22:02 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-10-28 18:00 - 2013-10-28 18:00 - 00001400 _____ C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-10-28 17:59 - 2013-10-28 17:59 - 28382568 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367.exe
2013-10-28 17:59 - 2013-10-28 17:59 - 03174799 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367(1).exe.part

==================== One Month Modified Files and Folders =======

2013-11-27 14:10 - 2013-01-13 14:25 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Adobe
2013-11-27 14:10 - 2012-12-24 20:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-27 14:09 - 2013-08-09 13:34 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\LogMeIn Hamachi
2013-11-27 14:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-27 13:56 - 2012-12-24 20:41 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 13:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 13:45 - 2012-12-19 15:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-27 13:45 - 2009-07-14 05:51 - 00021256 _____ C:\Windows\setupact.log
2013-11-26 16:54 - 2013-11-26 16:54 - 00003341 _____ C:\Users\Curdt Marcus\Desktop\JRT.txt
2013-11-26 16:53 - 2013-08-30 11:34 - 00000000 ____D C:\Windows\ERUNT
2013-11-26 16:41 - 2013-08-28 12:56 - 00000000 ____D C:\AdwCleaner
2013-11-26 16:31 - 2010-11-21 04:47 - 00029282 _____ C:\Windows\PFRO.log
2013-11-26 16:29 - 2013-07-19 13:35 - 00000000 ____D C:\Users\Curdt Marcus\Sony Vegas Pro 12 for Free
2013-11-26 15:06 - 2009-07-14 05:45 - 00021840 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 15:06 - 2009-07-14 05:45 - 00021840 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 15:05 - 2011-04-12 08:43 - 01351010 _____ C:\Windows\System32\perfh007.dat
2013-11-26 15:05 - 2011-04-12 08:43 - 00351226 _____ C:\Windows\System32\perfc007.dat
2013-11-26 15:05 - 2009-07-14 06:13 - 00006248 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-26 15:01 - 2012-12-19 15:42 - 01602750 _____ C:\Windows\WindowsUpdate.log
2013-11-26 15:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-11-26 14:51 - 2012-12-24 20:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 14:37 - 2012-12-24 20:41 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 14:06 - 2013-08-30 09:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-25 13:21 - 2013-02-03 18:31 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\CrashDumps
2013-11-25 13:21 - 2012-12-24 21:01 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-25 13:20 - 2013-08-31 15:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-25 13:03 - 2013-11-25 13:03 - 00003408 ____N C:\bootsqm.dat
2013-11-24 11:08 - 2013-11-24 11:08 - 00033026 _____ C:\ComboFix.txt
2013-11-24 11:08 - 2013-11-24 10:58 - 00000000 ____D C:\Qoobox
2013-11-24 11:07 - 2013-11-24 10:58 - 00000000 ____D C:\Windows\erdnt
2013-11-24 11:07 - 2012-12-19 15:48 - 00000000 ____D C:\users\Curdt Marcus
2013-11-24 11:07 - 2009-07-14 03:34 - 00000243 _____ C:\Windows\system.ini
2013-11-23 12:50 - 2013-11-23 12:50 - 00000000 ____D C:\FRST
2013-11-22 15:17 - 2013-11-27 14:10 - 01957998 _____ (Farbar) C:\Users\Curdt Marcus\Desktop\FRST64.exe
2013-11-22 15:11 - 2013-11-22 15:11 - 01957998 _____ (Farbar) C:\Users\Curdt Marcus\Downloads\FRST64.exe
2013-11-22 14:31 - 2013-02-25 16:36 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Skype
2013-11-18 18:28 - 2013-05-20 11:12 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.minecraft
2013-11-17 21:05 - 2013-11-17 20:00 - 00018180 _____ C:\Users\Curdt Marcus\Desktop\Bewerbung-1.sxw
2013-11-17 19:59 - 2013-11-17 19:59 - 00015932 _____ C:\Users\Curdt Marcus\Desktop\Lebenslauf-1.sxw
2013-11-17 18:49 - 2012-12-27 16:54 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\TS3Client
2013-11-17 18:48 - 2012-12-27 16:53 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\TeamSpeak 3 Client
2013-11-17 00:15 - 2012-12-24 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-16 12:02 - 2013-11-10 13:16 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-11-16 10:31 - 2013-11-16 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 19:42 - 2013-06-10 16:04 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\AIMP3
2013-11-15 19:39 - 2013-03-03 21:31 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\Audacity
2013-11-14 19:24 - 2013-07-20 21:03 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 19:22 - 2013-01-20 10:02 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-10 14:03 - 2013-11-10 14:03 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\Blizzard Entertainment
2013-11-10 13:24 - 2013-11-09 16:14 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\.technic
2013-11-10 13:16 - 2013-11-10 13:16 - 00001256 _____ C:\Users\Public\Desktop\Wetin3.lnk
2013-11-10 13:09 - 2013-11-10 13:02 - 83293072 _____ (Blizzard Entertainment) C:\Users\Curdt Marcus\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-11-10 11:45 - 2013-11-09 16:10 - 02300919 _____ () C:\Users\Curdt Marcus\Desktop\TechnicLauncher.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00239064 _____ C:\Users\Curdt Marcus\Downloads\MCPatcherPro_downloader-afQyrH7m.exe
2013-11-10 11:39 - 2013-11-10 11:39 - 00003288 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2013-11-07 16:17 - 2013-11-07 16:17 - 01970848 _____ C:\Users\Curdt Marcus\Downloads\winrar-x64-500.exe
2013-11-07 16:17 - 2012-12-24 21:34 - 00000000 ____D C:\Program Files\WinRAR
2013-11-07 16:14 - 2013-11-07 16:14 - 01609146 _____ C:\Users\Curdt Marcus\Downloads\wrar420d.exe
2013-11-07 16:14 - 2013-11-07 16:14 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-11-07 16:08 - 2013-11-07 16:07 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Curdt Marcus\Downloads\AdobeAIRInstaller.exe
2013-11-03 15:15 - 2013-06-19 17:16 - 00517754 _____ () C:\Users\Curdt Marcus\Downloads\FTB_Launcher.exe
2013-11-03 15:15 - 2013-06-19 17:16 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Roaming\ftblauncher
2013-11-01 15:51 - 2013-02-23 17:46 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\ArmA 2 OA
2013-10-31 13:14 - 2013-09-01 13:50 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-31 13:14 - 2012-12-25 10:44 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-31 13:08 - 2013-09-01 13:49 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-31 13:07 - 2012-12-24 23:00 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-31 13:01 - 2012-12-25 10:44 - 00000000 ____D C:\Users\Curdt Marcus\AppData\Local\PunkBuster
2013-10-31 12:20 - 2013-10-31 12:20 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-10-29 22:02 - 2013-10-28 18:00 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-10-28 18:00 - 2013-10-28 18:00 - 00001400 _____ C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-10-28 17:59 - 2013-10-28 17:59 - 28382568 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367.exe
2013-10-28 17:59 - 2013-10-28 17:59 - 03174799 _____ (                                                            ) C:\Users\Curdt Marcus\Downloads\MightyQuestSetup_219367(1).exe.part

Files to move or delete:
====================
C:\Users\Curdt Marcus\Minecraft(2).exe
C:\Users\Curdt Marcus\AppData\Roaming\Origin


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

1
Restore point made on: 2013-11-22 15:59:51

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8136.92 MB
Available physical RAM: 7325.55 MB
Total Pagefile: 8135.12 MB
Available Pagefile: 7311.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:63.2 GB) NTFS
Drive e: () (Fixed) (Total:221.62 GB) (Free:161.85 GB) NTFS
Drive g: (Volume) (Fixed) (Total:931.51 GB) (Free:552.51 GB) NTFS
Drive i: (USB DISK) (Removable) (Total:0.93 GB) (Free:0.64 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8F85853A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=222 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 32C6D9E4)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=06)


LastRegBack: 2013-11-22 15:52

==================== End Of Log ============================
--- --- ---

schrauber 28.11.2013 09:42
Das ist aber ein Log aus der Recovery. Nicht aus dem normalen Modus.

adan407 28.11.2013 16:36
Es gibt nur einen Account also bin ich auch immer im Adminaccount.
Wenn ich FRST ganz normal starten will komm der selbe Bestätigungskasten wie immer.
Ich vesteh einfach nicht wie ich das gestartet bekommen soll.
Kannst du mir eventuell mal eine detallierte Anleitung geben ?

MfG Adan


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:12 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27