Trojaner-Board - Win 7 : Firefox öffnet unsichtbare tabs

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Win 7 : Firefox öffnet unsichtbare tabs (https://www.trojaner-board.de/146433-win-7-firefox-oeffnet-unsichtbare-tabs.html)

Zerozo

21.12.2013 22:15

Win 7 : Firefox öffnet unsichtbare tabs

hi mein name ist samet ich bin hir neu und habe auch ein problem mit gebracht und zwar öffnet sich immer ein unsichtbarer firefox.exe der sich nur über den task manager schließen lässt der sehr viel leistung frisst und auch sehr laut ist z.b werbung oder der sound von videos abspielt dazu noch das wen ich auf dateipfad anzeigen klicke zeigt es mir das hir an wo es gespeichert ist C:\Windows\SysWOW64\FF_BN_1519133\App\Firefox aba wen ich in den ordner SysWOW64 gehe finde ich kein FF_BN_1519133 ordner... Anhang 63160

liebe grüße Zerozo/samet

schrauber

22.12.2013 06:31

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Zerozo

22.12.2013 10:45

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2013 02

Ran by Mesut at 2013-12-22 10:41:35

Running from C:\Users\Mesut\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Ace of Spades (x32 Version: 0.75.015)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Aeria Ignite (x32 Version: 1.13.3296)

Akamai NetSession Interface (HKCU)

AMD Catalyst Control Center (x32 Version: 2013.0921.356.5161)

AMD Catalyst Install Manager (Version: 8.0.915.0)

AMD Fuel (Version: 2013.0921.356.5161)

Arc (x32 Version: 1.0.0.5510)

Arma 2 (x32)

Arma 2: DayZ Mod (x32)

Arma 2: Operation Arrowhead (x32)

Ask Toolbar (x32 Version: 12.6.0.12) <==== ATTENTION

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7)

avast! Free Antivirus (x32 Version: 8.0.1489.0)

Bandicam (x32 Version: 1.9.2.455)

Bandisoft MPEG-1 Decoder (x32)

BattlEye for OA Uninstall (x32)

BattlEye Uninstall (x32)

Call of Duty: Black Ops II - Multiplayer (x32)

Camtasia Studio 8 (x32 Version: 8.0.4.1060)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0921.356.5161)

Catalyst Control Center InstallProxy (x32 Version: 2013.0921.356.5161)

Catalyst Control Center Localization All (x32 Version: 2013.0921.356.5161)

CCC Help Chinese Standard (x32 Version: 2013.0921.0355.5161)

CCC Help Chinese Traditional (x32 Version: 2013.0921.0355.5161)

CCC Help Czech (x32 Version: 2013.0921.0355.5161)

CCC Help Danish (x32 Version: 2013.0921.0355.5161)

CCC Help Dutch (x32 Version: 2013.0921.0355.5161)

CCC Help English (x32 Version: 2013.0921.0355.5161)

CCC Help Finnish (x32 Version: 2013.0921.0355.5161)

CCC Help French (x32 Version: 2013.0921.0355.5161)

CCC Help German (x32 Version: 2013.0921.0355.5161)

CCC Help Greek (x32 Version: 2013.0921.0355.5161)

CCC Help Hungarian (x32 Version: 2013.0921.0355.5161)

CCC Help Italian (x32 Version: 2013.0921.0355.5161)

CCC Help Japanese (x32 Version: 2013.0921.0355.5161)

CCC Help Korean (x32 Version: 2013.0921.0355.5161)

CCC Help Norwegian (x32 Version: 2013.0921.0355.5161)

CCC Help Polish (x32 Version: 2013.0921.0355.5161)

CCC Help Portuguese (x32 Version: 2013.0921.0355.5161)

CCC Help Russian (x32 Version: 2013.0921.0355.5161)

CCC Help Spanish (x32 Version: 2013.0921.0355.5161)

CCC Help Swedish (x32 Version: 2013.0921.0355.5161)

CCC Help Thai (x32 Version: 2013.0921.0355.5161)

CCC Help Turkish (x32 Version: 2013.0921.0355.5161)

ccc-utility64 (Version: 2013.0921.356.5161)

CCleaner (Version: 4.03)

Cheat Engine 6.3 (x32)

Chivalry: Medieval Warfare (x32)

Counter-Strike: Source (x32)

Crossfire Europe (x32 Version: 1.172)

Game Booster 3 (x32 Version: 3.4)

Garry's Mod (x32)

Google Chrome (x32 Version: 31.0.1650.63)

Google Earth Plug-in (x32 Version: 7.1.2.2041)

Google Update Helper (x32 Version: 1.3.22.3)

Internet Explorer (Enable DEP)

Java 7 Update 21 (64-bit) (Version: 7.0.210)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

League of Legends (x32 Version: 1.3)

League of Legends (x32 Version: 3.0.1)

LogMeIn Hamachi (x32 Version: 2.2.0.109)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

McAfee Security Scan Plus (Version: 3.8.130.10)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)

Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)

Notepad++ (x32 Version: 6.4.3)

NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)

NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)

NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)

NVIDIA Grafiktreiber 320.49 (Version: 320.49)

NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)

NVIDIA Install Application (Version: 2.1002.125.816)

NVIDIA PhysX (x32 Version: 9.13.0604)

NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)

NVIDIA Systemsteuerung 320.49 (Version: 320.49)

NVIDIA Update 6.4.23 (Version: 6.4.23)

NVIDIA Update Components (Version: 6.4.23)

OpenOffice 4.0.1 (x32 Version: 4.01.9714)

Pando Media Booster (x32 Version: 2.6.0.9)

PileFile downloader (HKCU)

PunkBuster Services (x32 Version: 0.993)

Skype™ 6.11 (x32 Version: 6.11.102)

Star Wars: The Old Republic (x32 Version: 1.00)

Steam (x32 Version: 1.0.0.0)

System Requirements Lab (Test) (x32 Version: 6.0.3.0)

TeamSpeak 3 Client (Version: 3.0.11.1)

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

WinDS PRO 2014 (Version: 2014.00.00.0)

WinDS PRO Apps 1.0 (x32 Version: 1.0.0.0)

WinDS PRO Apps 1.6.2 (Version: 1.6.2.0)

WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)

WinRAR 4.20 (64-Bit) (Version: 4.20.0)

WinZipper (x32 Version: 1.4.8)

Wsys Control 15.2.1.2652 (x32 Version: 15.2.1.2652) <==== ATTENTION

YTD Video Downloader 4.6 (x32 Version: 4.6)

Zip Opener Packages (HKCU) <==== ATTENTION

Zip Opener Packages 72 (HKCU) <==== ATTENTION
 

==================== Restore Points  =========================
 

18-12-2013 15:41:01 OpenOffice 4.0.1 wird installiert

21-12-2013 19:21:04 Removed Visual Studio 2012 x86 Redistributables

21-12-2013 19:23:58 Removed Visual Studio 2012 x64 Redistributables
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2013-06-01 16:56 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0BD97E28-53DE-4970-8F5B-B9E74CD350D1} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\Autoupdate.exe [2013-09-18] ()

Task: {0FCC934B-65FD-4699-8339-8D2088BF5625} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)

Task: {269CA0A3-8021-4E75-9B9B-092055608C35} - System32\Tasks\DSite => C:\Users\Mesut\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {3409622F-54E9-4B2E-A243-E08AFBCAC51F} - System32\Tasks\DealPly => C:\Users\Mesut\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {3BBC31FA-C9BF-45E8-9C6C-B78CF64BC867} - System32\Tasks\DealPlyUpdate => C:\Program

Task: {65A8A0CB-2526-4E85-A493-7241E0B6A4CA} - System32\Tasks\EPUpdater => C:\Users\Mesut\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION

Task: {AFA65E29-4D1B-43F3-A58B-20F0F041B4F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)

Task: {B050549B-1B92-4E35-A2B3-EB10EA255FC0} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: {E34A24E6-F5EB-416B-BD12-7F162FFF818A} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe

Task: {E66E5540-4512-4E69-8F7E-2501AA4A39BE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)

Task: {EA9C4678-A46B-4618-BFF5-F61802F3D465} - System32\Tasks\RunAsStdUser Task => C:\Users\Mesut\AppData\Local\Oxy\Application\oxy.exe

Task: {FC8154CF-0487-4F9C-821A-4B2FAB0A6E24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)

Task: C:\Windows\Tasks\DSite.job => C:\Users\Mesut\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============

Frst.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02

Ran by Mesut (administrator) on MESUT-PC on 22-12-2013 10:41:05

Running from C:\Users\Mesut\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Windows\Rent\Update.exe

() C:\Windows\Rent\Rent.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

(PortableApps.com) C:\Windows\SysWOW64\FF_BN_110925\FirefoxPortable.exe

(Mozilla Corporation) C:\Windows\SysWOW64\FF_BN_110925\App\Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [W7LXE] - C:\Users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe [28135936 2010-05-22] ()

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-16] (APN)

HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\bb0e25b2-67ce-4f47-87c0-c6f05db1049e.exe [180184 2013-11-23] (AVAST Software)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] ()

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x974FB908CA5ECE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH

HKCU\Software\Microsoft\Internet Explorer\Main,start page = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6276BC5FF491D212&affID=119357&tsp=4952

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8A7631B0-8A8A-4FF3-8BA2-89CCF090D74E&q={searchTerms}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6276BC5FF491D212&affID=119357&tsp=4952

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 

SearchScopes: HKCU - {F9547C5F-6649-4212-A019-EB906B4E5F9E} URL = hxxp://asksearch.ask.com/redirect?client=ie&src=kw&tb=SGT-V6&itbv=11.10.0.829&o=APN10026&locale=de_DE&apn_uid=B36ED9C7-87B7-4C6E-9135-CE9C3454626D&apn_ptnrs=^AM3&apn_dtid=^YYYYYY^YY^DE&apn_dbr=cr_27.0.1453.116&doi=2013-06-25&q={searchTerms}&

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File

BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File

BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: 127.0.0.1 validation.sls.microsoft.com
 

FireFox:

========

FF ProfilePath: C:\Users\Mesut\AppData\Roaming\Mozilla\Firefox\Profiles\0w8hec2x.default

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mesut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 

Chrome: 

=======

CHR HomePage: hxxp://google.de/

CHR RestoreOnStartup: "hxxp://www.youtube.com/watch?v=ozbAKHE-xQs", "hxxp://www.wizardhax.com/2013/12/15/minecraft-1-7-2-1-7-4-hacked-client-nodus-proper-update-download/", "https://www.google.de/"

CHR DefaultSearchKeyword: youtube.com

CHR DefaultSearchProvider: YouTube-Videosuche

CHR DefaultSearchURL: hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch

CHR DefaultNewTabURL: 

CHR Extension: (New Tab) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0

CHR Extension: (Extended Protection) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0

CHR Extension: (AdBlock) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (Twitch.tv Europe Lag Fix) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoehmlkhjgaboegkondkciclminpjof\2.0_0

CHR Extension: (Steam Theme) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0

CHR Extension: (Google Wallet) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx

CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx

CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
 

==================== Services (Whitelisted) =================
 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-21] (Advanced Micro Devices, Inc.)

S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-16] (APN LLC.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()

R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-11-27] (Taiwan Shui Mu Chih Ching Technology Limited.)

R2 Rent Update; C:/Windows/Rent/Update.exe [x]

S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [34816 2013-06-19] (Advanced Micro Devices)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)

S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-22 10:40 - 2013-12-22 10:40 - 00026739 _____ C:\Users\Mesut\Downloads\Addition.txt

2013-12-22 10:39 - 2013-12-22 10:41 - 00018591 _____ C:\Users\Mesut\Downloads\FRST.txt

2013-12-22 10:39 - 2013-12-22 10:39 - 00000000 ____D C:\FRST

2013-12-22 10:38 - 2013-12-22 10:39 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_110925

2013-12-22 10:38 - 2013-12-22 10:38 - 02193141 _____ (Farbar) C:\Users\Mesut\Downloads\FRST64.exe

2013-12-22 10:27 - 2013-12-22 10:27 - 00000356 _____ C:\Windows\PFRO.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000056 _____ C:\Windows\setupact.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 22:15 - 2013-12-21 22:15 - 00004526 _____ C:\Users\Mesut\Downloads\log 1.zip

2013-12-21 22:12 - 2013-12-21 22:12 - 00004526 _____ C:\Users\Mesut\Desktop\log 1.zip

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 20:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-21 20:56 - 2013-12-21 20:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-20 22:53 - 2013-12-20 22:53 - 06933154 _____ C:\Users\Mesut\Downloads\Nodus1.7.2MCP.zip

2013-12-20 22:47 - 2013-12-20 22:47 - 04659751 _____ C:\Users\Mesut\Downloads\KinkyUpdate.rar

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:44 - 2013-12-18 16:45 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-18 16:39 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-18 16:30 - 2013-12-18 16:30 - 00614784 _____ C:\Users\Mesut\Downloads\OpenOffice - CHIP-Downloader.exe

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-10 18:13 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-09 21:47 - 2013-12-09 21:57 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:55 - 2013-12-08 22:58 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:23 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 18:31 - 2013-12-08 18:31 - 05701712 _____ C:\Users\Mesut\Downloads\bitdefender_14isecurity.exe

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 16:02 - 2013-12-08 02:16 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-07 15:36 - 2013-12-07 20:12 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-05 13:32 - 2013-12-07 15:33 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 12:28 - 2013-12-07 15:33 - 00000000 ____D C:\AeriaGames

2013-12-03 18:49 - 2013-12-03 18:49 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-01 01:06 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Downloads\Feuergrun_v3

2013-11-29 22:44 - 2013-11-29 22:44 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-11-29 22:44 - 2013-11-29 22:44 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-11-28 22:41 - 2013-12-08 02:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-11-28 22:41 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee

2013-11-28 22:39 - 2013-11-28 22:41 - 00000000 ____D C:\Users\Mesut\AppData\Local\Adobe

2013-11-28 22:27 - 2013-11-28 22:27 - 00001089 _____ C:\Users\Mesut\Desktop\Cheat Engine.lnk

2013-11-28 22:27 - 2013-11-28 22:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3

2013-11-28 18:36 - 2013-11-28 18:39 - 00000000 ____D C:\Users\Mesut\Downloads\Unleashed

2013-11-28 14:36 - 2013-11-28 14:38 - 00000085 _____ C:\Windows\wininit.ini

2013-11-27 20:48 - 2013-11-28 14:35 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\iSafe

2013-11-27 20:48 - 2013-11-27 20:48 - 00000000 ____D C:\Windows\system32\log

2013-11-27 20:47 - 2013-12-21 11:19 - 00000000 ____D C:\Program Files (x86)\WinZipper

2013-11-27 20:47 - 2013-12-05 15:13 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\WinZipper

2013-11-27 13:06 - 2013-11-27 20:48 - 00000000 ____D C:\Program Files (x86)\Desk 365

2013-11-27 13:06 - 2013-11-27 13:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Desk 365

2013-11-27 13:03 - 2013-11-27 20:49 - 00000000 ____D C:\Users\Mesut\AppData\Local\Oxy

2013-11-27 13:03 - 2013-11-27 13:03 - 00003538 _____ C:\Windows\System32\Tasks\RunAsStdUser Task

2013-11-27 13:03 - 2013-11-27 13:03 - 00000000 ____D C:\Users\Mesut\AppData\Local\Chromium

2013-11-27 13:01 - 2013-11-28 14:33 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Oxy

2013-11-25 16:38 - 2013-11-25 16:38 - 00000680 __RSH C:\Users\Mesut\ntuser.pol

2013-11-23 12:45 - 2013-11-23 12:45 - 00001293 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk

2013-11-22 17:14 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Desktop\Lavanda2
 

==================== One Month Modified Files and Folders =======
 

2013-12-22 10:41 - 2013-12-22 10:39 - 00018591 _____ C:\Users\Mesut\Downloads\FRST.txt

2013-12-22 10:40 - 2013-12-22 10:40 - 00026739 _____ C:\Users\Mesut\Downloads\Addition.txt

2013-12-22 10:40 - 2013-07-23 11:46 - 00000000 ____D C:\Users\Mesut\Desktop\samet

2013-12-22 10:39 - 2013-12-22 10:39 - 00000000 ____D C:\FRST

2013-12-22 10:39 - 2013-12-22 10:38 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_110925

2013-12-22 10:38 - 2013-12-22 10:38 - 02193141 _____ (Farbar) C:\Users\Mesut\Downloads\FRST64.exe

2013-12-22 10:35 - 2013-06-01 16:46 - 01161371 _____ C:\Windows\WindowsUpdate.log

2013-12-22 10:30 - 2013-10-04 17:53 - 00000000 ____D C:\Users\Mesut\AppData\Local\LogMeIn Hamachi

2013-12-22 10:30 - 2013-06-11 15:28 - 00000000 ____D C:\Program Files (x86)\Steam

2013-12-22 10:30 - 2013-06-01 14:24 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Skype

2013-12-22 10:28 - 2013-09-24 21:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-22 10:27 - 2013-12-22 10:27 - 00000356 _____ C:\Windows\PFRO.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000056 _____ C:\Windows\setupact.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-22 10:27 - 2013-06-01 14:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-22 10:27 - 2013-06-01 13:37 - 00000000 ____D C:\ProgramData\NVIDIA

2013-12-22 10:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-22 00:51 - 2013-06-01 14:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-22 00:50 - 2013-09-26 17:31 - 00000000 ____D C:\Users\Mesut\AppData\Local\PMB Files

2013-12-21 22:15 - 2013-12-21 22:15 - 00004526 _____ C:\Users\Mesut\Downloads\log 1.zip

2013-12-21 22:12 - 2013-12-21 22:12 - 00004526 _____ C:\Users\Mesut\Desktop\log 1.zip

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 20:57 - 2013-12-21 20:56 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-21 20:37 - 2013-08-31 15:26 - 00000000 ____D C:\Windows\pss

2013-12-21 20:34 - 2013-08-23 18:26 - 00000000 ____D C:\Users\Mesut\AppData\Local\CrashDumps

2013-12-21 20:24 - 2013-12-18 16:39 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-21 20:24 - 2013-12-01 01:06 - 00000000 ____D C:\Users\Mesut\Downloads\Feuergrun_v3

2013-12-21 20:24 - 2013-11-22 17:14 - 00000000 ____D C:\Users\Mesut\Desktop\Lavanda2

2013-12-21 20:24 - 2013-07-23 22:04 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Zip Opener Packages

2013-12-21 20:24 - 2013-07-03 21:24 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO

2013-12-21 17:38 - 2013-06-11 19:00 - 00000730 _____ C:\Users\Mesut\Desktop\Neues Textdokument (2).txt

2013-12-21 11:42 - 2009-07-14 05:45 - 00019296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-21 11:42 - 2009-07-14 05:45 - 00019296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-21 11:19 - 2013-11-27 20:47 - 00000000 ____D C:\Program Files (x86)\WinZipper

2013-12-20 22:58 - 2013-10-28 13:58 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.minecraft

2013-12-20 22:53 - 2013-12-20 22:53 - 06933154 _____ C:\Users\Mesut\Downloads\Nodus1.7.2MCP.zip

2013-12-20 22:47 - 2013-12-20 22:47 - 04659751 _____ C:\Users\Mesut\Downloads\KinkyUpdate.rar

2013-12-20 22:26 - 2013-08-31 18:06 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.technic

2013-12-20 22:22 - 2013-08-31 18:05 - 02303908 _____ () C:\Users\Mesut\Desktop\TechnicLauncher.exe

2013-12-20 19:15 - 2013-06-01 15:49 - 00694672 _____ C:\Windows\system32\perfh007.dat

2013-12-20 19:15 - 2013-06-01 15:49 - 00147796 _____ C:\Windows\system32\perfc007.dat

2013-12-20 19:15 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-20 17:20 - 2013-09-26 17:27 - 00000000 ____D C:\ProgramData\PMB Files

2013-12-20 16:13 - 2013-06-01 14:17 - 00064024 _____ C:\Users\Mesut\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-19 15:02 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:45 - 2013-12-18 16:44 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-18 16:30 - 2013-12-18 16:30 - 00614784 _____ C:\Users\Mesut\Downloads\OpenOffice - CHIP-Downloader.exe

2013-12-13 20:58 - 2013-06-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-12 16:32 - 2013-06-01 21:31 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\TS3Client

2013-12-09 21:57 - 2013-12-09 21:47 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:58 - 2013-12-08 22:55 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:24 - 2013-12-10 18:13 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 22:24 - 2013-12-08 22:23 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 19:16 - 2013-11-04 17:16 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Mozilla

2013-12-08 18:31 - 2013-12-08 18:31 - 05701712 _____ C:\Users\Mesut\Downloads\bitdefender_14isecurity.exe

2013-12-08 02:16 - 2013-12-07 16:02 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-08 02:16 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-12-08 02:16 - 2013-08-23 00:33 - 00000000 ____D C:\ProgramData\TechSmith

2013-12-08 02:16 - 2013-08-11 14:42 - 00000000 ____D C:\Windows\Rent

2013-12-08 02:16 - 2013-07-22 17:59 - 00000000 ____D C:\Users\Mesut\AppData\Local\Akamai

2013-12-08 02:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2013-12-08 02:15 - 2013-08-23 00:33 - 00000000 ____D C:\Program Files (x86)\TechSmith

2013-12-07 23:26 - 2013-11-12 16:20 - 00000000 ____D C:\Users\Mesut\Desktop\Planungen

2013-12-07 22:46 - 2013-06-01 14:18 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-07 22:46 - 2013-06-01 14:18 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-07 20:12 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 17:18 - 2013-06-01 16:49 - 00000000 ____D C:\Users\Mesut

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-07 15:33 - 2013-12-05 13:32 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-07 15:33 - 2013-12-05 12:28 - 00000000 ____D C:\AeriaGames

2013-12-07 00:13 - 2013-09-11 16:52 - 00000755 _____ C:\Users\Mesut\Desktop\serial.txt

2013-12-07 00:13 - 2013-09-11 16:52 - 00000002 _____ C:\Users\Mesut\Desktop\myFile.txt

2013-12-06 23:12 - 2013-07-22 18:31 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin

2013-12-05 15:13 - 2013-11-27 20:47 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\WinZipper

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 11:58 - 2013-06-01 14:19 - 00002357 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-05 11:41 - 2013-06-04 14:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-12-03 18:49 - 2013-12-03 18:49 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-03 18:33 - 2013-06-01 14:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-01 12:21 - 2013-11-06 19:22 - 00000000 ____D C:\Program Files (x86)\Skype

2013-12-01 12:21 - 2013-06-01 14:24 - 00000000 ____D C:\ProgramData\Skype

2013-12-01 12:10 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-11-29 22:44 - 2013-11-29 22:44 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-11-29 22:44 - 2013-11-29 22:44 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-11-29 13:03 - 2013-07-23 22:03 - 00000286 _____ C:\Windows\Tasks\DSite.job

2013-11-29 01:03 - 2013-07-26 23:03 - 00000111 _____ C:\Users\Mesut\AppData\Roaming\WB.CFG

2013-11-29 01:03 - 2013-07-24 00:03 - 00000006 _____ C:\Users\Mesut\AppData\Roaming\WBPU-TTL.DAT

2013-11-28 22:41 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee

2013-11-28 22:41 - 2013-11-28 22:39 - 00000000 ____D C:\Users\Mesut\AppData\Local\Adobe

2013-11-28 22:41 - 2013-08-29 13:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-11-28 22:41 - 2013-08-24 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-28 22:27 - 2013-11-28 22:27 - 00001089 _____ C:\Users\Mesut\Desktop\Cheat Engine.lnk

2013-11-28 22:27 - 2013-11-28 22:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3

2013-11-28 19:02 - 2013-11-18 18:12 - 00217600 _____ C:\Users\Mesut\Desktop\jacob-1.17-M2-x64.dll

2013-11-28 18:39 - 2013-11-28 18:36 - 00000000 ____D C:\Users\Mesut\Downloads\Unleashed

2013-11-28 15:05 - 2013-06-01 16:49 - 00000000 ____D C:\Users\Mesut\AppData\Local\VirtualStore

2013-11-28 14:38 - 2013-11-28 14:36 - 00000085 _____ C:\Windows\wininit.ini

2013-11-28 14:35 - 2013-11-27 20:48 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\iSafe

2013-11-28 14:33 - 2013-11-27 13:01 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Oxy

2013-11-27 20:49 - 2013-11-27 13:03 - 00000000 ____D C:\Users\Mesut\AppData\Local\Oxy

2013-11-27 20:49 - 2013-06-01 16:49 - 00000000 ___RD C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-27 20:48 - 2013-11-27 20:48 - 00000000 ____D C:\Windows\system32\log

2013-11-27 20:48 - 2013-11-27 13:06 - 00000000 ____D C:\Program Files (x86)\Desk 365

2013-11-27 13:46 - 2013-11-27 13:06 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Desk 365

2013-11-27 13:04 - 2013-06-01 16:49 - 00001607 _____ C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2013-11-27 13:03 - 2013-11-27 13:03 - 00003538 _____ C:\Windows\System32\Tasks\RunAsStdUser Task

2013-11-27 13:03 - 2013-11-27 13:03 - 00000000 ____D C:\Users\Mesut\AppData\Local\Chromium

2013-11-25 16:46 - 2013-06-01 14:24 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk

2013-11-25 16:38 - 2013-11-25 16:38 - 00000680 __RSH C:\Users\Mesut\ntuser.pol

2013-11-25 16:38 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2013-11-23 12:45 - 2013-11-23 12:45 - 00001293 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk

2013-11-23 12:45 - 2013-06-25 21:50 - 00000000 ____D C:\ProgramData\YTD Video Downloader
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

habe die datei addition.txt noch mal ich poste die mal einfach hir mit ;D

Code:

2013-06-01 13:36 - 2013-06-21 11:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-12-21 23:17 - 2013-12-21 19:30 - 02245632 _____ () C:\Program Files\AVAST Software\Avast\defs\13122101\algo.dll

2013-11-27 20:47 - 2013-11-27 20:47 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll

2013-05-06 16:05 - 2013-11-06 22:48 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2013-06-06 13:06 - 2013-12-11 20:40 - 01135016 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2013-07-09 08:23 - 2013-11-06 22:48 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2012-12-11 08:51 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2012-12-11 08:51 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2012-12-11 08:51 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2013-12-05 11:58 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 11:58 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 11:58 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 11:58 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 11:58 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\Users\Mesut\Application Data:NT

AlternateDataStreams: C:\Users\Mesut\AppData\Roaming:NT
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/22/2013 10:29:31 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/21/2013 11:17:50 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/20/2013 04:08:39 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/19/2013 03:11:47 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/18/2013 01:54:22 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/17/2013 08:36:16 PM) (Source: Application Hang) (User: )

Description: Programm League of Legends.exe, Version 3.15.0.255 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 8a8
 

Startzeit: 01cefb5ed1269360
 

Endzeit: 14
 

Anwendungspfad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exe
 

Berichts-ID: 6b0f439d-6752-11e3-9de4-bc5ff491d212
 

Error: (12/17/2013 11:52:45 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 04:23:30 PM) (Source: Application Hang) (User: )

Description: Programm Skype.exe, Version 6.11.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 4dc
 

Startzeit: 01cefa71f1cbd141
 

Endzeit: 10
 

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
 

Berichts-ID: e5770ebd-6665-11e3-8a13-bc5ff491d212
 

Error: (12/16/2013 04:17:48 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/15/2013 04:05:51 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: McUicnt.exe, Version: 5.9.2.0, Zeitstempel: 0x52309272

Name des fehlerhaften Moduls: ieframe.dll, Version: 9.0.8112.16483, Zeitstempel: 0x515e263f

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000000083fe

ID des fehlerhaften Prozesses: 0x570

Startzeit der fehlerhaften Anwendung: 0xMcUicnt.exe0

Pfad der fehlerhaften Anwendung: McUicnt.exe1

Pfad des fehlerhaften Moduls: McUicnt.exe2

Berichtskennung: McUicnt.exe3
 
 

System errors:

=============

Error: (12/22/2013 10:33:52 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
 

Error: (12/22/2013 10:30:50 AM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{86FA6F27-FD55-4ED0-979E-7CA5E990BAE9}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (12/22/2013 10:28:32 AM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 

Error: (12/22/2013 10:28:19 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (12/22/2013 10:27:29 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Wsys Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (12/21/2013 11:22:42 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
 

Error: (12/21/2013 11:19:32 AM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{86FA6F27-FD55-4ED0-979E-7CA5E990BAE9}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (12/21/2013 11:17:22 AM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 

Error: (12/21/2013 11:16:57 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (12/21/2013 11:16:17 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Wsys Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 
 

Microsoft Office Sessions:

=========================

Error: (12/22/2013 10:29:31 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/21/2013 11:17:50 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/20/2013 04:08:39 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/19/2013 03:11:47 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/18/2013 01:54:22 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/17/2013 08:36:16 PM) (Source: Application Hang)(User: )

Description: League of Legends.exe3.15.0.2558a801cefb5ed126936014C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exe6b0f439d-6752-11e3-9de4-bc5ff491d212
 

Error: (12/17/2013 11:52:45 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 04:23:30 PM) (Source: Application Hang)(User: )

Description: Skype.exe6.11.0.1024dc01cefa71f1cbd14110C:\Program Files (x86)\Skype\Phone\Skype.exee5770ebd-6665-11e3-8a13-bc5ff491d212
 

Error: (12/16/2013 04:17:48 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/15/2013 04:05:51 PM) (Source: Application Error)(User: )

Description: McUicnt.exe5.9.2.052309272ieframe.dll9.0.8112.16483515e263fc000000500000000000083fe57001cef9a6d122ef72C:\Program Files\McAfee Security Scan\3.8.130\McUicnt.exeC:\Windows\System32\ieframe.dll62863773-659a-11e3-a3a6-bc5ff491d212
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-12-22 10:28:19.396

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-22 10:28:19.365

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-21 11:16:57.044

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-21 11:16:56.951

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-20 16:07:49.164

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-20 16:07:49.086

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-19 15:03:58.442

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-19 15:03:58.193

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-18 13:50:25.969

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-18 13:50:25.938

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 61%

Total physical RAM: 2047.24 MB

Available physical RAM: 786.41 MB

Total Pagefile: 4094.48 MB

Available Pagefile: 2312.44 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:148.95 GB) (Free:93.59 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D3F312C8)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

schrauber

23.12.2013 08:13

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Zerozo

23.12.2013 14:54

Combofix.txt

Code:

ComboFix 13-12-21.01 - Mesut 23.12.2013  14:31:12.1.3 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.41.1033.18.2047.478 [GMT 1:00]

ausgeführt von:: c:\users\Mesut\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\337

c:\program files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll

c:\program files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll

c:\program files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak

c:\program files (x86)\DealPly

c:\program files (x86)\DealPly\DealPly.crx

c:\program files (x86)\DealPly\DealPly.xpi

c:\program files (x86)\DealPly\DealPlyIE.dll

c:\program files (x86)\DealPly\DealPlyIE64.dll

c:\program files (x86)\DealPly\DealPlyUpdate.exe

c:\program files (x86)\DealPly\DealPlyUpdateRun.exe

c:\program files (x86)\DealPly\DealPlyUpdateVer.exe

c:\program files (x86)\DealPly\icon.ico

c:\windows\SysWow64\ff

c:\windows\SysWow64\ff\App\AppInfo\appicon.ico

c:\windows\SysWow64\ff\App\AppInfo\appicon_128.png

c:\windows\SysWow64\ff\App\AppInfo\appicon_16.png

c:\windows\SysWow64\ff\App\AppInfo\appicon_32.png

c:\windows\SysWow64\ff\App\AppInfo\appinfo.ini

c:\windows\SysWow64\ff\App\AppInfo\installer.ini

c:\windows\SysWow64\ff\App\Bin\sqlite3.exe

c:\windows\SysWow64\ff\App\DefaultData\plugins\plugins_readme.txt

c:\windows\SysWow64\ff\App\DefaultData\profile\bookmarks.html

c:\windows\SysWow64\ff\App\DefaultData\profile\prefs.js

c:\windows\SysWow64\ff\App\DefaultData\settings\FirefoxPortableSettings.ini

c:\windows\SysWow64\ff\App\Firefox\AccessibleMarshal.dll

c:\windows\SysWow64\ff\App\Firefox\active-update.xml

c:\windows\SysWow64\ff\App\Firefox\application.ini

c:\windows\SysWow64\ff\App\Firefox\breakpadinjector.dll

c:\windows\SysWow64\ff\App\Firefox\browser\blocklist.xml

c:\windows\SysWow64\ff\App\Firefox\browser\chrome.manifest

c:\windows\SysWow64\ff\App\Firefox\browser\components\browsercomps.dll

c:\windows\SysWow64\ff\App\Firefox\browser\components\components.manifest

c:\windows\SysWow64\ff\App\Firefox\browser\crashreporter-override.ini

c:\windows\SysWow64\ff\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png

c:\windows\SysWow64\ff\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf

c:\windows\SysWow64\ff\App\Firefox\browser\omni.ja

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\amazondotcom-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\bing.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\eBay-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\google.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\leo_ende_de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\wikipedia-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\yahoo-de.xml

c:\windows\SysWow64\ff\App\Firefox\crashreporter.exe

c:\windows\SysWow64\ff\App\Firefox\crashreporter.ini

c:\windows\SysWow64\ff\App\Firefox\D3DCompiler_43.dll

c:\windows\SysWow64\ff\App\Firefox\defaults\pref\channel-prefs.js

c:\windows\SysWow64\ff\App\Firefox\dependentlibs.list

c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png

c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf

c:\windows\SysWow64\ff\App\Firefox\firefox.exe

c:\windows\SysWow64\ff\App\Firefox\freebl3.chk

c:\windows\SysWow64\ff\App\Firefox\freebl3.dll

c:\windows\SysWow64\ff\App\Firefox\gkmedias.dll

c:\windows\SysWow64\ff\App\Firefox\libEGL.dll

c:\windows\SysWow64\ff\App\Firefox\libGLESv2.dll

c:\windows\SysWow64\ff\App\Firefox\maintenanceservice.exe

c:\windows\SysWow64\ff\App\Firefox\maintenanceservice_installer.exe

c:\windows\SysWow64\ff\App\Firefox\mozalloc.dll

c:\windows\SysWow64\ff\App\Firefox\mozglue.dll

c:\windows\SysWow64\ff\App\Firefox\mozjs.dll

c:\windows\SysWow64\ff\App\Firefox\msvcp100.dll

c:\windows\SysWow64\ff\App\Firefox\msvcr100.dll

c:\windows\SysWow64\ff\App\Firefox\nss3.dll

c:\windows\SysWow64\ff\App\Firefox\nssckbi.dll

c:\windows\SysWow64\ff\App\Firefox\nssdbm3.chk

c:\windows\SysWow64\ff\App\Firefox\nssdbm3.dll

c:\windows\SysWow64\ff\App\Firefox\omni.ja

c:\windows\SysWow64\ff\App\Firefox\platform.ini

c:\windows\SysWow64\ff\App\Firefox\plugin-container.exe

c:\windows\SysWow64\ff\App\Firefox\plugin-hang-ui.exe

c:\windows\SysWow64\ff\App\Firefox\precomplete

c:\windows\SysWow64\ff\App\Firefox\removed-files

c:\windows\SysWow64\ff\App\Firefox\softokn3.chk

c:\windows\SysWow64\ff\App\Firefox\softokn3.dll

c:\windows\SysWow64\ff\App\Firefox\uninstall\helper.exe

c:\windows\SysWow64\ff\App\Firefox\uninstall\uninstall.update

c:\windows\SysWow64\ff\App\Firefox\update-settings.ini

c:\windows\SysWow64\ff\App\Firefox\updater.exe

c:\windows\SysWow64\ff\App\Firefox\updater.ini

c:\windows\SysWow64\ff\App\Firefox\updates.xml

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.log

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.manifest

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.mar

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.status

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.version

c:\windows\SysWow64\ff\App\Firefox\updates\0\updater.exe

c:\windows\SysWow64\ff\App\Firefox\updates\0\updater.ini

c:\windows\SysWow64\ff\App\Firefox\webapp-uninstaller.exe

c:\windows\SysWow64\ff\App\Firefox\webapprt-stub.exe

c:\windows\SysWow64\ff\App\Firefox\webapprt\omni.ja

c:\windows\SysWow64\ff\App\Firefox\webapprt\webapprt.ini

c:\windows\SysWow64\ff\App\Firefox\xul.dll

c:\windows\SysWow64\ff\App\readme.txt

c:\windows\SysWow64\ff\Data\plugins\npdsplay.dll

c:\windows\SysWow64\ff\Data\plugins\npitunes.dll

c:\windows\SysWow64\ff\Data\plugins\npzylomgamesplayer.dll

c:\windows\SysWow64\ff\Data\plugins\plugins_readme.txt

c:\windows\SysWow64\ff\Data\plugins_choice\list.txt

c:\windows\SysWow64\ff\Data\plugins_choice\np-mswmp.dll

c:\windows\SysWow64\ff\Data\plugins_choice\np32dsw.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npauthz.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npAviraCallingID.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npctrl.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdeploytk.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdivx32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdrmv2.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdsplay.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npgeplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npgoogleupdate3.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npitunes.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npjp2.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npnul32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npNxGameeu.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npovshelper.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npPandoWebPlugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nppdf32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nppl3260.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npqtplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nprpplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npspwrap.dll

c:\windows\SysWow64\ff\Data\plugins_choice\NPSWF32_11_7_700_169.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npunity3d32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npvlc.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npwinext.dll

c:\windows\SysWow64\ff\Data\plugins_choice\NPWLPG.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npwmsdrm.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npwpf.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npzylomgamesplayer.dll

c:\windows\SysWow64\ff\Data\profile\blocklist.xml

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-08.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-09.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-10.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-11.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-16.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-22.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-23.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-24.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-25.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-28.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-02.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-03.json

c:\windows\SysWow64\ff\Data\profile\bookmarks.html

c:\windows\SysWow64\ff\Data\profile\cert8.db

c:\windows\SysWow64\ff\Data\profile\chromeappsstore.sqlite

c:\windows\SysWow64\ff\Data\profile\compatibility.ini

c:\windows\SysWow64\ff\Data\profile\content-prefs.sqlite

c:\windows\SysWow64\ff\Data\profile\cookies.sqlite-shm

c:\windows\SysWow64\ff\Data\profile\cookies.sqlite-wal

c:\windows\SysWow64\ff\Data\profile\cookies.sqlite

c:\windows\SysWow64\ff\Data\profile\downloads.sqlite

c:\windows\SysWow64\ff\Data\profile\extensions.ini

c:\windows\SysWow64\ff\Data\profile\extensions.sqlite-journal

c:\windows\SysWow64\ff\Data\profile\extensions.sqlite

c:\windows\SysWow64\ff\Data\profile\extensions\firebug@software.joehewitt.com.xpi

c:\windows\SysWow64\ff\Data\profile\extensions\remote-control@morch.com.xpi

c:\windows\SysWow64\ff\Data\profile\firebug\annotations.json

c:\windows\SysWow64\ff\Data\profile\firebug\breakpoints.json

c:\windows\SysWow64\ff\Data\profile\formhistory.sqlite

c:\windows\SysWow64\ff\Data\profile\healthreport.sqlite-shm

c:\windows\SysWow64\ff\Data\profile\healthreport.sqlite-wal

c:\windows\SysWow64\ff\Data\profile\healthreport.sqlite

c:\windows\SysWow64\ff\Data\profile\indexedDB\chrome\.metadata

c:\windows\SysWow64\ff\Data\profile\indexedDB\chrome\idb\2588645841ssegtnti.sqlite

c:\windows\SysWow64\ff\Data\profile\key3.db

c:\windows\SysWow64\ff\Data\profile\localstore-safe.rdf

c:\windows\SysWow64\ff\Data\profile\localstore.rdf

c:\windows\SysWow64\ff\Data\profile\marionette.log

c:\windows\SysWow64\ff\Data\profile\mimeTypes.rdf

c:\windows\SysWow64\ff\Data\profile\minidumps\a98c2742-fa9f-4fe8-a65d-009c3107488f.dmp

c:\windows\SysWow64\ff\Data\profile\OfflineCache\index.sqlite

c:\windows\SysWow64\ff\Data\profile\parent.lock

c:\windows\SysWow64\ff\Data\profile\permissions.sqlite

c:\windows\SysWow64\ff\Data\profile\places.sqlite-shm

c:\windows\SysWow64\ff\Data\profile\places.sqlite-wal

c:\windows\SysWow64\ff\Data\profile\places.sqlite

c:\windows\SysWow64\ff\Data\profile\pluginreg.dat

c:\windows\SysWow64\ff\Data\profile\prefs.js

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.sbstore

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.sbstore

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.sbstore

c:\windows\SysWow64\ff\Data\profile\search-metadata.json

c:\windows\SysWow64\ff\Data\profile\search.json

c:\windows\SysWow64\ff\Data\profile\search.sqlite

c:\windows\SysWow64\ff\Data\profile\secmod.db

c:\windows\SysWow64\ff\Data\profile\signons.sqlite

c:\windows\SysWow64\ff\Data\profile\start.txt

c:\windows\SysWow64\ff\Data\profile\startupCache\startupCache.4.little

c:\windows\SysWow64\ff\Data\profile\Telemetry.FailedProfileLocks.txt

c:\windows\SysWow64\ff\Data\profile\times.json

c:\windows\SysWow64\ff\Data\profile\urlclassifier.pset

c:\windows\SysWow64\ff\Data\profile\urlclassifier3.sqlite

c:\windows\SysWow64\ff\Data\profile\urlclassifierkey3.txt

c:\windows\SysWow64\ff\Data\profile\webapps\webapps.json

c:\windows\SysWow64\ff\Data\profile\webappsstore.sqlite-shm

c:\windows\SysWow64\ff\Data\profile\webappsstore.sqlite-wal

c:\windows\SysWow64\ff\Data\profile\webappsstore.sqlite

c:\windows\SysWow64\ff\Data\settings\FirefoxPortableSettings.ini

c:\windows\SysWow64\ff\FirefoxPortable.exe

c:\windows\SysWow64\ff\Fonts\aaaiight.ttf

c:\windows\SysWow64\ff\Fonts\abusive pencil.ttf

c:\windows\SysWow64\ff\Fonts\Acens.ttf

c:\windows\SysWow64\ff\Fonts\Acidic.TTF

c:\windows\SysWow64\ff\Fonts\adam.ttf

c:\windows\SysWow64\ff\Fonts\adamb.ttf

c:\windows\SysWow64\ff\Fonts\adambital.ttf

c:\windows\SysWow64\ff\Fonts\Aerosol.ttf

c:\windows\SysWow64\ff\Fonts\aggstock.ttf

c:\windows\SysWow64\ff\Fonts\AIFRAGME.TTF

c:\windows\SysWow64\ff\Fonts\AIRSTREA.TTF

c:\windows\SysWow64\ff\Fonts\airstrip.ttf

c:\windows\SysWow64\ff\Fonts\aladdin.ttf

c:\windows\SysWow64\ff\Fonts\Alias.ttf

c:\windows\SysWow64\ff\Fonts\All Star Resort.ttf

c:\windows\SysWow64\ff\Fonts\AlteHaasGroteskBold.ttf

c:\windows\SysWow64\ff\Fonts\Amerdcon.ttf

c:\windows\SysWow64\ff\Fonts\Android Nation.ttf

c:\windows\SysWow64\ff\Fonts\Anime Ace.ttf

c:\windows\SysWow64\ff\Fonts\beaswfte.ttf

c:\windows\SysWow64\ff\Fonts\Blambot Custom.ttf

c:\windows\SysWow64\ff\Fonts\Blambot Pro.ttf

c:\windows\SysWow64\ff\Fonts\city_burn.ttf

c:\windows\SysWow64\ff\Fonts\CNN.ttf

c:\windows\SysWow64\ff\Fonts\Colcothar.ttf

c:\windows\SysWow64\ff\Fonts\Damn Noisy Kids.ttf

c:\windows\SysWow64\ff\Fonts\Daredevil.ttf

c:\windows\SysWow64\ff\Fonts\DENSMORE.TTF

c:\windows\SysWow64\ff\Fonts\desperado.ttf

c:\windows\SysWow64\ff\Fonts\Detectives Inc.ttf

c:\windows\SysWow64\ff\Fonts\detroitghetto.ttf

c:\windows\SysWow64\ff\Fonts\devotion.ttf

c:\windows\SysWow64\ff\Fonts\dirtyheadline.ttf

c:\windows\SysWow64\ff\Fonts\Diskoboll.ttf

c:\windows\SysWow64\ff\Fonts\EARWIGFA.TTF

c:\windows\SysWow64\ff\Fonts\EDITION_.TTF

c:\windows\SysWow64\ff\Fonts\Ellianarelle s Path.ttf

c:\windows\SysWow64\ff\Fonts\EMPIREST.TTF

c:\windows\SysWow64\ff\Fonts\EpoXY_histoRy.ttf

c:\windows\SysWow64\ff\Fonts\ERTHQAKE.TTF

c:\windows\SysWow64\ff\Fonts\esp.ttf

c:\windows\SysWow64\ff\Fonts\EUROSWH.TTF

c:\windows\SysWow64\ff\Fonts\EVITA.TTF

c:\windows\SysWow64\ff\Fonts\FAREAST.TTF

c:\windows\SysWow64\ff\Fonts\fbsbltc.ttf

c:\windows\SysWow64\ff\Fonts\FerroRosso.ttf

c:\windows\SysWow64\ff\Fonts\Fiesta.ttf

c:\windows\SysWow64\ff\Fonts\fight.TTF

c:\windows\SysWow64\ff\Fonts\Findet Nemo.ttf

c:\windows\SysWow64\ff\Fonts\Flat Earth Scribe.ttf

c:\windows\SysWow64\ff\Fonts\friends good.ttf

c:\windows\SysWow64\ff\Fonts\GameCube.ttf

c:\windows\SysWow64\ff\Fonts\Ginga.ttf

c:\windows\SysWow64\ff\Fonts\Godzilla.ttf

c:\windows\SysWow64\ff\Fonts\GothicFlames.ttf

c:\windows\SysWow64\ff\Fonts\gothikka.ttf

c:\windows\SysWow64\ff\Fonts\Graffogie.ttf

c:\windows\SysWow64\ff\Fonts\groening.ttf

c:\windows\SysWow64\ff\Fonts\gyparody.ttf

c:\windows\SysWow64\ff\Fonts\halflife.ttf

c:\windows\SysWow64\ff\Fonts\Halo.ttf

c:\windows\SysWow64\ff\Fonts\HandSean.ttf

c:\windows\SysWow64\ff\Fonts\HARD_ROCK.ttf

c:\windows\SysWow64\ff\Fonts\Hellraiser SC.ttf

c:\windows\SysWow64\ff\Fonts\Hursheys.ttf

c:\windows\SysWow64\ff\Fonts\idiot.ttf

c:\windows\SysWow64\ff\Fonts\Impossible.ttf

c:\windows\SysWow64\ff\Fonts\in_my_head.ttf

c:\windows\SysWow64\ff\Fonts\Indianhotel.ttf

c:\windows\SysWow64\ff\Fonts\jandles.ttf

c:\windows\SysWow64\ff\Fonts\JaneAust.ttf

c:\windows\SysWow64\ff\Fonts\JerseyLetters.ttf

c:\windows\SysWow64\ff\Fonts\JungleRuff.ttf

c:\windows\SysWow64\ff\Fonts\kaileenw.ttf

c:\windows\SysWow64\ff\Fonts\karabine.ttf

c:\windows\SysWow64\ff\Fonts\Karate.ttf

c:\windows\SysWow64\ff\Fonts\Kitten Meat.ttf

c:\windows\SysWow64\ff\Fonts\Kittkat.ttf

c:\windows\SysWow64\ff\Fonts\Laine.TTF

c:\windows\SysWow64\ff\Fonts\Lazy.ttf

c:\windows\SysWow64\ff\Fonts\LEDLIGHT.ttf

c:\windows\SysWow64\ff\Fonts\Legothick.ttf

c:\windows\SysWow64\ff\Fonts\linkin.ttf

c:\windows\SysWow64\ff\Fonts\LinkinPark.ttf

c:\windows\SysWow64\ff\Fonts\lottepaperfang.ttf

c:\windows\SysWow64\ff\Fonts\maksukehoitus.ttf

c:\windows\SysWow64\ff\Fonts\manga_speak.ttf

c:\windows\SysWow64\ff\Fonts\MARK.TTF

c:\windows\SysWow64\ff\Fonts\Marlboc.ttf

c:\windows\SysWow64\ff\Fonts\Marlbow.ttf

c:\windows\SysWow64\ff\Fonts\Megadeth.ttf

c:\windows\SysWow64\ff\Fonts\meresre.ttf

c:\windows\SysWow64\ff\Fonts\morgenstern.ttf

c:\windows\SysWow64\ff\Fonts\N-Gage.ttf

c:\windows\SysWow64\ff\Fonts\NASALIZA.TTF

c:\windows\SysWow64\ff\Fonts\neon2.ttf

c:\windows\SysWow64\ff\Fonts\NEUROTOX.TTF

c:\windows\SysWow64\ff\Fonts\nevis.ttf

c:\windows\SysWow64\ff\Fonts\Orange Fizz.ttf

c:\windows\SysWow64\ff\Fonts\oreos.ttf

c:\windows\SysWow64\ff\Fonts\Origami.ttf

c:\windows\SysWow64\ff\Fonts\PaisleyCaps .ttf

c:\windows\SysWow64\ff\Fonts\Patches.ttf

c:\windows\SysWow64\ff\Fonts\pdark.ttf

c:\windows\SysWow64\ff\Fonts\Phorssa.ttf

c:\windows\SysWow64\ff\Fonts\Planet of the Apes.ttf

c:\windows\SysWow64\ff\Fonts\Playtoy.ttf

c:\windows\SysWow64\ff\Fonts\Pleiades.TTF

c:\windows\SysWow64\ff\Fonts\postoffice.ttf

c:\windows\SysWow64\ff\Fonts\Pozo.ttf

c:\windows\SysWow64\ff\Fonts\Prototype.ttf

c:\windows\SysWow64\ff\Fonts\Prozak.ttf

c:\windows\SysWow64\ff\Fonts\Pyromane.ttf

c:\windows\SysWow64\ff\Fonts\quake.TTF

c:\windows\SysWow64\ff\Fonts\Requiem.ttf

c:\windows\SysWow64\ff\Fonts\Resident Evil Large.ttf

c:\windows\SysWow64\ff\Fonts\retroRockPoster.ttf

c:\windows\SysWow64\ff\Fonts\ribbon.ttf

c:\windows\SysWow64\ff\Fonts\riesling.ttf

c:\windows\SysWow64\ff\Fonts\Rockit.ttf

c:\windows\SysWow64\ff\Fonts\romeo.ttf

c:\windows\SysWow64\ff\Fonts\Rounded.ttf

c:\windows\SysWow64\ff\Fonts\rzrarti.ttf

c:\windows\SysWow64\ff\Fonts\Scream Real.ttf

c:\windows\SysWow64\ff\Fonts\se7en.ttf

c:\windows\SysWow64\ff\Fonts\Searfont.ttf

c:\windows\SysWow64\ff\Fonts\shellhead.ttf

c:\windows\SysWow64\ff\Fonts\Sickness.ttf

c:\windows\SysWow64\ff\Fonts\sidewalk.ttf

c:\windows\SysWow64\ff\Fonts\Sin City.ttf

c:\windows\SysWow64\ff\Fonts\Sliced_Juice.ttf

c:\windows\SysWow64\ff\Fonts\Smallville1.ttf

c:\windows\SysWow64\ff\Fonts\Spirit Medium.ttf

c:\windows\SysWow64\ff\Fonts\splinter2.ttf

c:\windows\SysWow64\ff\Fonts\spongefont.ttf

c:\windows\SysWow64\ff\Fonts\stentiga.ttf

c:\windows\SysWow64\ff\Fonts\TAGSTER.TTF

c:\windows\SysWow64\ff\Fonts\Taste of steel.ttf

c:\windows\SysWow64\ff\Fonts\TERMINAT.TTF

c:\windows\SysWow64\ff\Fonts\the ring.ttf

c:\windows\SysWow64\ff\Fonts\the sixth sense.ttf

c:\windows\SysWow64\ff\Fonts\the_King__26_Queen_font.ttf

c:\windows\SysWow64\ff\Fonts\the_Poison.ttf

c:\windows\SysWow64\ff\Fonts\TheGodFather.ttf

c:\windows\SysWow64\ff\Fonts\tiza.ttf

c:\windows\SysWow64\ff\Fonts\tondo.ttf

c:\windows\SysWow64\ff\Fonts\tron.ttf

c:\windows\SysWow64\ff\Fonts\Trumania.ttf

c:\windows\SysWow64\ff\Fonts\Turok.ttf

c:\windows\SysWow64\ff\Fonts\ultimate MIDNIGHT.ttf

c:\windows\SysWow64\ff\Fonts\Umberto.ttf

c:\windows\SysWow64\ff\Fonts\Unreal.ttf

c:\windows\SysWow64\ff\Fonts\Uptown__.ttf

c:\windows\SysWow64\ff\Fonts\uwch.ttf

c:\windows\SysWow64\ff\Fonts\Vampiress.ttf

c:\windows\SysWow64\ff\Fonts\Varsity.ttf

c:\windows\SysWow64\ff\Fonts\vintage.ttf

c:\windows\SysWow64\ff\Fonts\walk_plank.ttf

c:\windows\SysWow64\ff\Fonts\weezerfont.ttf

c:\windows\SysWow64\ff\Fonts\WillyWonka.ttf

c:\windows\SysWow64\ff\Fonts\Xfiles.ttf

c:\windows\SysWow64\ff\Fonts\Yoshitoshi.ttf

c:\windows\SysWow64\ff\Fonts\Yukon Gold.ttf

c:\windows\SysWow64\ff\Fonts\zerogene.ttf

c:\windows\SysWow64\ff\Other\Help\images\donation_button.png

c:\windows\SysWow64\ff\Other\Help\images\favicon.ico

c:\windows\SysWow64\ff\Other\Help\images\help_background_footer.png

c:\windows\SysWow64\ff\Other\Help\images\help_background_header.png

c:\windows\SysWow64\ff\Other\Help\images\help_logo_top.png

c:\windows\SysWow64\ff\Other\Source\AppSource.txt

c:\windows\SysWow64\ff\Other\Source\CheckForPlatformSplashDisable.nsh

c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.ini

c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.jpg

c:\windows\SysWow64\ff\Other\Source\FirefoxPortableU.nsi

c:\windows\SysWow64\ff\Other\Source\License.txt

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_DUTCH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISHGB.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_FRENCH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_GERMAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_HUNGARIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ITALIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_JAPANESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_KOREAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_POLISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESEBR.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_RUSSIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SIMPCHINESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISHINTERNATIONAL.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_TRADCHINESE.nsh

c:\windows\SysWow64\ff\Other\Source\ReadINIStrWithDefault.nsh

c:\windows\SysWow64\ff\Other\Source\Readme.txt

c:\windows\SysWow64\ff\Other\Source\ReplaceInFileWithTextReplace.nsh

c:\windows\SysWow64\ff\Other\Source\SetFileAttributesDirectoryNormal.nsh

c:\windows\SysWow64\frapsvid.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_WsysSvc

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-11-23 bis 2013-12-23  ))))))))))))))))))))))))))))))

.

.

2013-12-23 13:42 . 2013-12-23 13:44        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-12-22 09:39 . 2013-12-22 09:39        --------        d-----w-        C:\FRST

2013-12-21 19:59 . 2013-12-21 19:59        --------        d-----w-        c:\users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 19:58 . 2013-12-21 19:58        --------        d-----w-        c:\programdata\Malwarebytes

2013-12-21 19:58 . 2013-12-21 19:58        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2013-12-21 19:58 . 2013-04-04 13:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-12-18 15:46 . 2013-12-18 15:46        --------        d-----w-        c:\users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 15:44 . 2013-12-18 15:45        --------        d-----w-        c:\program files (x86)\OpenOffice 4

2013-12-09 20:47 . 2013-12-09 20:57        --------        d--h--w-        c:\windows\SysWow64\FF_BN_2019128

2013-12-08 17:31 . 2013-12-08 17:31        --------        d-----w-        c:\program files (x86)\Common Files\Bitdefender

2013-12-07 15:14 . 2013-12-07 15:14        --------        d-----w-        c:\programdata\regid.1995-08.com.techsmith

2013-12-07 15:14 . 2013-12-07 15:14        --------        d-----w-        c:\program files (x86)\QuickTime

2013-12-07 15:02 . 2013-12-08 01:16        --------        d-----w-        c:\users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-07 14:36 . 2013-12-07 14:36        --------        d-----w-        c:\users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 14:35 . 2013-12-07 14:35        --------        d-----w-        c:\program files (x86)\Bandicam

2013-12-07 14:35 . 2013-12-07 14:35        --------        d-----w-        c:\program files (x86)\BandiMPEG1

2013-12-05 12:23 . 2013-12-05 12:23        --------        d-----w-        c:\program files (x86)\Aeria Games

2013-12-05 11:28 . 2013-12-07 14:33        --------        d-----w-        C:\AeriaGames

2013-11-29 21:44 . 2013-11-29 21:44        --------        d-----w-        c:\program files\McAfee Security Scan

2013-11-28 21:41 . 2013-12-08 01:16        --------        d-----w-        c:\programdata\McAfee Security Scan

2013-11-28 21:41 . 2013-11-28 21:41        --------        d-----w-        c:\programdata\McAfee

2013-11-28 21:39 . 2013-11-28 21:41        --------        d-----w-        c:\users\Mesut\AppData\Local\Adobe

2013-11-28 21:27 . 2013-11-28 21:27        --------        d-----w-        c:\program files (x86)\Cheat Engine 6.3

2013-11-27 19:48 . 2013-11-27 19:48        --------        d-----w-        c:\windows\system32\log

2013-11-27 19:48 . 2013-11-28 13:35        --------        d-----w-        c:\users\Mesut\AppData\Roaming\iSafe

2013-11-27 19:47 . 2013-12-23 13:44        --------        d-----w-        c:\program files (x86)\WinZipper

2013-11-27 19:47 . 2013-12-05 14:13        --------        d-----w-        c:\users\Mesut\AppData\Roaming\WinZipper

2013-11-27 12:06 . 2013-11-27 19:48        --------        d-----w-        c:\program files (x86)\Desk 365

2013-11-27 12:06 . 2013-11-27 12:46        --------        d-----w-        c:\users\Mesut\AppData\Roaming\Desk 365

2013-11-27 12:03 . 2013-11-27 12:03        --------        d-----w-        c:\users\Mesut\.config

2013-11-27 12:03 . 2013-11-27 19:49        --------        d-----w-        c:\users\Mesut\AppData\Local\Oxy

2013-11-27 12:03 . 2013-11-27 12:03        --------        d-----w-        c:\users\Mesut\AppData\Local\Chromium

2013-11-27 12:01 . 2013-11-28 13:33        --------        d-----w-        c:\users\Mesut\AppData\Roaming\Oxy

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-28 21:41 . 2013-08-29 12:10        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-28 21:41 . 2013-08-24 21:01        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-07 10:52 . 2013-11-07 10:52        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{09326DD3-D6DC-4DFE-9AF4-BF364A099A02}\offreg.dll

2013-10-12 14:08 . 2013-07-13 16:11        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-10-12 14:08 . 2013-07-13 16:02        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-10-12 14:07 . 2013-07-13 16:02        281872        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-10-12 14:07 . 2013-07-13 16:02        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2013-10-09 15:17 . 2013-08-11 13:43        139264        ----a-w-        c:\windows\SysWow64\r_unzip.exe

2013-10-08 05:50 . 2013-10-20 10:17        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]

"Akamai NetSession Interface"="c:\users\Mesut\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-21 766208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-10-16 1673680]

"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\bb0e25b2-67ce-4f47-87c0-c6f05db1049e.exe" [2013-11-23 180184]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0sdnclean64.exe

.

R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]

R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

R3 wolf;wolf;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

R4 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 Rent Update;Rent Update;C:/Windows/Rent/Update.exe;C:/Windows/Rent/Update.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 winzipersvc;WinZiper service;c:\program files (x86)\WinZipper\winzipersvc.exe;c:\program files (x86)\WinZipper\winzipersvc.exe [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 10:46        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 13:18]

.

2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 13:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"W7LXE"="c:\users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe" [2010-05-22 28135936]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

ustart page = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

mDefault_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

mDefault_Page_URL = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

mStart Page = hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

uInternet Settings,ProxyOverride = <local>

IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -

Trusted Zone: aeriagames.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)

BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)

BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - c:\program files (x86)\DealPly\DealPlyIE.dll

BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-BattlEye for OA - c:\program files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe

AddRemove-Crossfire Europe - c:\sg interactive\Crossfire Europe\uninst.exe

AddRemove-WinRAR archiver - c:\program files (x86)\WinRAR\uninstall.exe

AddRemove-WsysControl - c:\programdata\eSafe\eGdpSvc.exe

AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe

AddRemove-Zip Opener Packages - c:\users\Mesut\AppData\Roaming\Zip Opener Packages\uninstaller.exe

AddRemove-Zip Opener Packages 72 - c:\users\Mesut\AppData\Roaming\Zip Opener Packages\uninstaller.exe

AddRemove-{2A4641B4-EDDB-46D1-B34B-F93E19A8B3DB} - c:\users\Mesut\AppData\Roaming\Oxy\oxyinst.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rent Update]

"ImagePath"="C:/Windows/Rent/Update.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rent Update]

"ImagePath"="C:/Windows/Rent/Update.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\SecuROM\License information*]

"datasecu"=hex:17,da,a6,e3,92,01,53,db,f8,5c,8b,3b,60,7c,08,98,ac,49,d1,b6,cc,

   39,44,5b,a7,84,3b,5c,d4,6b,42,e5,15,d7,0f,29,9b,4e,1b,b3,91,40,c1,06,12,de,\

"rkeysecu"=hex:91,1c,db,6d,7a,7c,a7,7d,27,17,29,3e,4e,a0,d8,99

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\Rent\Update.exe

c:\windows\Rent\Rent.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-12-23  14:51:38 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-12-23 13:51

.

Vor Suchlauf: 99'169'456'128 bytes free

Nach Suchlauf: 19 Verzeichnis(se), 99'136'040'960 Bytes frei

.

- - End Of File - - F16DB9797B640FB5FEDF4E5CBA399EA9

schrauber

24.12.2013 10:35

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Zerozo

24.12.2013 12:31

Malwarebytes Anti-Malware log

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.12.24.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mesut :: MESUT-PC [Administrator]
 

24.12.2013 10:43:53

MBAM-log-2013-12-24 (11-54-10).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 423163

Laufzeit: 1 Stunde(n), 9 Minute(n), 16 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 10

HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.

HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungswerte: 3

HKCU\SOFTWARE\DealPly|Partner (PUP.Optional.DealPly.A) -> Daten: iron -> Keine Aktion durchgeführt.

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0B1R1N1K2T2Y1K -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\DealPly|ChromeCrxPath (PUP.Optional.DealPly.A) -> Daten: C:\Program Files (x86)\DealPly\DealPly.crx -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 5

HKCU\Software\Microsoft\Internet Explorer\Main|start page (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Keine Aktion durchgeführt.

HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
 

Infizierte Verzeichnisse: 24

C:\Users\Mesut\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\1 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\3 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\35 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\36 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\39 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\4 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\41 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\42 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\components (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_bkg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\sysicons (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Desk 365 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly (PUP.OPtional.Dealply.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
 

Infizierte Dateien: 131

C:\FRST\Hives\ERDNT.EXE (Virus.Ramnit) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Microsoft\DesktopLayer.exe (Malware.Packer) -> Keine Aktion durchgeführt.

C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir (PUP.DealPly) -> Keine Aktion durchgeführt.

C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdate.exe.vir (PUP.Optional.Dealply) -> Keine Aktion durchgeführt.

C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateRun.exe.vir (PUP.Optional.Dealply) -> Keine Aktion durchgeführt.

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\LolClient.exe (Virus.Ramnit) -> Keine Aktion durchgeführt.

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\LolClientSrv.exe (Malware.Packer) -> Keine Aktion durchgeführt.

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe (Virus.Ramnit) -> Keine Aktion durchgeführt.

C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.0.194\deploy\launcher.maestro.dll (Virus.Ramnit) -> Keine Aktion durchgeführt.

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.193\deploy\LoLLauncherSrv.exe (Malware.Packer) -> Keine Aktion durchgeführt.

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.193\deploy\RiotLauncher.dll (Virus.Ramnit) -> Keine Aktion durchgeführt.

C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.4\deploy\launcher.maestro.dll (Virus.Ramnit) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\components\component_libcef_1.1364.1123.exe (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Lavanda2\Lavanda2-64bit.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Lavanda2\Lavanda2.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\PickUp-Bot (Vista & 7).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\PickUp-Bot (XP).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\Spam-Bot (Vista & 7).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\Spam-Bot (XP).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\Switch-Bot (Vista & 7).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\Switch-Bot (XP).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\Tools einstellen (Vista & 7).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\Tools einstellen (XP).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\Upp-Tool (Vista & 7).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Desktop\Neuer Ordner\Upp-Tool (XP).dll (Flooder.SpamBot) -> Keine Aktion durchgeführt.

C:\Users\Mesut\Microsoft\DesktopLayer.exe (Malware.Packer) -> Keine Aktion durchgeführt.

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].exe (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\1\angrybirds.db (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\1\angrybirds.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\3\BigFarm.db (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\3\BigFarm.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\35\Gmail.db (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\35\Gmail.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\36\Outlook.db (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\36\Outlook.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\39\ESPN.db (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\39\ESPN.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\4\Empire.db (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\4\Empire.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\41\gcalendar.db (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\41\gcalendar.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\42\pulse.db (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\app\config\42\pulse.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_1.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_2.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_3.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_4.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_5.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_default.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\337_7c9140b13c049fd26989f7fa25b77cb1_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\angrybirds_00ff92c12703baaf0130d6aec427d047_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Barbie_00a67ff4ef657679a6c88553135d62ad_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\BigFarm_de933b0e5218a4db24bebe3d55ed3558_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\chrome_9fab6c5a6e07607c1ec2f5687b05bd55.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\chrome_9fab6c5a6e07607c1ec2f5687b05bd55_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Empire_22b42f57d1c467841280810e218d5510_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\ESPN_a7b078f5f5f5b87efcef66ab5783cf9d_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Facebook_aab07bc79cf599b25c0110f32d46a3ef_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\gcalendar_50b3e3c5fc202f0cfcae8032b2465c1b_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Gmail_731b6d011bd9f67463a916a496775935_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Google_1eed88936b91d2b6bc341da82c727a8f_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\iexplore_1b111845ef6a2d07a45035321066b8a6.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\iexplore_1b111845ef6a2d07a45035321066b8a6_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Mario_52934d81761dc31187a93a3a0be7fecc_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Outlook_6f817b67fa6af1a9c8abfa3813a8595c_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\oxy_2101539bdd4eae28f6786df1216870b6.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\oxy_2101539bdd4eae28f6786df1216870b6_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\pulse_b5a242da04cc06eacd02b1ca41e3583c_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\sys_computer_20_20.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\sys_computer_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\sys_control_panel_20_20.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\sys_control_panel_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\sys_downloads_20_20.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\sys_my_documents_20_20.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\icons\Youtube_bf18fdfc4aefd6417a8bacae4be5b415_48_48.png (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\337.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\337_7c9140b13c049fd26989f7fa25b77cb1.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\barbie.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\Barbie_00a67ff4ef657679a6c88553135d62ad.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\facebook.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\Facebook_aab07bc79cf599b25c0110f32d46a3ef.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\GameCenter.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\google.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\Google_1eed88936b91d2b6bc341da82c727a8f.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\mario.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\Mario_52934d81761dc31187a93a3a0be7fecc.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\twitter.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\v9.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\youtube.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\promote\Youtube_bf18fdfc4aefd6417a8bacae4be5b415.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\sysicons\0737cc0646562366bf607aa1fa2a03bd_21.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\sysicons\07584c03a5dd11a6104e45e8ad03b3fe_104.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\sysicons\07584c03a5dd11a6104e45e8ad03b3fe_107.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\sysicons\07584c03a5dd11a6104e45e8ad03b3fe_175.ico (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r0.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r1.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r2.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r3.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r4.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r5.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r6.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r7.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r8.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Desk 365\wp\r9.jpg (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Program Files (x86)\Desk 365\recent.xml (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url (PUP.OPtional.Dealply.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url (PUP.OPtional.Dealply.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.

C:\Users\Mesut\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
 

(Ende)

AdwCleaner

Code:

# AdwCleaner v3.016 - Report created 24/12/2013 at 12:08:02

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : Mesut - MESUT-PC

# Running from : C:\Users\Mesut\Downloads\adwcleaner.exe

# Option : Clean
 

***** [ Services ] *****
 

[#] Service Deleted : APNMCP

Service Deleted : winzipersvc
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\AskPartnerNetwork

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper

Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork

Folder Deleted : C:\Program Files (x86)\GreenTree Applications

Folder Deleted : C:\Program Files (x86)\WinZipper

Folder Deleted : C:\Windows\SysWOW64\Searchprotect

Folder Deleted : C:\Users\Mesut\AppData\Local\Oxy

Folder Deleted : C:\Users\Mesut\AppData\Local\thinstall

Folder Deleted : C:\Users\Mesut\AppData\Local\Temp\apn

Folder Deleted : C:\Users\Mesut\AppData\LocalLow\Delta

Folder Deleted : C:\Users\Mesut\AppData\Roaming\DSite

Folder Deleted : C:\Users\Mesut\AppData\Roaming\dvdvideosoftiehelpers

Folder Deleted : C:\Users\Mesut\AppData\Roaming\iSafe

Folder Deleted : C:\Users\Mesut\AppData\Roaming\Oxy

Folder Deleted : C:\Users\Mesut\AppData\Roaming\thinstall

Folder Deleted : C:\Users\Mesut\AppData\Roaming\WinZipper

Folder Deleted : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml

File Deleted : C:\END

File Deleted : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

File Deleted : C:\Windows\System32\Tasks\Dealply

File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

File Deleted : C:\Windows\System32\Tasks\DSite

File Deleted : C:\Windows\System32\Tasks\QtraxPlayer
 

***** [ Shortcuts ] *****
 

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

Shortcut Disinfected : C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\Mesut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Mesut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Mesut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 

***** [ Registry ] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKCU\Software\5d4d9dfb53dec41

Key Deleted : HKLM\SOFTWARE\5d4d9dfb53dec41

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\anchorfree

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AskPartnerNetwork

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\Escolade

Key Deleted : HKCU\Software\OCS

Key Deleted : HKCU\Software\qtrax

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\AskPartnerNetwork

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Desksvc

Key Deleted : HKLM\Software\do-searchSoftware

Key Deleted : HKLM\Software\eSafeSecControl

Key Deleted : HKLM\Software\hdcode

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\V9

Key Deleted : HKLM\Software\winzipersvc

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v9.0.8112.16483
 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 

-\\ Mozilla Firefox v
 

[ File : C:\Users\Mesut\AppData\Roaming\Mozilla\Firefox\Profiles\0w8hec2x.default\prefs.js ]
 
 

-\\ Google Chrome v31.0.1650.63
 

[ File : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [8874 octets] - [24/12/2013 12:06:11]

AdwCleaner[S0].txt - [7435 octets] - [24/12/2013 12:08:02]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7495 octets] ##########

die habe ich auch noch die R0 ist das

Code:

# AdwCleaner v3.016 - Report created 24/12/2013 at 12:06:11

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : Mesut - MESUT-PC

# Running from : C:\Users\Mesut\Downloads\adwcleaner.exe

# Option : Scan
 

***** [ Services ] *****
 

Service Found : APNMCP

Service Found : winzipersvc
 

***** [ Files / Folders ] *****
 

File Found : C:\END

File Found : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

File Found : C:\Windows\System32\Tasks\Dealply

File Found : C:\Windows\System32\Tasks\DealPlyUpdate

File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

File Found : C:\Windows\System32\Tasks\DSite

File Found : C:\Windows\System32\Tasks\QtraxPlayer

Folder Found : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml

Folder Found C:\Program Files (x86)\AskPartnerNetwork

Folder Found C:\Program Files (x86)\GreenTree Applications

Folder Found C:\Program Files (x86)\WinZipper

Folder Found C:\ProgramData\apn

Folder Found C:\ProgramData\AskPartnerNetwork

Folder Found C:\ProgramData\Babylon

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper

Folder Found C:\Users\Mesut\AppData\Local\Oxy

Folder Found C:\Users\Mesut\AppData\Local\Temp\apn

Folder Found C:\Users\Mesut\AppData\Local\thinstall

Folder Found C:\Users\Mesut\AppData\LocalLow\Delta

Folder Found C:\Users\Mesut\AppData\Roaming\DSite

Folder Found C:\Users\Mesut\AppData\Roaming\dvdvideosoftiehelpers

Folder Found C:\Users\Mesut\AppData\Roaming\iSafe

Folder Found C:\Users\Mesut\AppData\Roaming\Oxy

Folder Found C:\Users\Mesut\AppData\Roaming\thinstall

Folder Found C:\Users\Mesut\AppData\Roaming\WinZipper

Folder Found C:\Windows\SysWOW64\Searchprotect
 

***** [ Shortcuts ] *****
 

Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://do-search.com/?type=sc&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239 )

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://do-search.com/?type=sc&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239 )

Shortcut Found : C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://do-search.com/?type=sc&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239 )

Shortcut Found : C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://do-search.com/?type=sc&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239 )

Shortcut Found : C:\Users\Mesut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://do-search.com/?type=sc&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239 )

Shortcut Found : C:\Users\Mesut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://do-search.com/?type=sc&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239 )

Shortcut Found : C:\Users\Mesut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://do-search.com/?type=sc&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239 )
 

***** [ Registry ] *****
 

Key Found : HKCU\Software\5d4d9dfb53dec41

Key Found : HKCU\Software\anchorfree

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AskPartnerNetwork

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\dsiteproducts

Key Found : HKCU\Software\Escolade

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\OCS

Key Found : HKCU\Software\qtrax

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\anchorfree

Key Found : [x64] HKCU\Software\APN PIP

Key Found : [x64] HKCU\Software\AskPartnerNetwork

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\dsiteproducts

Key Found : [x64] HKCU\Software\Escolade

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}

Key Found : [x64] HKCU\Software\OCS

Key Found : [x64] HKCU\Software\qtrax

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\5d4d9dfb53dec41

Key Found : HKLM\Software\AskPartnerNetwork

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Desksvc

Key Found : HKLM\Software\do-searchSoftware

Key Found : HKLM\Software\eSafeSecControl

Key Found : HKLM\Software\hdcode

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\V9

Key Found : HKLM\Software\winzipersvc

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v9.0.8112.16483
 

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://do-search.com/web/?type=ds&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239&q={searchTerms}

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://do-search.com/?type=hp&ts=1385553887&from=mp3&uid=ST160LM000XHM161GI_S24NJX0D200239
 

-\\ Mozilla Firefox v
 

[ File : C:\Users\Mesut\AppData\Roaming\Mozilla\Firefox\Profiles\0w8hec2x.default\prefs.js ]
 
 

-\\ Google Chrome v31.0.1650.63
 

[ File : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [8662 octets] - [24/12/2013 12:06:11]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8722 octets] ##########

JRT.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Enterprise x64

Ran by Mesut on 24.12.2013 at 12:16:18.04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\super_lyrics

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F9547C5F-6649-4212-A019-EB906B4E5F9E}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"

Successfully deleted: [Folder] "C:\Users\Mesut\AppData\Roaming\zip opener packages"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24.12.2013 at 12:24:50.08

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und die FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013

Ran by Mesut (administrator) on MESUT-PC on 24-12-2013 12:29:42

Running from C:\Users\Mesut\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

() C:\Windows\Rent\Rent.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [W7LXE] - C:\Users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe [28135936 2010-05-22] ()

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation)

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\bb0e25b2-67ce-4f47-87c0-c6f05db1049e.exe [180184 2013-11-23] (AVAST Software)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x974FB908CA5ECE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Mesut\AppData\Roaming\Mozilla\Firefox\Profiles\0w8hec2x.default

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mesut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 

Chrome: 

=======

CHR HomePage: hxxp://google.de/

CHR RestoreOnStartup: "hxxp://www.youtube.com/watch?v=ozbAKHE-xQs", "hxxp://www.wizardhax.com/2013/12/15/minecraft-1-7-2-1-7-4-hacked-client-nodus-proper-update-download/", "https://www.google.de/"

CHR DefaultSearchKeyword: youtube.com

CHR DefaultSearchProvider: YouTube-Videosuche

CHR DefaultSearchURL: hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch

CHR DefaultNewTabURL: 

CHR Extension: (New Tab) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0

CHR Extension: (AdBlock) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (Twitch.tv Europe Lag Fix) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoehmlkhjgaboegkondkciclminpjof\2.0_0

CHR Extension: (Steam Theme) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0

CHR Extension: (Google Wallet) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx

CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx
 

==================== Services (Whitelisted) =================
 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-21] (Advanced Micro Devices, Inc.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()

S2 Rent Update; C:/Windows/Rent/Update.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [34816 2013-06-19] (Advanced Micro Devices)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)

S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-24 12:29 - 2013-12-24 12:29 - 00013188 _____ C:\Users\Mesut\Downloads\FRST.txt

2013-12-24 12:29 - 2013-12-24 12:29 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-24 12:24 - 2013-12-24 12:24 - 00001389 _____ C:\Users\Mesut\Desktop\JRT.txt

2013-12-24 12:23 - 2013-12-24 12:24 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_122770

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-24 12:13 - 2013-12-24 12:14 - 01034531 _____ (Thisisu) C:\Users\Mesut\Downloads\JRT.exe

2013-12-24 12:05 - 2013-12-24 12:08 - 00000000 ____D C:\AdwCleaner

2013-12-24 12:05 - 2013-12-24 12:05 - 01233962 _____ C:\Users\Mesut\Downloads\adwcleaner.exe

2013-12-24 10:59 - 2013-12-24 10:59 - 00000000 ___HD C:\Users\Mesut\Desktop\.updtmp

2013-12-24 10:47 - 2013-12-24 10:48 - 07549839 _____ C:\Users\Mesut\Downloads\npp.6.5.2.Installer.exe

2013-12-23 15:06 - 2013-12-23 15:07 - 00000000 ___HD C:\Windows\SysWOW64\FF

2013-12-23 14:51 - 2013-12-23 14:51 - 00042873 _____ C:\ComboFix.txt

2013-12-23 14:25 - 2013-12-23 14:51 - 00000000 ____D C:\Qoobox

2013-12-23 14:25 - 2013-12-23 14:50 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-23 14:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-23 14:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-23 14:24 - 2013-12-23 14:24 - 05156441 ____R (Swearware) C:\Users\Mesut\Desktop\ComboFix.exe

2013-12-22 10:40 - 2013-12-22 10:42 - 00015770 _____ C:\Users\Mesut\Downloads\Addition.txt

2013-12-22 10:39 - 2013-12-24 12:29 - 00000000 ____D C:\FRST

2013-12-22 10:38 - 2013-12-24 12:29 - 01928604 _____ (Farbar) C:\Users\Mesut\Downloads\FRST64.exe

2013-12-22 10:27 - 2013-12-24 12:09 - 00000336 _____ C:\Windows\setupact.log

2013-12-22 10:27 - 2013-12-24 11:59 - 00045242 _____ C:\Windows\PFRO.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 22:15 - 2013-12-21 22:15 - 00004526 _____ C:\Users\Mesut\Downloads\log 1.zip

2013-12-21 22:12 - 2013-12-21 22:12 - 00004526 _____ C:\Users\Mesut\Desktop\log 1.zip

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 20:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-21 20:56 - 2013-12-21 20:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-20 22:53 - 2013-12-20 22:53 - 06933154 _____ C:\Users\Mesut\Downloads\Nodus1.7.2MCP.zip

2013-12-20 22:47 - 2013-12-20 22:47 - 04659751 _____ C:\Users\Mesut\Downloads\KinkyUpdate.rar

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:44 - 2013-12-18 16:45 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-18 16:39 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-18 16:30 - 2013-12-18 16:30 - 00614784 _____ C:\Users\Mesut\Downloads\OpenOffice - CHIP-Downloader.exe

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-10 18:13 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-09 21:47 - 2013-12-09 21:57 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:55 - 2013-12-08 22:58 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:23 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 18:31 - 2013-12-08 18:31 - 05701712 _____ C:\Users\Mesut\Downloads\bitdefender_14isecurity.exe

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 16:02 - 2013-12-08 02:16 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-07 15:36 - 2013-12-07 20:12 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-05 13:32 - 2013-12-07 15:33 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 12:28 - 2013-12-07 15:33 - 00000000 ____D C:\AeriaGames

2013-12-03 18:49 - 2013-12-03 18:49 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-01 01:06 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Downloads\Feuergrun_v3

2013-11-29 22:44 - 2013-11-29 22:44 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-11-29 22:44 - 2013-11-29 22:44 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-11-28 22:41 - 2013-12-08 02:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-11-28 22:41 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee

2013-11-28 22:39 - 2013-11-28 22:41 - 00000000 ____D C:\Users\Mesut\AppData\Local\Adobe

2013-11-28 22:27 - 2013-11-28 22:27 - 00001089 _____ C:\Users\Mesut\Desktop\Cheat Engine.lnk

2013-11-28 22:27 - 2013-11-28 22:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3

2013-11-28 18:36 - 2013-11-28 18:39 - 00000000 ____D C:\Users\Mesut\Downloads\Unleashed

2013-11-28 14:36 - 2013-11-28 14:38 - 00000085 _____ C:\Windows\wininit.ini

2013-11-27 20:48 - 2013-11-27 20:48 - 00000000 ____D C:\Windows\system32\log

2013-11-27 13:03 - 2013-11-27 13:03 - 00003538 _____ C:\Windows\System32\Tasks\RunAsStdUser Task

2013-11-27 13:03 - 2013-11-27 13:03 - 00000000 ____D C:\Users\Mesut\AppData\Local\Chromium

2013-11-25 16:38 - 2013-11-25 16:38 - 00000680 __RSH C:\Users\Mesut\ntuser.pol
 

==================== One Month Modified Files and Folders =======
 

2013-12-24 12:30 - 2013-12-24 12:29 - 00013188 _____ C:\Users\Mesut\Downloads\FRST.txt

2013-12-24 12:29 - 2013-12-24 12:29 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-24 12:29 - 2013-12-22 10:39 - 00000000 ____D C:\FRST

2013-12-24 12:29 - 2013-12-22 10:38 - 01928604 _____ (Farbar) C:\Users\Mesut\Downloads\FRST64.exe

2013-12-24 12:24 - 2013-12-24 12:24 - 00001389 _____ C:\Users\Mesut\Desktop\JRT.txt

2013-12-24 12:24 - 2013-12-24 12:23 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_122770

2013-12-24 12:17 - 2013-06-11 15:28 - 00000000 ____D C:\Program Files (x86)\Steam

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-24 12:14 - 2013-12-24 12:13 - 01034531 _____ (Thisisu) C:\Users\Mesut\Downloads\JRT.exe

2013-12-24 12:14 - 2013-10-04 17:53 - 00000000 ____D C:\Users\Mesut\AppData\Local\LogMeIn Hamachi

2013-12-24 12:14 - 2013-06-01 14:24 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Skype

2013-12-24 12:12 - 2013-09-24 21:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-24 12:10 - 2013-06-01 14:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-24 12:09 - 2013-12-22 10:27 - 00000336 _____ C:\Windows\setupact.log

2013-12-24 12:09 - 2013-06-01 13:37 - 00000000 ____D C:\ProgramData\NVIDIA

2013-12-24 12:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-24 12:08 - 2013-12-24 12:05 - 00000000 ____D C:\AdwCleaner

2013-12-24 12:08 - 2013-06-01 16:49 - 00000989 _____ C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2013-12-24 12:08 - 2013-06-01 16:46 - 01259538 _____ C:\Windows\WindowsUpdate.log

2013-12-24 12:08 - 2013-06-01 14:19 - 00001282 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-24 12:08 - 2009-07-14 05:45 - 00019296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-24 12:08 - 2009-07-14 05:45 - 00019296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-24 12:05 - 2013-12-24 12:05 - 01233962 _____ C:\Users\Mesut\Downloads\adwcleaner.exe

2013-12-24 11:59 - 2013-12-22 10:27 - 00045242 _____ C:\Windows\PFRO.log

2013-12-24 11:55 - 2013-11-22 17:14 - 00000000 ____D C:\Users\Mesut\Desktop\Lavanda2

2013-12-24 11:55 - 2013-07-07 14:19 - 00000000 ____D C:\Users\Mesut\Desktop\Neuer Ordner

2013-12-24 11:51 - 2013-06-01 14:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-24 10:59 - 2013-12-24 10:59 - 00000000 ___HD C:\Users\Mesut\Desktop\.updtmp

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Notepad++

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-12-24 10:48 - 2013-12-24 10:47 - 07549839 _____ C:\Users\Mesut\Downloads\npp.6.5.2.Installer.exe

2013-12-24 00:52 - 2013-09-26 17:31 - 00000000 ____D C:\Users\Mesut\AppData\Local\PMB Files

2013-12-23 23:21 - 2013-08-23 18:26 - 00000000 ____D C:\Users\Mesut\AppData\Local\CrashDumps

2013-12-23 21:11 - 2013-09-26 17:27 - 00000000 ____D C:\ProgramData\PMB Files

2013-12-23 15:07 - 2013-12-23 15:06 - 00000000 ___HD C:\Windows\SysWOW64\FF

2013-12-23 15:02 - 2013-08-11 14:43 - 00139264 _____ C:\Windows\SysWOW64\r_unzip.exe

2013-12-23 14:51 - 2013-12-23 14:51 - 00042873 _____ C:\ComboFix.txt

2013-12-23 14:51 - 2013-12-23 14:25 - 00000000 ____D C:\Qoobox

2013-12-23 14:51 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default

2013-12-23 14:50 - 2013-12-23 14:25 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:45 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini

2013-12-23 14:43 - 2009-07-14 03:34 - 57409536 _____ C:\Windows\system32\config\software.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 15466496 _____ C:\Windows\system32\config\system.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak

2013-12-23 14:24 - 2013-12-23 14:24 - 05156441 ____R (Swearware) C:\Users\Mesut\Desktop\ComboFix.exe

2013-12-22 10:42 - 2013-12-22 10:40 - 00015770 _____ C:\Users\Mesut\Downloads\Addition.txt

2013-12-22 10:40 - 2013-07-23 11:46 - 00000000 ____D C:\Users\Mesut\Desktop\samet

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 22:15 - 2013-12-21 22:15 - 00004526 _____ C:\Users\Mesut\Downloads\log 1.zip

2013-12-21 22:12 - 2013-12-21 22:12 - 00004526 _____ C:\Users\Mesut\Desktop\log 1.zip

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 20:57 - 2013-12-21 20:56 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-21 20:37 - 2013-08-31 15:26 - 00000000 ____D C:\Windows\pss

2013-12-21 20:24 - 2013-12-18 16:39 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-21 20:24 - 2013-12-01 01:06 - 00000000 ____D C:\Users\Mesut\Downloads\Feuergrun_v3

2013-12-21 20:24 - 2013-07-03 21:24 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO

2013-12-21 17:38 - 2013-06-11 19:00 - 00000730 _____ C:\Users\Mesut\Desktop\Neues Textdokument (2).txt

2013-12-20 22:58 - 2013-10-28 13:58 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.minecraft

2013-12-20 22:53 - 2013-12-20 22:53 - 06933154 _____ C:\Users\Mesut\Downloads\Nodus1.7.2MCP.zip

2013-12-20 22:47 - 2013-12-20 22:47 - 04659751 _____ C:\Users\Mesut\Downloads\KinkyUpdate.rar

2013-12-20 22:26 - 2013-08-31 18:06 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.technic

2013-12-20 22:22 - 2013-08-31 18:05 - 02303908 _____ () C:\Users\Mesut\Desktop\TechnicLauncher.exe

2013-12-20 19:15 - 2013-06-01 15:49 - 00694672 _____ C:\Windows\system32\perfh007.dat

2013-12-20 19:15 - 2013-06-01 15:49 - 00147796 _____ C:\Windows\system32\perfc007.dat

2013-12-20 19:15 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-20 16:13 - 2013-06-01 14:17 - 00064024 _____ C:\Users\Mesut\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-19 15:02 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:45 - 2013-12-18 16:44 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-18 16:30 - 2013-12-18 16:30 - 00614784 _____ C:\Users\Mesut\Downloads\OpenOffice - CHIP-Downloader.exe

2013-12-13 20:58 - 2013-06-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-12 16:32 - 2013-06-01 21:31 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\TS3Client

2013-12-09 21:57 - 2013-12-09 21:47 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:58 - 2013-12-08 22:55 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:24 - 2013-12-10 18:13 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 22:24 - 2013-12-08 22:23 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 19:16 - 2013-11-04 17:16 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Mozilla

2013-12-08 18:31 - 2013-12-08 18:31 - 05701712 _____ C:\Users\Mesut\Downloads\bitdefender_14isecurity.exe

2013-12-08 02:16 - 2013-12-07 16:02 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-08 02:16 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-12-08 02:16 - 2013-08-23 00:33 - 00000000 ____D C:\ProgramData\TechSmith

2013-12-08 02:16 - 2013-08-11 14:42 - 00000000 ____D C:\Windows\Rent

2013-12-08 02:16 - 2013-07-22 17:59 - 00000000 ____D C:\Users\Mesut\AppData\Local\Akamai

2013-12-08 02:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2013-12-08 02:15 - 2013-08-23 00:33 - 00000000 ____D C:\Program Files (x86)\TechSmith

2013-12-07 23:26 - 2013-11-12 16:20 - 00000000 ____D C:\Users\Mesut\Desktop\Planungen

2013-12-07 22:46 - 2013-06-01 14:18 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-07 22:46 - 2013-06-01 14:18 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-07 20:12 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 17:18 - 2013-06-01 16:49 - 00000000 ____D C:\Users\Mesut

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-07 15:33 - 2013-12-05 13:32 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-07 15:33 - 2013-12-05 12:28 - 00000000 ____D C:\AeriaGames

2013-12-07 00:13 - 2013-09-11 16:52 - 00000755 _____ C:\Users\Mesut\Desktop\serial.txt

2013-12-07 00:13 - 2013-09-11 16:52 - 00000002 _____ C:\Users\Mesut\Desktop\myFile.txt

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 11:41 - 2013-06-04 14:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-12-03 18:49 - 2013-12-03 18:49 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-03 18:33 - 2013-06-01 14:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-01 12:21 - 2013-11-06 19:22 - 00000000 ____D C:\Program Files (x86)\Skype

2013-12-01 12:21 - 2013-06-01 14:24 - 00000000 ____D C:\ProgramData\Skype

2013-12-01 12:10 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-11-29 22:44 - 2013-11-29 22:44 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-11-29 22:44 - 2013-11-29 22:44 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-11-29 01:03 - 2013-07-26 23:03 - 00000111 _____ C:\Users\Mesut\AppData\Roaming\WB.CFG

2013-11-29 01:03 - 2013-07-24 00:03 - 00000006 _____ C:\Users\Mesut\AppData\Roaming\WBPU-TTL.DAT

2013-11-28 22:41 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee

2013-11-28 22:41 - 2013-11-28 22:39 - 00000000 ____D C:\Users\Mesut\AppData\Local\Adobe

2013-11-28 22:41 - 2013-08-29 13:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-11-28 22:41 - 2013-08-24 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-28 22:27 - 2013-11-28 22:27 - 00001089 _____ C:\Users\Mesut\Desktop\Cheat Engine.lnk

2013-11-28 22:27 - 2013-11-28 22:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3

2013-11-28 19:02 - 2013-11-18 18:12 - 00217600 _____ C:\Users\Mesut\Desktop\jacob-1.17-M2-x64.dll

2013-11-28 18:39 - 2013-11-28 18:36 - 00000000 ____D C:\Users\Mesut\Downloads\Unleashed

2013-11-28 15:05 - 2013-06-01 16:49 - 00000000 ____D C:\Users\Mesut\AppData\Local\VirtualStore

2013-11-28 14:38 - 2013-11-28 14:36 - 00000085 _____ C:\Windows\wininit.ini

2013-11-27 20:49 - 2013-06-01 16:49 - 00000000 ___RD C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-27 20:48 - 2013-11-27 20:48 - 00000000 ____D C:\Windows\system32\log

2013-11-27 13:03 - 2013-11-27 13:03 - 00003538 _____ C:\Windows\System32\Tasks\RunAsStdUser Task

2013-11-27 13:03 - 2013-11-27 13:03 - 00000000 ____D C:\Users\Mesut\AppData\Local\Chromium

2013-11-25 16:46 - 2013-06-01 14:24 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk

2013-11-25 16:38 - 2013-11-25 16:38 - 00000680 __RSH C:\Users\Mesut\ntuser.pol

2013-11-25 16:38 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
 

Some content of TEMP:

====================

C:\Users\Mesut\AppData\Local\Temp\Quarantine.exe

C:\Users\Mesut\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-11-30 14:29
 

==================== End Of Log ============================

--- --- ---

--- --- ---

hat nix gebracht es öffnet sich immernoch und firefox lässt sich nicht deinstallieren muss ich jetzt mein system neuaufsetzten? ich hoffe nicht XD

schrauber

24.12.2013 16:23

Zitat:

und firefox lässt sich nicht deinstallieren

Das kann ich fast nicht glauben. was genau passiert?

Zerozo

24.12.2013 16:28

also wen man es deinstallieren will per Systemsteuerung\Alle Systemsteuerungselemente\Programme und Funktionen steht da kein firefox drin ist das ist echt komisch und wen ich den ornder lösche ist er nach 4 min wd ;(

schrauber

25.12.2013 14:40

Schau mal bitte mit Revo Uninstaller ob Firefox drin steht.

Zerozo

25.12.2013 17:47

firefox steht da nicht drin

schrauber

26.12.2013 14:35

Öffne bitte FRST, setz nen Haken bei Additional und scanne, poste bitte beide Logfiles.

Zerozo

26.12.2013 14:41

FRST
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013

Ran by Mesut (administrator) on MESUT-PC on 26-12-2013 14:37:34

Running from C:\Users\Mesut\Downloads\FRST-OlderVersion

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Windows\Rent\Update.exe

() C:\Windows\Rent\Rent.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

() C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

() C:\Users\Mesut\Desktop\SAMP\rgn_ac_gta.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [W7LXE] - C:\Users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe [28135936 2010-05-22] ()

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation)

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\bb0e25b2-67ce-4f47-87c0-c6f05db1049e.exe [180184 2013-11-23] (AVAST Software)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x974FB908CA5ECE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Mesut\AppData\Roaming\Mozilla\Firefox\Profiles\0w8hec2x.default

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mesut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 

Chrome: 

=======

CHR HomePage: hxxp://google.de/

CHR RestoreOnStartup: "https://www.google.de/"

CHR DefaultSearchKeyword: youtube.com

CHR DefaultSearchProvider: YouTube-Videosuche

CHR DefaultSearchURL: hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch

CHR DefaultNewTabURL: 

CHR Extension: (New Tab) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0

CHR Extension: (AdBlock) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (Twitch.tv Europe Lag Fix) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoehmlkhjgaboegkondkciclminpjof\2.0_0

CHR Extension: (Steam Theme) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0

CHR Extension: (Google Wallet) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx

CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx
 

==================== Services (Whitelisted) =================
 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-21] (Advanced Micro Devices, Inc.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()

R2 Rent Update; C:/Windows/Rent/Update.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [34816 2013-06-19] (Advanced Micro Devices)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)

S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-25 23:04 - 2013-12-25 23:04 - 03684312 _____ C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

2013-12-25 23:03 - 2013-12-25 23:11 - 00000000 ____D C:\Users\Mesut\Desktop\SAMP

2013-12-25 23:01 - 2013-12-25 23:02 - 12022145 _____ C:\Users\Mesut\Downloads\sa-mp-0.3x-R1-2-install.exe

2013-12-25 22:32 - 2013-12-25 22:32 - 00000000 ___HD C:\Users\Mesut\Desktop\.updtmp

2013-12-25 20:29 - 2013-12-25 23:09 - 00000000 ____D C:\Users\Mesut\Documents\GTA San Andreas User Files

2013-12-25 20:29 - 2013-12-25 20:29 - 00002124 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk

2013-12-25 20:27 - 2013-12-25 20:27 - 00000000 ____D C:\ProgramData\MTA San Andreas All

2013-12-25 20:19 - 2013-03-04 01:46 - 00000000 ____D C:\Users\Mesut\Desktop\mta

2013-12-25 19:47 - 2013-12-25 20:18 - 944711399 _____ C:\Users\Mesut\Downloads\GTA+San+Andreas+by+TheSaazZzzz.zip

2013-12-25 19:46 - 2013-12-25 19:46 - 01977432 _____ C:\Users\Mesut\Downloads\winrar-x64-501.exe

2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-24 16:03 - 2013-12-24 16:03 - 00313624 _____ C:\Users\Mesut\Downloads\ideas1040 (1).zip

2013-12-24 16:01 - 2013-12-24 16:02 - 00313624 _____ C:\Users\Mesut\Downloads\ideas1040 (2).zip

2013-12-24 14:57 - 2013-12-24 14:57 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-24 14:44 - 2013-12-24 14:44 - 00000000 ____D C:\Riot Games

2013-12-24 12:29 - 2013-12-26 14:37 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-24 12:05 - 2013-12-24 12:08 - 00000000 ____D C:\AdwCleaner

2013-12-23 15:06 - 2013-12-23 15:07 - 00000000 ___HD C:\Windows\SysWOW64\FF

2013-12-23 14:51 - 2013-12-23 14:51 - 00042873 _____ C:\ComboFix.txt

2013-12-23 14:25 - 2013-12-23 14:51 - 00000000 ____D C:\Qoobox

2013-12-23 14:25 - 2013-12-23 14:50 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-23 14:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-23 14:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-22 10:39 - 2013-12-26 14:37 - 00000000 ____D C:\FRST

2013-12-22 10:27 - 2013-12-26 13:08 - 00045594 _____ C:\Windows\PFRO.log

2013-12-22 10:27 - 2013-12-26 13:08 - 00000448 _____ C:\Windows\setupact.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 20:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:44 - 2013-12-18 16:45 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-18 16:39 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-10 18:13 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-09 21:47 - 2013-12-09 21:57 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:55 - 2013-12-08 22:58 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:23 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 16:02 - 2013-12-08 02:16 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-07 15:36 - 2013-12-07 20:12 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-05 13:32 - 2013-12-07 15:33 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 12:28 - 2013-12-07 15:33 - 00000000 ____D C:\AeriaGames

2013-12-01 01:06 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Downloads\Feuergrun_v3

2013-11-29 22:44 - 2013-11-29 22:44 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-11-29 22:44 - 2013-11-29 22:44 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-11-28 22:41 - 2013-12-08 02:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-11-28 22:41 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee

2013-11-28 22:39 - 2013-11-28 22:41 - 00000000 ____D C:\Users\Mesut\AppData\Local\Adobe

2013-11-28 22:27 - 2013-11-28 22:27 - 00001089 _____ C:\Users\Mesut\Desktop\Cheat Engine.lnk

2013-11-28 22:27 - 2013-11-28 22:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3

2013-11-28 18:36 - 2013-11-28 18:39 - 00000000 ____D C:\Users\Mesut\Downloads\Unleashed

2013-11-28 14:36 - 2013-11-28 14:38 - 00000085 _____ C:\Windows\wininit.ini

2013-11-27 20:48 - 2013-11-27 20:48 - 00000000 ____D C:\Windows\system32\log

2013-11-27 13:03 - 2013-11-27 13:03 - 00003538 _____ C:\Windows\System32\Tasks\RunAsStdUser Task

2013-11-27 13:03 - 2013-11-27 13:03 - 00000000 ____D C:\Users\Mesut\AppData\Local\Chromium
 

==================== One Month Modified Files and Folders =======
 

2013-12-26 14:37 - 2013-12-24 12:29 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-26 14:37 - 2013-12-22 10:39 - 00000000 ____D C:\FRST

2013-12-26 14:14 - 2013-06-01 14:24 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Skype

2013-12-26 13:51 - 2013-06-01 14:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-26 13:26 - 2009-07-14 05:45 - 00019296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-26 13:26 - 2009-07-14 05:45 - 00019296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-26 13:17 - 2013-06-01 16:46 - 01295734 _____ C:\Windows\WindowsUpdate.log

2013-12-26 13:15 - 2013-06-11 15:28 - 00000000 ____D C:\Program Files (x86)\Steam

2013-12-26 13:13 - 2013-10-04 17:53 - 00000000 ____D C:\Users\Mesut\AppData\Local\LogMeIn Hamachi

2013-12-26 13:12 - 2013-06-01 14:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-26 13:08 - 2013-12-22 10:27 - 00045594 _____ C:\Windows\PFRO.log

2013-12-26 13:08 - 2013-12-22 10:27 - 00000448 _____ C:\Windows\setupact.log

2013-12-26 13:08 - 2013-06-01 13:37 - 00000000 ____D C:\ProgramData\NVIDIA

2013-12-26 13:08 - 2013-06-01 13:07 - 00000000 ____D C:\Program Files\WinRAR

2013-12-26 13:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-26 01:06 - 2013-07-13 14:35 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-12-25 23:11 - 2013-12-25 23:03 - 00000000 ____D C:\Users\Mesut\Desktop\SAMP

2013-12-25 23:09 - 2013-12-25 20:29 - 00000000 ____D C:\Users\Mesut\Documents\GTA San Andreas User Files

2013-12-25 23:04 - 2013-12-25 23:04 - 03684312 _____ C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

2013-12-25 23:02 - 2013-12-25 23:01 - 12022145 _____ C:\Users\Mesut\Downloads\sa-mp-0.3x-R1-2-install.exe

2013-12-25 22:32 - 2013-12-25 22:32 - 00000000 ___HD C:\Users\Mesut\Desktop\.updtmp

2013-12-25 20:29 - 2013-12-25 20:29 - 00002124 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk

2013-12-25 20:28 - 2013-06-06 09:46 - 00000000 ____D C:\Program Files (x86)\MTA San Andreas 1.3

2013-12-25 20:27 - 2013-12-25 20:27 - 00000000 ____D C:\ProgramData\MTA San Andreas All

2013-12-25 20:18 - 2013-12-25 19:47 - 944711399 _____ C:\Users\Mesut\Downloads\GTA+San+Andreas+by+TheSaazZzzz.zip

2013-12-25 19:47 - 2013-06-01 13:08 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-12-25 19:46 - 2013-12-25 19:46 - 01977432 _____ C:\Users\Mesut\Downloads\winrar-x64-501.exe

2013-12-25 18:54 - 2013-06-01 14:24 - 00000000 ____D C:\ProgramData\Skype

2013-12-25 18:53 - 2013-06-01 14:24 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk

2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-25 13:55 - 2013-09-24 21:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-24 18:29 - 2013-09-26 17:31 - 00000000 ____D C:\Users\Mesut\AppData\Local\PMB Files

2013-12-24 18:29 - 2013-09-26 17:27 - 00000000 ____D C:\ProgramData\PMB Files

2013-12-24 18:28 - 2013-06-01 21:31 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\TS3Client

2013-12-24 16:03 - 2013-12-24 16:03 - 00313624 _____ C:\Users\Mesut\Downloads\ideas1040 (1).zip

2013-12-24 16:02 - 2013-12-24 16:01 - 00313624 _____ C:\Users\Mesut\Downloads\ideas1040 (2).zip

2013-12-24 14:57 - 2013-12-24 14:57 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-24 14:44 - 2013-12-24 14:44 - 00000000 ____D C:\Riot Games

2013-12-24 14:44 - 2013-06-01 14:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-24 12:08 - 2013-12-24 12:05 - 00000000 ____D C:\AdwCleaner

2013-12-24 12:08 - 2013-06-01 16:49 - 00000989 _____ C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2013-12-24 12:08 - 2013-06-01 14:19 - 00001282 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-24 11:55 - 2013-11-22 17:14 - 00000000 ____D C:\Users\Mesut\Desktop\Lavanda2

2013-12-24 11:55 - 2013-07-07 14:19 - 00000000 ____D C:\Users\Mesut\Desktop\Neuer Ordner

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Notepad++

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-12-23 23:21 - 2013-08-23 18:26 - 00000000 ____D C:\Users\Mesut\AppData\Local\CrashDumps

2013-12-23 15:07 - 2013-12-23 15:06 - 00000000 ___HD C:\Windows\SysWOW64\FF

2013-12-23 15:02 - 2013-08-11 14:43 - 00139264 _____ C:\Windows\SysWOW64\r_unzip.exe

2013-12-23 14:51 - 2013-12-23 14:51 - 00042873 _____ C:\ComboFix.txt

2013-12-23 14:51 - 2013-12-23 14:25 - 00000000 ____D C:\Qoobox

2013-12-23 14:51 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default

2013-12-23 14:50 - 2013-12-23 14:25 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:45 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini

2013-12-23 14:43 - 2009-07-14 03:34 - 57409536 _____ C:\Windows\system32\config\software.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 15466496 _____ C:\Windows\system32\config\system.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak

2013-12-22 10:40 - 2013-07-23 11:46 - 00000000 ____D C:\Users\Mesut\Desktop\samet

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 20:37 - 2013-08-31 15:26 - 00000000 ____D C:\Windows\pss

2013-12-21 20:24 - 2013-12-18 16:39 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-21 20:24 - 2013-12-01 01:06 - 00000000 ____D C:\Users\Mesut\Downloads\Feuergrun_v3

2013-12-21 20:24 - 2013-07-03 21:24 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO

2013-12-21 17:38 - 2013-06-11 19:00 - 00000730 _____ C:\Users\Mesut\Desktop\Neues Textdokument (2).txt

2013-12-20 22:58 - 2013-10-28 13:58 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.minecraft

2013-12-20 22:26 - 2013-08-31 18:06 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.technic

2013-12-20 22:22 - 2013-08-31 18:05 - 02303908 _____ () C:\Users\Mesut\Desktop\TechnicLauncher.exe

2013-12-20 19:15 - 2013-06-01 15:49 - 00694672 _____ C:\Windows\system32\perfh007.dat

2013-12-20 19:15 - 2013-06-01 15:49 - 00147796 _____ C:\Windows\system32\perfc007.dat

2013-12-20 19:15 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-20 16:13 - 2013-06-01 14:17 - 00064024 _____ C:\Users\Mesut\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-19 15:02 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:45 - 2013-12-18 16:44 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-13 20:58 - 2013-06-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-09 21:57 - 2013-12-09 21:47 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:58 - 2013-12-08 22:55 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:24 - 2013-12-10 18:13 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 22:24 - 2013-12-08 22:23 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 19:16 - 2013-11-04 17:16 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Mozilla

2013-12-08 02:16 - 2013-12-07 16:02 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-08 02:16 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-12-08 02:16 - 2013-08-23 00:33 - 00000000 ____D C:\ProgramData\TechSmith

2013-12-08 02:16 - 2013-08-11 14:42 - 00000000 ____D C:\Windows\Rent

2013-12-08 02:16 - 2013-07-22 17:59 - 00000000 ____D C:\Users\Mesut\AppData\Local\Akamai

2013-12-08 02:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2013-12-08 02:15 - 2013-08-23 00:33 - 00000000 ____D C:\Program Files (x86)\TechSmith

2013-12-07 23:26 - 2013-11-12 16:20 - 00000000 ____D C:\Users\Mesut\Desktop\Planungen

2013-12-07 22:46 - 2013-06-01 14:18 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-07 22:46 - 2013-06-01 14:18 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-07 20:12 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 17:18 - 2013-06-01 16:49 - 00000000 ____D C:\Users\Mesut

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-07 15:33 - 2013-12-05 13:32 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-07 15:33 - 2013-12-05 12:28 - 00000000 ____D C:\AeriaGames

2013-12-07 00:13 - 2013-09-11 16:52 - 00000755 _____ C:\Users\Mesut\Desktop\serial.txt

2013-12-07 00:13 - 2013-09-11 16:52 - 00000002 _____ C:\Users\Mesut\Desktop\myFile.txt

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 11:41 - 2013-06-04 14:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-12-01 12:21 - 2013-11-06 19:22 - 00000000 ____D C:\Program Files (x86)\Skype

2013-12-01 12:10 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-11-29 22:44 - 2013-11-29 22:44 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-11-29 22:44 - 2013-11-29 22:44 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-11-29 01:03 - 2013-07-26 23:03 - 00000111 _____ C:\Users\Mesut\AppData\Roaming\WB.CFG

2013-11-29 01:03 - 2013-07-24 00:03 - 00000006 _____ C:\Users\Mesut\AppData\Roaming\WBPU-TTL.DAT

2013-11-28 22:41 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee

2013-11-28 22:41 - 2013-11-28 22:39 - 00000000 ____D C:\Users\Mesut\AppData\Local\Adobe

2013-11-28 22:41 - 2013-08-29 13:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-11-28 22:41 - 2013-08-24 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-28 22:27 - 2013-11-28 22:27 - 00001089 _____ C:\Users\Mesut\Desktop\Cheat Engine.lnk

2013-11-28 22:27 - 2013-11-28 22:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3

2013-11-28 19:02 - 2013-11-18 18:12 - 00217600 _____ C:\Users\Mesut\Desktop\jacob-1.17-M2-x64.dll

2013-11-28 18:39 - 2013-11-28 18:36 - 00000000 ____D C:\Users\Mesut\Downloads\Unleashed

2013-11-28 15:05 - 2013-06-01 16:49 - 00000000 ____D C:\Users\Mesut\AppData\Local\VirtualStore

2013-11-28 14:38 - 2013-11-28 14:36 - 00000085 _____ C:\Windows\wininit.ini

2013-11-27 20:49 - 2013-06-01 16:49 - 00000000 ___RD C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-27 20:48 - 2013-11-27 20:48 - 00000000 ____D C:\Windows\system32\log

2013-11-27 13:03 - 2013-11-27 13:03 - 00003538 _____ C:\Windows\System32\Tasks\RunAsStdUser Task

2013-11-27 13:03 - 2013-11-27 13:03 - 00000000 ____D C:\Users\Mesut\AppData\Local\Chromium
 

Some content of TEMP:

====================

C:\Users\Mesut\AppData\Local\Temp\Quarantine.exe

C:\Users\Mesut\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-11-30 14:29
 

==================== End Of Log ============================

--- --- ---

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013

Ran by Mesut at 2013-12-26 14:38:26

Running from C:\Users\Mesut\Downloads\FRST-OlderVersion

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Ace of Spades (x32 Version: 0.75.015)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Aeria Ignite (x32 Version: 1.13.3296)

Akamai NetSession Interface (HKCU)

AMD Catalyst Control Center (x32 Version: 2013.0921.356.5161)

AMD Catalyst Install Manager (Version: 8.0.915.0)

AMD Fuel (Version: 2013.0921.356.5161)

Arc (x32 Version: 1.0.0.5510)

Arma 2 (x32)

Arma 2: DayZ Mod (x32)

Arma 2: Operation Arrowhead (x32)

Ask Toolbar (x32 Version: 12.6.0.12) <==== ATTENTION

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7)

avast! Free Antivirus (x32 Version: 8.0.1489.0)

Bandicam (x32 Version: 1.9.2.455)

Bandisoft MPEG-1 Decoder (x32)

BattlEye for OA Uninstall (x32)

BattlEye Uninstall (x32)

Call of Duty: Black Ops II - Multiplayer (x32)

Camtasia Studio 8 (x32 Version: 8.0.4.1060)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0921.356.5161)

Catalyst Control Center InstallProxy (x32 Version: 2013.0921.356.5161)

Catalyst Control Center Localization All (x32 Version: 2013.0921.356.5161)

CCC Help Chinese Standard (x32 Version: 2013.0921.0355.5161)

CCC Help Chinese Traditional (x32 Version: 2013.0921.0355.5161)

CCC Help Czech (x32 Version: 2013.0921.0355.5161)

CCC Help Danish (x32 Version: 2013.0921.0355.5161)

CCC Help Dutch (x32 Version: 2013.0921.0355.5161)

CCC Help English (x32 Version: 2013.0921.0355.5161)

CCC Help Finnish (x32 Version: 2013.0921.0355.5161)

CCC Help French (x32 Version: 2013.0921.0355.5161)

CCC Help German (x32 Version: 2013.0921.0355.5161)

CCC Help Greek (x32 Version: 2013.0921.0355.5161)

CCC Help Hungarian (x32 Version: 2013.0921.0355.5161)

CCC Help Italian (x32 Version: 2013.0921.0355.5161)

CCC Help Japanese (x32 Version: 2013.0921.0355.5161)

CCC Help Korean (x32 Version: 2013.0921.0355.5161)

CCC Help Norwegian (x32 Version: 2013.0921.0355.5161)

CCC Help Polish (x32 Version: 2013.0921.0355.5161)

CCC Help Portuguese (x32 Version: 2013.0921.0355.5161)

CCC Help Russian (x32 Version: 2013.0921.0355.5161)

CCC Help Spanish (x32 Version: 2013.0921.0355.5161)

CCC Help Swedish (x32 Version: 2013.0921.0355.5161)

CCC Help Thai (x32 Version: 2013.0921.0355.5161)

CCC Help Turkish (x32 Version: 2013.0921.0355.5161)

ccc-utility64 (Version: 2013.0921.356.5161)

CCleaner (Version: 4.03)

Cheat Engine 6.3 (x32)

Crossfire Europe (x32 Version: 1.172)

Game Booster 3 (x32 Version: 3.4)

Google Chrome (x32 Version: 31.0.1650.63)

Google Earth Plug-in (x32 Version: 7.1.2.2041)

Google Update Helper (x32 Version: 1.3.22.3)

Internet Explorer (Enable DEP)

Java 7 Update 21 (64-bit) (Version: 7.0.210)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

League of Legends (x32 Version: 1.3)

League of Legends (x32 Version: 3.0.1)

LogMeIn Hamachi (x32 Version: 2.2.0.109)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

McAfee Security Scan Plus (Version: 3.8.130.10)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)

Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)

MTA:SA v1.3.1 (x32 Version: v1.3.1)

Notepad++ (x32 Version: 6.5.2)

NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)

NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)

NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)

NVIDIA Grafiktreiber 320.49 (Version: 320.49)

NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)

NVIDIA Install Application (Version: 2.1002.125.816)

NVIDIA PhysX (x32 Version: 9.13.0604)

NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)

NVIDIA Systemsteuerung 320.49 (Version: 320.49)

NVIDIA Update 6.4.23 (Version: 6.4.23)

NVIDIA Update Components (Version: 6.4.23)

OpenOffice 4.0.1 (x32 Version: 4.01.9714)

Pando Media Booster (x32 Version: 2.6.0.9)

PunkBuster Services (x32 Version: 0.993)

Revo Uninstaller 1.95 (x32 Version: 1.95)

Skype™ 6.11 (x32 Version: 6.11.102)

Star Wars: The Old Republic (x32 Version: 1.00)

Steam (x32 Version: 1.0.0.0)

System Requirements Lab (Test) (x32 Version: 6.0.3.0)

TeamSpeak 3 Client (Version: 3.0.11.1)

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

WinDS PRO 2014 (Version: 2014.00.00.0)

WinDS PRO Apps 1.0 (x32 Version: 1.0.0.0)

WinDS PRO Apps 1.6.2 (Version: 1.6.2.0)

WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)

WinRAR 5.01 (64-bit) (Version: 5.01.0)

YTD Video Downloader 4.6 (x32 Version: 4.6)
 

==================== Restore Points  =========================
 

23-12-2013 13:25:56 ComboFix created restore point

24-12-2013 13:30:14 Entfernt League of Legends

24-12-2013 13:43:57 Installiert League of Legends

25-12-2013 16:49:36 Revo Uninstaller's restore point - Crossfire Europe
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2013-12-23 14:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0BD97E28-53DE-4970-8F5B-B9E74CD350D1} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\Autoupdate.exe [2013-09-18] ()

Task: {0FCC934B-65FD-4699-8339-8D2088BF5625} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)

Task: {269CA0A3-8021-4E75-9B9B-092055608C35} - \DSite No Task File

Task: {3409622F-54E9-4B2E-A243-E08AFBCAC51F} - \DealPly No Task File

Task: {3BBC31FA-C9BF-45E8-9C6C-B78CF64BC867} - \DealPlyUpdate No Task File

Task: {AFA65E29-4D1B-43F3-A58B-20F0F041B4F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)

Task: {B050549B-1B92-4E35-A2B3-EB10EA255FC0} - \Desk 365 RunAsStdUser No Task File

Task: {E34A24E6-F5EB-416B-BD12-7F162FFF818A} - \QtraxPlayer No Task File

Task: {E66E5540-4512-4E69-8F7E-2501AA4A39BE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)

Task: {EA9C4678-A46B-4618-BFF5-F61802F3D465} - System32\Tasks\RunAsStdUser Task => C:\Users\Mesut\AppData\Local\Oxy\Application\oxy.exe

Task: {FC8154CF-0487-4F9C-821A-4B2FAB0A6E24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-25 22:04 - 2013-12-25 20:17 - 02246144 _____ () C:\Program Files\AVAST Software\Avast\defs\13122501\algo.dll

2013-12-26 13:11 - 2013-12-26 10:31 - 02246144 _____ () C:\Program Files\AVAST Software\Avast\defs\13122600\algo.dll

2013-12-25 23:07 - 2003-11-16 19:48 - 00065536 _____ () C:\Users\Mesut\Desktop\SAMP\vorbisfile.dll

2013-12-25 23:07 - 2003-11-16 02:54 - 00036864 _____ () C:\Users\Mesut\Desktop\SAMP\ogg.dll

2013-12-25 23:07 - 2003-11-16 19:48 - 01060864 _____ () C:\Users\Mesut\Desktop\SAMP\vorbis.dll

2013-12-05 11:58 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 11:58 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 11:58 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 11:58 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 11:58 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\Users\Mesut\Application Data:NT

AlternateDataStreams: C:\Users\Mesut\AppData\Roaming:NT
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/26/2013 01:09:50 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/25/2013 01:56:07 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/24/2013 09:38:14 PM) (Source: Application Hang) (User: )

Description: Programm SpeedAutoClicker.exe, Version 1.3.5.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 718
 

Startzeit: 01cf00e526e048b3
 

Endzeit: 0
 

Anwendungspfad: C:\Users\Mesut\Desktop\SpeedAutoClicker.exe
 

Berichts-ID: 3c021b33-6cdb-11e3-8ed5-bc5ff491d212
 
 

System errors:

=============

Error: (12/26/2013 01:15:50 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
 

Error: (12/26/2013 01:10:40 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{86FA6F27-FD55-4ED0-979E-7CA5E990BAE9}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (12/26/2013 01:09:14 PM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 

Error: (12/26/2013 01:08:58 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (12/25/2013 02:01:23 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
 

Error: (12/25/2013 01:59:26 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{86FA6F27-FD55-4ED0-979E-7CA5E990BAE9}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (12/25/2013 01:56:13 PM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 

Error: (12/25/2013 01:55:55 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 
 

Microsoft Office Sessions:

=========================

Error: (12/26/2013 01:09:50 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/25/2013 01:56:07 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/24/2013 09:38:14 PM) (Source: Application Hang)(User: )

Description: SpeedAutoClicker.exe1.3.5.071801cf00e526e048b30C:\Users\Mesut\Desktop\SpeedAutoClicker.exe3c021b33-6cdb-11e3-8ed5-bc5ff491d212
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-12-26 13:08:58.578

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-26 13:08:58.547

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-25 13:55:55.587

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-25 13:55:55.557

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-24 12:14:24.142

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-24 12:14:24.109

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-24 12:01:24.897

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-24 12:01:24.867

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-24 10:36:27.772

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-12-24 10:36:27.739

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 72%

Total physical RAM: 2047.24 MB

Available physical RAM: 566.02 MB

Total Pagefile: 4094.48 MB

Available Pagefile: 1828.61 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:148.95 GB) (Free:82.1 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D3F312C8)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

schrauber

27.12.2013 10:40

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:filefind *Firefox* :regfind Firefox
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Zerozo

27.12.2013 15:06

Code:

SystemLook 30.07.11 by jpshortstuff

Log created at 15:00 on 27/12/2013 by Mesut

Administrator - Elevation successful
 

========== filefind ==========
 

Searching for "*Firefox*"

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\firefox.com        --a---- 218184 bytes        [19:58 21/12/2013]        [13:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\firefox.exe        --a---- 218184 bytes        [19:58 21/12/2013]        [13:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\firefox.pif        --a---- 218184 bytes        [19:58 21/12/2013]        [13:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\firefox.scr        --a---- 218184 bytes        [19:58 21/12/2013]        [13:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC

C:\ProgramData\SecTaskMan\firefox.exe.q_Quarantine_16B9319C_q        --a---- 274840 bytes        [14:23 02/10/2013]        [13:31 25/09/2013] A9182CE59CFC56F9C1DDE8B3C0AE8378

C:\ProgramData\SecTaskMan\firefox.exe.q_Quarantine_16B9319C_q.ini        --a---- 296 bytes        [11:56 04/10/2013]        [11:56 04/10/2013] 1FDB32A73C0F27DEF53E3286B67EE414

C:\ProgramData\SecTaskMan\FirefoxPortable.exe.q_Quarantine_A520_q.ini        --a---- 452 bytes        [11:56 04/10/2013]        [11:56 04/10/2013] 5F183CDA99F0F4F73ED60A4CD7E4B342

C:\ProgramData\SecTaskMan\FirefoxPortable.exe.q_Quarantine_A527B7A_q        --a---- 162680 bytes        [14:24 02/10/2013]        [13:36 16/06/2012] D7D6CDAA4E6D5C835EB4C7E7AC1D843F

C:\ProgramData\SecTaskMan\FirefoxPortable.exe.q_Quarantine_A527B7A_q.ini        --a---- 452 bytes        [11:56 04/10/2013]        [11:56 04/10/2013] 1595246EEA45DE752B16AFF724581E51

C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\FirefoxPortable.exe.vir        --a---- 162680 bytes        [18:50 08/10/2013]        [13:36 16/06/2012] D7D6CDAA4E6D5C835EB4C7E7AC1D843F

C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\DefaultData\settings\FirefoxPortableSettings.ini.vir        --a---- 52 bytes        [14:23 02/10/2013]        [03:58 15/09/2006] 0FF07F4D00D4A3348A107C5DC0E24A2D

C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\firefox.exe.vir        --a---- 274840 bytes        [18:50 08/10/2013]        [13:31 25/09/2013] A9182CE59CFC56F9C1DDE8B3C0AE8378

C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\settings\FirefoxPortableSettings.ini.vir        --a---- 81 bytes        [14:24 02/10/2013]        [13:44 25/09/2013] 0EC48C4FAFC1A6E43487340E30DC881E

C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\FirefoxPortable.ini.vir        --a---- 516 bytes        [14:24 02/10/2013]        [13:23 21/07/2008] 800B5265A36BF72B1CAC94A1EE2AA804

C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\FirefoxPortable.jpg.vir        --a---- 40068 bytes        [14:24 02/10/2013]        [20:20 24/04/2012] 04A64C31B013F6652972A1491D586B05

C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\FirefoxPortableU.nsi.vir        --a---- 19347 bytes        [14:24 02/10/2013]        [13:36 16/06/2012] DC1478AACC622E139114D528F9B2CCB4

C:\Users\All Users\SecTaskMan\firefox.exe.q_Quarantine_16B9319C_q        --a---- 274840 bytes        [14:23 02/10/2013]        [13:31 25/09/2013] A9182CE59CFC56F9C1DDE8B3C0AE8378

C:\Users\All Users\SecTaskMan\firefox.exe.q_Quarantine_16B9319C_q.ini        --a---- 296 bytes        [11:56 04/10/2013]        [11:56 04/10/2013] 1FDB32A73C0F27DEF53E3286B67EE414

C:\Users\All Users\SecTaskMan\FirefoxPortable.exe.q_Quarantine_A520_q.ini        --a---- 452 bytes        [11:56 04/10/2013]        [11:56 04/10/2013] 5F183CDA99F0F4F73ED60A4CD7E4B342

C:\Users\All Users\SecTaskMan\FirefoxPortable.exe.q_Quarantine_A527B7A_q        --a---- 162680 bytes        [14:24 02/10/2013]        [13:36 16/06/2012] D7D6CDAA4E6D5C835EB4C7E7AC1D843F

C:\Users\All Users\SecTaskMan\FirefoxPortable.exe.q_Quarantine_A527B7A_q.ini        --a---- 452 bytes        [11:56 04/10/2013]        [11:56 04/10/2013] 1595246EEA45DE752B16AFF724581E51

C:\Users\Mesut\AppData\Local\Temp\jrt\firefox.bat        --a---- 153331 bytes        [11:15 24/12/2013]        [19:24 15/10/2013] BAD6C67C870CC81C48DBA53089929884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\firefox.browser        --a---- 3071 bytes        [22:28 17/03/2010]        [22:28 17/03/2010] F5B5084403E73FC33483DFFCA4EE22C3

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\firefox.browser        --a---- 3071 bytes        [22:28 17/03/2010]        [22:28 17/03/2010] F5B5084403E73FC33483DFFCA4EE22C3

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\firefox.exe.2776.dmp        --a---- 3588220 bytes        [14:45 13/11/2013]        [14:45 13/11/2013] 007495FC609CEAB8E6E79A66BD3D8474

C:\Windows\SysWOW64\FF\FirefoxPortable.exe        --a---- 162680 bytes        [14:06 23/12/2013]        [13:36 16/06/2012] D7D6CDAA4E6D5C835EB4C7E7AC1D843F

C:\Windows\SysWOW64\FF\App\DefaultData\settings\FirefoxPortableSettings.ini        --a---- 52 bytes        [14:06 23/12/2013]        [03:58 15/09/2006] 0FF07F4D00D4A3348A107C5DC0E24A2D

C:\Windows\SysWOW64\FF\App\Firefox\firefox.exe        --a---- 274840 bytes        [14:06 23/12/2013]        [13:31 25/09/2013] A9182CE59CFC56F9C1DDE8B3C0AE8378

C:\Windows\SysWOW64\FF\Data\settings\FirefoxPortableSettings.ini        --a---- 81 bytes        [14:06 23/12/2013]        [13:44 25/09/2013] 0EC48C4FAFC1A6E43487340E30DC881E

C:\Windows\SysWOW64\FF\Other\Source\FirefoxPortable.ini        --a---- 516 bytes        [14:07 23/12/2013]        [13:23 21/07/2008] 800B5265A36BF72B1CAC94A1EE2AA804

C:\Windows\SysWOW64\FF\Other\Source\FirefoxPortable.jpg        --a---- 40068 bytes        [14:07 23/12/2013]        [20:20 24/04/2012] 04A64C31B013F6652972A1491D586B05

C:\Windows\SysWOW64\FF\Other\Source\FirefoxPortableU.nsi        --a---- 19347 bytes        [14:07 23/12/2013]        [13:36 16/06/2012] DC1478AACC622E139114D528F9B2CCB4
 

========== regfind ==========
 

Searching for "Firefox"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\10054a06_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_107830\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1a047a48_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_81701\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2044ccd9_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\38e0d302_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_111453\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3d7b07e8_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_123681\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\411ba2fe_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_613571\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\4422a8a2_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_816192\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\46a20c5f_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_214377\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5a3a2ab8_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_1212285\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5d46ab6f_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_36120\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\635d1d8c_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_1212285\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\679898ec_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_1821162\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\68797b85_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_51044\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6a8d8481_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_723761\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8125ae0_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_810475\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8924dd1a_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_107830\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\99126d4b_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_1014626\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9d51e46d_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9e617a96_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_111453\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a36ffc63_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_36120\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a3d650d1_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_51044\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ab32afa1_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ac8b6e2c_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_289729\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb32be65_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_2214311\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d7d2f06a_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_613571\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e43580d4_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_2925560\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec60bef3_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_56566\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f29ba68c_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_810475\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fb6460a5_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fc234fff_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_56566\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2008firefox.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2009-box.com\firefox]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2009-box.com\www.firefox]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\firefoxdownload-now.com]

[HKEY_CURRENT_USER\Software\mozilla\Firefox]

[HKEY_CURRENT_USER\Software\mozilla\Firefox\TaskBarIDs]

"C:\Windows\SysWOW64\FF\App\Firefox"="5C2783BF788E9CDD"

[HKEY_CURRENT_USER\Software\mozilla\Firefox\TaskBarIDs]

"C:\Windows\SysWOW64\FF_BN_117030\App\Firefox"="519B4AB52383F007"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\firefox_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\firefox_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin\MimeTypes\application/firefox-interactwithclient-plugin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D\GameConfigs\firefox]

[HKEY_USERS\.DEFAULT\Software\mozilla\Firefox]

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\10054a06_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_107830\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1a047a48_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_81701\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2044ccd9_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\38e0d302_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_111453\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3d7b07e8_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_123681\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\411ba2fe_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_613571\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\4422a8a2_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_816192\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\46a20c5f_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_214377\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5a3a2ab8_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_1212285\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5d46ab6f_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_36120\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\635d1d8c_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_1212285\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\679898ec_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_1821162\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\68797b85_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_51044\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6a8d8481_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_723761\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8125ae0_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_810475\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8924dd1a_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_107830\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\99126d4b_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_1014626\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9d51e46d_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9e617a96_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_111453\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a36ffc63_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_36120\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a3d650d1_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_51044\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ab32afa1_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ac8b6e2c_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_289729\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb32be65_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_2214311\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d7d2f06a_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_613571\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e43580d4_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_2925560\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec60bef3_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_56566\App\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f29ba68c_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_810475\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fb6460a5_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fc234fff_0]

@="{0.0.0.00000000}.{f9156f84-0b31-494f-b445-8a0949d37358}|\Device\HarddiskVolume2\Windows\SysWOW64\FF_BN_56566\App\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2008firefox.com]

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2009-box.com\firefox]

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2009-box.com\www.firefox]

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\firefoxdownload-now.com]

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\mozilla\Firefox]

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\mozilla\Firefox\TaskBarIDs]

"C:\Windows\SysWOW64\FF\App\Firefox"="5C2783BF788E9CDD"

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\mozilla\Firefox\TaskBarIDs]

"C:\Windows\SysWOW64\FF_BN_117030\App\Firefox"="519B4AB52383F007"

[HKEY_USERS\S-1-5-18\Software\mozilla\Firefox]
 

-= EOF =-

schrauber

28.12.2013 12:45

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Windows\SysWOW64\FF

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Zerozo

28.12.2013 14:38

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2013 01

Ran by Mesut at 2013-12-28 13:18:11 Run:1

Running from C:\Users\Mesut\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\Windows\SysWOW64\FF

*****************
 

C:\Windows\SysWOW64\FF => Moved successfully.
 

==== End of Fixlog ====

schrauber

29.12.2013 12:24

Noch Probleme?

Zerozo

30.12.2013 14:48

ja es öffnet sich immer noch sogar noch schneller ;/

Zitat:

Zitat von Zerozo (Beitrag 1221228)

ja es öffnet sich immer noch sogar noch schneller ;/

also früher als es sich geöffnet hat brauchte es min 3-5 min um eine werbung zu öffnen und um leistung zu fressen jetzt startet es bei 400k und nach nicht mal 1 min kommt werbung ;( die schnell auf 1,080k hoch geht

Zitat:

Zitat von Zerozo (Beitrag 1221228)

ja es öffnet sich immer noch sogar noch schneller ;/

also früher als es sich geöffnet hat brauchte es min 3-5 min um eine werbung zu öffnen und um leistung zu fressen jetzt startet es bei 400.000k und nach nicht mal 1 min kommt werbung ;( die schnell auf 1,080.000k hoch geht

ich habe ne idee wieso es nicht klappt es erstellt einfach immer ein neuen ordner gestern war es noch C:\Windows\SysWOW64\FF_BN_226340 und heute ist es C:\Windows\SysWOW64\FF_BN_321599

schrauber

31.12.2013 08:35

Lösche bitte Combofix und lade es neu und lass es nochmal laufen.

Zerozo

31.12.2013 16:46

hir

Code:

ComboFix 13-12-31.01 - Mesut 31.12.2013  16:26:09.2.3 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.41.1033.18.2047.1018 [GMT 1:00]

ausgeführt von:: c:\users\Mesut\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\ff

c:\windows\SysWow64\ff\App\AppInfo\appicon.ico

c:\windows\SysWow64\ff\App\AppInfo\appicon_128.png

c:\windows\SysWow64\ff\App\AppInfo\appicon_16.png

c:\windows\SysWow64\ff\App\AppInfo\appicon_32.png

c:\windows\SysWow64\ff\App\AppInfo\appinfo.ini

c:\windows\SysWow64\ff\App\AppInfo\installer.ini

c:\windows\SysWow64\ff\App\Bin\sqlite3.exe

c:\windows\SysWow64\ff\App\DefaultData\plugins\plugins_readme.txt

c:\windows\SysWow64\ff\App\DefaultData\profile\bookmarks.html

c:\windows\SysWow64\ff\App\DefaultData\profile\prefs.js

c:\windows\SysWow64\ff\App\DefaultData\settings\FirefoxPortableSettings.ini

c:\windows\SysWow64\ff\App\Firefox\AccessibleMarshal.dll

c:\windows\SysWow64\ff\App\Firefox\active-update.xml

c:\windows\SysWow64\ff\App\Firefox\application.ini

c:\windows\SysWow64\ff\App\Firefox\breakpadinjector.dll

c:\windows\SysWow64\ff\App\Firefox\browser\blocklist.xml

c:\windows\SysWow64\ff\App\Firefox\browser\chrome.manifest

c:\windows\SysWow64\ff\App\Firefox\browser\components\browsercomps.dll

c:\windows\SysWow64\ff\App\Firefox\browser\components\components.manifest

c:\windows\SysWow64\ff\App\Firefox\browser\crashreporter-override.ini

c:\windows\SysWow64\ff\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png

c:\windows\SysWow64\ff\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf

c:\windows\SysWow64\ff\App\Firefox\browser\omni.ja

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\amazondotcom-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\bing.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\eBay-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\google.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\leo_ende_de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\wikipedia-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\yahoo-de.xml

c:\windows\SysWow64\ff\App\Firefox\crashreporter.exe

c:\windows\SysWow64\ff\App\Firefox\crashreporter.ini

c:\windows\SysWow64\ff\App\Firefox\D3DCompiler_43.dll

c:\windows\SysWow64\ff\App\Firefox\defaults\pref\channel-prefs.js

c:\windows\SysWow64\ff\App\Firefox\dependentlibs.list

c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png

c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf

c:\windows\SysWow64\ff\App\Firefox\firefox.exe

c:\windows\SysWow64\ff\App\Firefox\freebl3.chk

c:\windows\SysWow64\ff\App\Firefox\freebl3.dll

c:\windows\SysWow64\ff\App\Firefox\gkmedias.dll

c:\windows\SysWow64\ff\App\Firefox\libEGL.dll

c:\windows\SysWow64\ff\App\Firefox\libGLESv2.dll

c:\windows\SysWow64\ff\App\Firefox\maintenanceservice.exe

c:\windows\SysWow64\ff\App\Firefox\maintenanceservice_installer.exe

c:\windows\SysWow64\ff\App\Firefox\mozalloc.dll

c:\windows\SysWow64\ff\App\Firefox\mozglue.dll

c:\windows\SysWow64\ff\App\Firefox\mozjs.dll

c:\windows\SysWow64\ff\App\Firefox\msvcp100.dll

c:\windows\SysWow64\ff\App\Firefox\msvcr100.dll

c:\windows\SysWow64\ff\App\Firefox\nss3.dll

c:\windows\SysWow64\ff\App\Firefox\nssckbi.dll

c:\windows\SysWow64\ff\App\Firefox\nssdbm3.chk

c:\windows\SysWow64\ff\App\Firefox\nssdbm3.dll

c:\windows\SysWow64\ff\App\Firefox\omni.ja

c:\windows\SysWow64\ff\App\Firefox\platform.ini

c:\windows\SysWow64\ff\App\Firefox\plugin-container.exe

c:\windows\SysWow64\ff\App\Firefox\plugin-hang-ui.exe

c:\windows\SysWow64\ff\App\Firefox\precomplete

c:\windows\SysWow64\ff\App\Firefox\removed-files

c:\windows\SysWow64\ff\App\Firefox\softokn3.chk

c:\windows\SysWow64\ff\App\Firefox\softokn3.dll

c:\windows\SysWow64\ff\App\Firefox\uninstall\helper.exe

c:\windows\SysWow64\ff\App\Firefox\uninstall\uninstall.update

c:\windows\SysWow64\ff\App\Firefox\update-settings.ini

c:\windows\SysWow64\ff\App\Firefox\updater.exe

c:\windows\SysWow64\ff\App\Firefox\updater.ini

c:\windows\SysWow64\ff\App\Firefox\updates.xml

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.log

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.manifest

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.mar

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.status

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.version

c:\windows\SysWow64\ff\App\Firefox\updates\0\updater.exe

c:\windows\SysWow64\ff\App\Firefox\updates\0\updater.ini

c:\windows\SysWow64\ff\App\Firefox\webapp-uninstaller.exe

c:\windows\SysWow64\ff\App\Firefox\webapprt-stub.exe

c:\windows\SysWow64\ff\App\Firefox\webapprt\omni.ja

c:\windows\SysWow64\ff\App\Firefox\webapprt\webapprt.ini

c:\windows\SysWow64\ff\App\Firefox\xul.dll

c:\windows\SysWow64\ff\App\readme.txt

c:\windows\SysWow64\ff\Data\plugins\npdsplay.dll

c:\windows\SysWow64\ff\Data\plugins\npzylomgamesplayer.dll

c:\windows\SysWow64\ff\Data\plugins\plugins_readme.txt

c:\windows\SysWow64\ff\Data\plugins_choice\list.txt

c:\windows\SysWow64\ff\Data\plugins_choice\np32dsw.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npauthz.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npAviraCallingID.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npctrl.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdeploytk.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdivx32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdrmv2.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdsplay.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npgeplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npitunes.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npjp2.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npnul32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npNxGameeu.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npovshelper.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npPandoWebPlugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nppdf32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nppl3260.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npqtplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nprpplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npspwrap.dll

c:\windows\SysWow64\ff\Data\plugins_choice\NPSWF32_11_7_700_169.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npunity3d32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npvlc.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npwinext.dll

c:\windows\SysWow64\ff\Data\plugins_choice\NPWLPG.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npwpf.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npzylomgamesplayer.dll

c:\windows\SysWow64\ff\Data\profile\blocklist.xml

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-08.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-09.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-10.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-11.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-16.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-22.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-23.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-24.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-25.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-28.json

c:\windows\SysWow64\ff\Data\profile\bookmarks.html

c:\windows\SysWow64\ff\Data\profile\cert8.db

c:\windows\SysWow64\ff\Data\profile\chromeappsstore.sqlite

c:\windows\SysWow64\ff\Data\profile\compatibility.ini

c:\windows\SysWow64\ff\Data\profile\content-prefs.sqlite

c:\windows\SysWow64\ff\Data\profile\cookies.sqlite

c:\windows\SysWow64\ff\Data\profile\downloads.sqlite

c:\windows\SysWow64\ff\Data\profile\extensions.ini

c:\windows\SysWow64\ff\Data\profile\extensions.sqlite

c:\windows\SysWow64\ff\Data\profile\extensions\firebug@software.joehewitt.com.xpi

c:\windows\SysWow64\ff\Data\profile\extensions\remote-control@morch.com.xpi

c:\windows\SysWow64\ff\Data\profile\firebug\annotations.json

c:\windows\SysWow64\ff\Data\profile\firebug\breakpoints.json

c:\windows\SysWow64\ff\Data\profile\formhistory.sqlite

c:\windows\SysWow64\ff\Data\profile\healthreport.sqlite

c:\windows\SysWow64\ff\Data\profile\key3.db

c:\windows\SysWow64\ff\Data\profile\localstore-safe.rdf

c:\windows\SysWow64\ff\Data\profile\localstore.rdf

c:\windows\SysWow64\ff\Data\profile\marionette.log

c:\windows\SysWow64\ff\Data\profile\mimeTypes.rdf

c:\windows\SysWow64\ff\Data\profile\minidumps\a98c2742-fa9f-4fe8-a65d-009c3107488f.dmp

c:\windows\SysWow64\ff\Data\profile\OfflineCache\index.sqlite

c:\windows\SysWow64\ff\Data\profile\parent.lock

c:\windows\SysWow64\ff\Data\profile\permissions.sqlite

c:\windows\SysWow64\ff\Data\profile\places.sqlite

c:\windows\SysWow64\ff\Data\profile\pluginreg.dat

c:\windows\SysWow64\ff\Data\profile\prefs.js

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.sbstore

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.sbstore

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.sbstore

c:\windows\SysWow64\ff\Data\profile\search-metadata.json

c:\windows\SysWow64\ff\Data\profile\search.json

c:\windows\SysWow64\ff\Data\profile\search.sqlite

c:\windows\SysWow64\ff\Data\profile\secmod.db

c:\windows\SysWow64\ff\Data\profile\signons.sqlite

c:\windows\SysWow64\ff\Data\profile\start.txt

c:\windows\SysWow64\ff\Data\profile\startupCache\startupCache.4.little

c:\windows\SysWow64\ff\Data\profile\urlclassifier.pset

c:\windows\SysWow64\ff\Data\profile\urlclassifier3.sqlite

c:\windows\SysWow64\ff\Data\profile\webapps\webapps.json

c:\windows\SysWow64\ff\Data\profile\webappsstore.sqlite

c:\windows\SysWow64\ff\Data\settings\FirefoxPortableSettings.ini

c:\windows\SysWow64\ff\FirefoxPortable.exe

c:\windows\SysWow64\ff\Fonts\aaaiight.ttf

c:\windows\SysWow64\ff\Fonts\abusive pencil.ttf

c:\windows\SysWow64\ff\Fonts\Acens.ttf

c:\windows\SysWow64\ff\Fonts\Acidic.TTF

c:\windows\SysWow64\ff\Fonts\adam.ttf

c:\windows\SysWow64\ff\Fonts\adamb.ttf

c:\windows\SysWow64\ff\Fonts\adambital.ttf

c:\windows\SysWow64\ff\Fonts\Aerosol.ttf

c:\windows\SysWow64\ff\Fonts\aggstock.ttf

c:\windows\SysWow64\ff\Fonts\AIFRAGME.TTF

c:\windows\SysWow64\ff\Fonts\AIRSTREA.TTF

c:\windows\SysWow64\ff\Fonts\airstrip.ttf

c:\windows\SysWow64\ff\Fonts\aladdin.ttf

c:\windows\SysWow64\ff\Fonts\Alias.ttf

c:\windows\SysWow64\ff\Fonts\All Star Resort.ttf

c:\windows\SysWow64\ff\Fonts\AlteHaasGroteskBold.ttf

c:\windows\SysWow64\ff\Fonts\Amerdcon.ttf

c:\windows\SysWow64\ff\Fonts\Android Nation.ttf

c:\windows\SysWow64\ff\Fonts\Anime Ace.ttf

c:\windows\SysWow64\ff\Fonts\beaswfte.ttf

c:\windows\SysWow64\ff\Fonts\Blambot Custom.ttf

c:\windows\SysWow64\ff\Fonts\Blambot Pro.ttf

c:\windows\SysWow64\ff\Fonts\city_burn.ttf

c:\windows\SysWow64\ff\Fonts\CNN.ttf

c:\windows\SysWow64\ff\Fonts\Colcothar.ttf

c:\windows\SysWow64\ff\Fonts\Damn Noisy Kids.ttf

c:\windows\SysWow64\ff\Fonts\Daredevil.ttf

c:\windows\SysWow64\ff\Fonts\DENSMORE.TTF

c:\windows\SysWow64\ff\Fonts\desperado.ttf

c:\windows\SysWow64\ff\Fonts\Detectives Inc.ttf

c:\windows\SysWow64\ff\Fonts\detroitghetto.ttf

c:\windows\SysWow64\ff\Fonts\devotion.ttf

c:\windows\SysWow64\ff\Fonts\dirtyheadline.ttf

c:\windows\SysWow64\ff\Fonts\Diskoboll.ttf

c:\windows\SysWow64\ff\Fonts\EARWIGFA.TTF

c:\windows\SysWow64\ff\Fonts\EDITION_.TTF

c:\windows\SysWow64\ff\Fonts\Ellianarelle s Path.ttf

c:\windows\SysWow64\ff\Fonts\EMPIREST.TTF

c:\windows\SysWow64\ff\Fonts\EpoXY_histoRy.ttf

c:\windows\SysWow64\ff\Fonts\ERTHQAKE.TTF

c:\windows\SysWow64\ff\Fonts\esp.ttf

c:\windows\SysWow64\ff\Fonts\EUROSWH.TTF

c:\windows\SysWow64\ff\Fonts\EVITA.TTF

c:\windows\SysWow64\ff\Fonts\FAREAST.TTF

c:\windows\SysWow64\ff\Fonts\fbsbltc.ttf

c:\windows\SysWow64\ff\Fonts\FerroRosso.ttf

c:\windows\SysWow64\ff\Fonts\Fiesta.ttf

c:\windows\SysWow64\ff\Fonts\fight.TTF

c:\windows\SysWow64\ff\Fonts\Findet Nemo.ttf

c:\windows\SysWow64\ff\Fonts\Flat Earth Scribe.ttf

c:\windows\SysWow64\ff\Fonts\friends good.ttf

c:\windows\SysWow64\ff\Fonts\GameCube.ttf

c:\windows\SysWow64\ff\Fonts\Ginga.ttf

c:\windows\SysWow64\ff\Fonts\Godzilla.ttf

c:\windows\SysWow64\ff\Fonts\GothicFlames.ttf

c:\windows\SysWow64\ff\Fonts\gothikka.ttf

c:\windows\SysWow64\ff\Fonts\Graffogie.ttf

c:\windows\SysWow64\ff\Fonts\groening.ttf

c:\windows\SysWow64\ff\Fonts\gyparody.ttf

c:\windows\SysWow64\ff\Fonts\halflife.ttf

c:\windows\SysWow64\ff\Fonts\Halo.ttf

c:\windows\SysWow64\ff\Fonts\HandSean.ttf

c:\windows\SysWow64\ff\Fonts\HARD_ROCK.ttf

c:\windows\SysWow64\ff\Fonts\Hellraiser SC.ttf

c:\windows\SysWow64\ff\Fonts\Hursheys.ttf

c:\windows\SysWow64\ff\Fonts\idiot.ttf

c:\windows\SysWow64\ff\Fonts\Impossible.ttf

c:\windows\SysWow64\ff\Fonts\in_my_head.ttf

c:\windows\SysWow64\ff\Fonts\Indianhotel.ttf

c:\windows\SysWow64\ff\Fonts\jandles.ttf

c:\windows\SysWow64\ff\Fonts\JaneAust.ttf

c:\windows\SysWow64\ff\Fonts\JerseyLetters.ttf

c:\windows\SysWow64\ff\Fonts\JungleRuff.ttf

c:\windows\SysWow64\ff\Fonts\kaileenw.ttf

c:\windows\SysWow64\ff\Fonts\karabine.ttf

c:\windows\SysWow64\ff\Fonts\Karate.ttf

c:\windows\SysWow64\ff\Fonts\Kitten Meat.ttf

c:\windows\SysWow64\ff\Fonts\Kittkat.ttf

c:\windows\SysWow64\ff\Fonts\Laine.TTF

c:\windows\SysWow64\ff\Fonts\Lazy.ttf

c:\windows\SysWow64\ff\Fonts\LEDLIGHT.ttf

c:\windows\SysWow64\ff\Fonts\Legothick.ttf

c:\windows\SysWow64\ff\Fonts\linkin.ttf

c:\windows\SysWow64\ff\Fonts\LinkinPark.ttf

c:\windows\SysWow64\ff\Fonts\lottepaperfang.ttf

c:\windows\SysWow64\ff\Fonts\maksukehoitus.ttf

c:\windows\SysWow64\ff\Fonts\manga_speak.ttf

c:\windows\SysWow64\ff\Fonts\MARK.TTF

c:\windows\SysWow64\ff\Fonts\Marlboc.ttf

c:\windows\SysWow64\ff\Fonts\Marlbow.ttf

c:\windows\SysWow64\ff\Fonts\Megadeth.ttf

c:\windows\SysWow64\ff\Fonts\meresre.ttf

c:\windows\SysWow64\ff\Fonts\morgenstern.ttf

c:\windows\SysWow64\ff\Fonts\N-Gage.ttf

c:\windows\SysWow64\ff\Fonts\NASALIZA.TTF

c:\windows\SysWow64\ff\Fonts\neon2.ttf

c:\windows\SysWow64\ff\Fonts\NEUROTOX.TTF

c:\windows\SysWow64\ff\Fonts\nevis.ttf

c:\windows\SysWow64\ff\Fonts\Orange Fizz.ttf

c:\windows\SysWow64\ff\Fonts\oreos.ttf

c:\windows\SysWow64\ff\Fonts\Origami.ttf

c:\windows\SysWow64\ff\Fonts\PaisleyCaps .ttf

c:\windows\SysWow64\ff\Fonts\Patches.ttf

c:\windows\SysWow64\ff\Fonts\pdark.ttf

c:\windows\SysWow64\ff\Fonts\Phorssa.ttf

c:\windows\SysWow64\ff\Fonts\Planet of the Apes.ttf

c:\windows\SysWow64\ff\Fonts\Playtoy.ttf

c:\windows\SysWow64\ff\Fonts\Pleiades.TTF

c:\windows\SysWow64\ff\Fonts\postoffice.ttf

c:\windows\SysWow64\ff\Fonts\Pozo.ttf

c:\windows\SysWow64\ff\Fonts\Prototype.ttf

c:\windows\SysWow64\ff\Fonts\Prozak.ttf

c:\windows\SysWow64\ff\Fonts\Pyromane.ttf

c:\windows\SysWow64\ff\Fonts\quake.TTF

c:\windows\SysWow64\ff\Fonts\Requiem.ttf

c:\windows\SysWow64\ff\Fonts\Resident Evil Large.ttf

c:\windows\SysWow64\ff\Fonts\retroRockPoster.ttf

c:\windows\SysWow64\ff\Fonts\ribbon.ttf

c:\windows\SysWow64\ff\Fonts\riesling.ttf

c:\windows\SysWow64\ff\Fonts\Rockit.ttf

c:\windows\SysWow64\ff\Fonts\romeo.ttf

c:\windows\SysWow64\ff\Fonts\Rounded.ttf

c:\windows\SysWow64\ff\Fonts\rzrarti.ttf

c:\windows\SysWow64\ff\Fonts\Scream Real.ttf

c:\windows\SysWow64\ff\Fonts\se7en.ttf

c:\windows\SysWow64\ff\Fonts\Searfont.ttf

c:\windows\SysWow64\ff\Fonts\shellhead.ttf

c:\windows\SysWow64\ff\Fonts\Sickness.ttf

c:\windows\SysWow64\ff\Fonts\sidewalk.ttf

c:\windows\SysWow64\ff\Fonts\Sin City.ttf

c:\windows\SysWow64\ff\Fonts\Sliced_Juice.ttf

c:\windows\SysWow64\ff\Fonts\Smallville1.ttf

c:\windows\SysWow64\ff\Fonts\Spirit Medium.ttf

c:\windows\SysWow64\ff\Fonts\splinter2.ttf

c:\windows\SysWow64\ff\Fonts\spongefont.ttf

c:\windows\SysWow64\ff\Fonts\stentiga.ttf

c:\windows\SysWow64\ff\Fonts\TAGSTER.TTF

c:\windows\SysWow64\ff\Fonts\Taste of steel.ttf

c:\windows\SysWow64\ff\Fonts\TERMINAT.TTF

c:\windows\SysWow64\ff\Fonts\the ring.ttf

c:\windows\SysWow64\ff\Fonts\the sixth sense.ttf

c:\windows\SysWow64\ff\Fonts\the_King__26_Queen_font.ttf

c:\windows\SysWow64\ff\Fonts\the_Poison.ttf

c:\windows\SysWow64\ff\Fonts\TheGodFather.ttf

c:\windows\SysWow64\ff\Fonts\tiza.ttf

c:\windows\SysWow64\ff\Fonts\tondo.ttf

c:\windows\SysWow64\ff\Fonts\tron.ttf

c:\windows\SysWow64\ff\Fonts\Trumania.ttf

c:\windows\SysWow64\ff\Fonts\Turok.ttf

c:\windows\SysWow64\ff\Fonts\ultimate MIDNIGHT.ttf

c:\windows\SysWow64\ff\Fonts\Umberto.ttf

c:\windows\SysWow64\ff\Fonts\Unreal.ttf

c:\windows\SysWow64\ff\Fonts\Uptown__.ttf

c:\windows\SysWow64\ff\Fonts\uwch.ttf

c:\windows\SysWow64\ff\Fonts\Vampiress.ttf

c:\windows\SysWow64\ff\Fonts\Varsity.ttf

c:\windows\SysWow64\ff\Fonts\vintage.ttf

c:\windows\SysWow64\ff\Fonts\walk_plank.ttf

c:\windows\SysWow64\ff\Fonts\weezerfont.ttf

c:\windows\SysWow64\ff\Fonts\WillyWonka.ttf

c:\windows\SysWow64\ff\Fonts\Xfiles.ttf

c:\windows\SysWow64\ff\Fonts\Yoshitoshi.ttf

c:\windows\SysWow64\ff\Fonts\Yukon Gold.ttf

c:\windows\SysWow64\ff\Fonts\zerogene.ttf

c:\windows\SysWow64\ff\Other\Help\images\donation_button.png

c:\windows\SysWow64\ff\Other\Help\images\favicon.ico

c:\windows\SysWow64\ff\Other\Help\images\help_background_footer.png

c:\windows\SysWow64\ff\Other\Help\images\help_background_header.png

c:\windows\SysWow64\ff\Other\Help\images\help_logo_top.png

c:\windows\SysWow64\ff\Other\Source\AppSource.txt

c:\windows\SysWow64\ff\Other\Source\CheckForPlatformSplashDisable.nsh

c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.ini

c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.jpg

c:\windows\SysWow64\ff\Other\Source\FirefoxPortableU.nsi

c:\windows\SysWow64\ff\Other\Source\License.txt

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_DUTCH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISHGB.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_FRENCH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_GERMAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_HUNGARIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ITALIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_JAPANESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_KOREAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_POLISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESEBR.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_RUSSIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SIMPCHINESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISHINTERNATIONAL.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_TRADCHINESE.nsh

c:\windows\SysWow64\ff\Other\Source\ReadINIStrWithDefault.nsh

c:\windows\SysWow64\ff\Other\Source\Readme.txt

c:\windows\SysWow64\ff\Other\Source\ReplaceInFileWithTextReplace.nsh

c:\windows\SysWow64\ff\Other\Source\SetFileAttributesDirectoryNormal.nsh

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-11-28 bis 2013-12-31  ))))))))))))))))))))))))))))))

.

.

2013-12-31 15:38 . 2013-12-31 15:38        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-12-31 15:38 . 2013-12-31 15:38        --------        d-----w-        c:\users\hedev\AppData\Local\temp

2013-12-31 15:38 . 2013-12-31 15:38        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-12-25 19:27 . 2013-12-25 19:27        --------        d-----w-        c:\programdata\MTA San Andreas All

2013-12-25 16:45 . 2013-12-25 16:45        --------        d-----w-        c:\program files (x86)\VS Revo Group

2013-12-24 13:44 . 2013-12-24 13:44        --------        d-----w-        C:\Riot Games

2013-12-24 11:16 . 2013-12-24 11:16        --------        d-----w-        c:\windows\ERUNT

2013-12-24 11:05 . 2013-12-24 11:08        --------        d-----w-        C:\AdwCleaner

2013-12-22 09:39 . 2013-12-28 13:35        --------        d-----w-        C:\FRST

2013-12-21 19:59 . 2013-12-21 19:59        --------        d-----w-        c:\users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 19:58 . 2013-12-21 19:58        --------        d-----w-        c:\programdata\Malwarebytes

2013-12-21 19:58 . 2013-12-21 19:58        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2013-12-21 19:58 . 2013-04-04 13:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-12-18 15:46 . 2013-12-18 15:46        --------        d-----w-        c:\users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 15:44 . 2013-12-18 15:45        --------        d-----w-        c:\program files (x86)\OpenOffice 4

2013-12-09 20:47 . 2013-12-09 20:57        --------        d--h--w-        c:\windows\SysWow64\FF_BN_2019128

2013-12-08 17:31 . 2013-12-08 17:31        --------        d-----w-        c:\program files (x86)\Common Files\Bitdefender

2013-12-07 15:14 . 2013-12-07 15:14        --------        d-----w-        c:\programdata\regid.1995-08.com.techsmith

2013-12-07 15:14 . 2013-12-07 15:14        --------        d-----w-        c:\program files (x86)\QuickTime

2013-12-07 15:02 . 2013-12-08 01:16        --------        d-----w-        c:\users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-07 14:36 . 2013-12-07 14:36        --------        d-----w-        c:\users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 14:35 . 2013-12-07 14:35        --------        d-----w-        c:\program files (x86)\Bandicam

2013-12-07 14:35 . 2013-12-07 14:35        --------        d-----w-        c:\program files (x86)\BandiMPEG1

2013-12-05 12:23 . 2013-12-05 12:23        --------        d-----w-        c:\program files (x86)\Aeria Games

2013-12-05 11:28 . 2013-12-07 14:33        --------        d-----w-        C:\AeriaGames

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-28 13:05 . 2013-08-11 13:43        139264        ----a-w-        c:\windows\SysWow64\r_unzip.exe

2013-11-28 21:41 . 2013-08-29 12:10        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-28 21:41 . 2013-08-24 21:01        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-07 10:52 . 2013-11-07 10:52        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{09326DD3-D6DC-4DFE-9AF4-BF364A099A02}\offreg.dll

2013-10-12 14:08 . 2013-07-13 16:11        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-10-12 14:08 . 2013-07-13 16:02        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-10-12 14:07 . 2013-07-13 16:02        281872        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-10-12 14:07 . 2013-07-13 16:02        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2013-10-08 05:50 . 2013-10-20 10:17        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]

"Akamai NetSession Interface"="c:\users\Mesut\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-21 766208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0sdnclean64.exe

.

R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Rent Update;Rent Update;C:/Windows/Rent/Update.exe;C:/Windows/Rent/Update.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]

R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

R3 wolf;wolf;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 10:46        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 13:18]

.

2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 13:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"W7LXE"="c:\users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe" [2010-05-22 28135936]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

ustart page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

Trusted Zone: aeriagames.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-BattlEye for OA - c:\program files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe

AddRemove-Crossfire Europe - c:\sg interactive\Crossfire Europe\uninst.exe

AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe

AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rent Update]

"ImagePath"="C:/Windows/Rent/Update.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rent Update]

"ImagePath"="C:/Windows/Rent/Update.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\SecuROM\License information*]

"datasecu"=hex:17,da,a6,e3,92,01,53,db,f8,5c,8b,3b,60,7c,08,98,ac,49,d1,b6,cc,

   39,44,5b,a7,84,3b,5c,d4,6b,42,e5,15,d7,0f,29,9b,4e,1b,b3,91,40,c1,06,12,de,\

"rkeysecu"=hex:91,1c,db,6d,7a,7c,a7,7d,27,17,29,3e,4e,a0,d8,99

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-12-31  16:41:04

ComboFix-quarantined-files.txt  2013-12-31 15:41

ComboFix2.txt  2013-12-23 13:51

.

Vor Suchlauf: 88'408'162'304 bytes free

Nach Suchlauf: 20 Verzeichnis(se), 88'461'209'600 Bytes frei

.

- - End Of File - - 5E51C7E957D450F89671628403D278F3

ist es eig normal das soviele mein thema anklicken sind ja schon fast 500 klicks D:
und wünsche dir nen guten rutsch ins neue jahr :)

schrauber

01.01.2014 13:27

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Zerozo

01.01.2014 19:09

Adw

Code:

# AdwCleaner v3.016 - Report created 01/01/2014 at 18:47:14

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : Mesut - MESUT-PC

# Running from : C:\Users\Mesut\Desktop\adwcleaner.exe

# Option : Clean
 

***** [ Services ] *****
 
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v9.0.8112.16483
 
 

-\\ Mozilla Firefox v
 

[ File : C:\Users\Mesut\AppData\Roaming\Mozilla\Firefox\Profiles\0w8hec2x.default\prefs.js ]
 
 

-\\ Google Chrome v31.0.1650.63
 

[ File : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [1001 octets] - [01/01/2014 18:45:45]

AdwCleaner[S0].txt - [926 octets] - [01/01/2014 18:47:14]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [985 octets] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.9 (01.01.2014:1)

OS: Windows 7 Enterprise x64

Ran by Mesut on 01.01.2014 at 18:56:55.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01.01.2014 at 19:05:30.34

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mbam

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.01.01.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mesut :: MESUT-PC [Administrator]
 

Schutz: Aktiviert
 

01.01.2014 17:20:02

mbam-log-2014-01-01 (17-20-02).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 423873

Laufzeit: 1 Stunde(n), 17 Minute(n), 29 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01

Ran by Mesut (administrator) on MESUT-PC on 01-01-2014 19:07:50

Running from C:\Users\Mesut\Desktop

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Windows\Rent\Rent.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Thisisu) C:\Users\Mesut\Desktop\JRT.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [W7LXE] - C:\Users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe [28135936 2010-05-22] ()

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation)

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x974FB908CA5ECE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Mesut\AppData\Roaming\Mozilla\Firefox\Profiles\0w8hec2x.default

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mesut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 

Chrome: 

=======

CHR HomePage: hxxp://google.de/

CHR RestoreOnStartup: "https://www.google.de/"

CHR DefaultSearchKeyword: youtube.com

CHR DefaultSearchProvider: YouTube-Videosuche

CHR DefaultSearchURL: hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch

CHR DefaultNewTabURL: 

CHR Extension: (New Tab) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0

CHR Extension: (AdBlock) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (Twitch.tv Europe Lag Fix) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoehmlkhjgaboegkondkciclminpjof\2.0_0

CHR Extension: (Steam Theme) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0

CHR Extension: (Google Wallet) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx

CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx
 

==================== Services (Whitelisted) =================
 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-21] (Advanced Micro Devices, Inc.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()

S2 Rent Update; C:/Windows/Rent/Update.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [34816 2013-06-19] (Advanced Micro Devices)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)

S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-01 19:07 - 2014-01-01 19:07 - 00013742 _____ C:\Users\Mesut\Desktop\FRST.txt

2014-01-01 19:07 - 2014-01-01 19:07 - 00000000 ____D C:\Users\Mesut\Desktop\FRST-OlderVersion

2014-01-01 19:05 - 2014-01-01 19:05 - 00000623 _____ C:\Users\Mesut\Desktop\JRT.txt

2014-01-01 19:03 - 2014-01-01 19:04 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_128451

2014-01-01 18:55 - 2014-01-01 18:55 - 01036305 _____ (Thisisu) C:\Users\Mesut\Desktop\JRT.exe

2014-01-01 18:45 - 2014-01-01 18:47 - 00000000 ____D C:\AdwCleaner

2014-01-01 18:45 - 2014-01-01 18:45 - 01233962 _____ C:\Users\Mesut\Desktop\adwcleaner.exe

2014-01-01 17:10 - 2014-01-01 17:10 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-01 17:08 - 2014-01-01 17:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Desktop\mbam-setup-1.75.0.1300.exe

2013-12-31 18:09 - 2013-12-31 18:09 - 00000000 ___HD C:\Windows\SysWOW64\FF

2013-12-25 23:04 - 2013-12-25 23:04 - 03684312 _____ C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

2013-12-25 23:03 - 2014-01-01 15:14 - 00000000 ____D C:\Users\Mesut\Desktop\SAMP

2013-12-25 20:29 - 2013-12-25 23:09 - 00000000 ____D C:\Users\Mesut\Documents\GTA San Andreas User Files

2013-12-25 20:29 - 2013-12-25 20:29 - 00002124 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk

2013-12-25 20:27 - 2013-12-25 20:27 - 00000000 ____D C:\ProgramData\MTA San Andreas All

2013-12-25 20:19 - 2013-03-04 01:46 - 00000000 ____D C:\Users\Mesut\Desktop\mta

2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-24 14:57 - 2013-12-24 14:57 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-24 14:44 - 2013-12-24 14:44 - 00000000 ____D C:\Riot Games

2013-12-24 12:29 - 2013-12-31 16:19 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-23 14:25 - 2013-12-31 16:41 - 00000000 ____D C:\Qoobox

2013-12-23 14:25 - 2013-12-23 14:50 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-23 14:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-23 14:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-22 10:39 - 2014-01-01 19:07 - 00000000 ____D C:\FRST

2013-12-22 10:38 - 2014-01-01 19:07 - 01931302 _____ (Farbar) C:\Users\Mesut\Desktop\FRST64.exe

2013-12-22 10:27 - 2014-01-01 18:50 - 00001064 _____ C:\Windows\setupact.log

2013-12-22 10:27 - 2014-01-01 18:49 - 00048552 _____ C:\Windows\PFRO.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2014-01-01 17:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:44 - 2013-12-18 16:45 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-18 16:39 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-10 18:13 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-09 21:47 - 2013-12-09 21:57 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:55 - 2013-12-08 22:58 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:23 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 16:02 - 2013-12-08 02:16 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-07 15:36 - 2013-12-07 20:12 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-05 13:32 - 2013-12-07 15:33 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 12:28 - 2013-12-07 15:33 - 00000000 ____D C:\AeriaGames
 

==================== One Month Modified Files and Folders =======
 

2014-01-01 19:08 - 2014-01-01 19:07 - 00013742 _____ C:\Users\Mesut\Desktop\FRST.txt

2014-01-01 19:07 - 2014-01-01 19:07 - 00000000 ____D C:\Users\Mesut\Desktop\FRST-OlderVersion

2014-01-01 19:07 - 2013-12-22 10:39 - 00000000 ____D C:\FRST

2014-01-01 19:07 - 2013-12-22 10:38 - 01931302 _____ (Farbar) C:\Users\Mesut\Desktop\FRST64.exe

2014-01-01 19:05 - 2014-01-01 19:05 - 00000623 _____ C:\Users\Mesut\Desktop\JRT.txt

2014-01-01 19:04 - 2014-01-01 19:03 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_128451

2014-01-01 18:56 - 2013-06-01 14:24 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Skype

2014-01-01 18:55 - 2014-01-01 18:55 - 01036305 _____ (Thisisu) C:\Users\Mesut\Desktop\JRT.exe

2014-01-01 18:53 - 2013-06-11 15:28 - 00000000 ____D C:\Program Files (x86)\Steam

2014-01-01 18:52 - 2013-10-04 17:53 - 00000000 ____D C:\Users\Mesut\AppData\Local\LogMeIn Hamachi

2014-01-01 18:52 - 2013-09-24 21:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2014-01-01 18:52 - 2013-06-01 14:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-01 18:50 - 2013-12-22 10:27 - 00001064 _____ C:\Windows\setupact.log

2014-01-01 18:50 - 2013-06-01 14:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-01 18:50 - 2013-06-01 13:37 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-01 18:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-01 18:49 - 2013-12-22 10:27 - 00048552 _____ C:\Windows\PFRO.log

2014-01-01 18:48 - 2013-06-01 16:46 - 01501398 _____ C:\Windows\WindowsUpdate.log

2014-01-01 18:48 - 2009-07-14 05:45 - 00019680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-01 18:48 - 2009-07-14 05:45 - 00019680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-01 18:47 - 2014-01-01 18:45 - 00000000 ____D C:\AdwCleaner

2014-01-01 18:45 - 2014-01-01 18:45 - 01233962 _____ C:\Users\Mesut\Desktop\adwcleaner.exe

2014-01-01 17:10 - 2014-01-01 17:10 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-01 17:10 - 2013-12-21 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-01 17:08 - 2014-01-01 17:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-01 15:14 - 2013-12-25 23:03 - 00000000 ____D C:\Users\Mesut\Desktop\SAMP

2014-01-01 14:44 - 2013-06-13 15:12 - 00000000 ____D C:\Users\Mesut\Desktop\Mesut abi

2013-12-31 18:09 - 2013-12-31 18:09 - 00000000 ___HD C:\Windows\SysWOW64\FF

2013-12-31 18:06 - 2013-08-11 14:43 - 00139264 _____ C:\Windows\SysWOW64\r_unzip.exe

2013-12-31 16:41 - 2013-12-23 14:25 - 00000000 ____D C:\Qoobox

2013-12-31 16:38 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini

2013-12-31 16:21 - 2013-09-26 17:31 - 00000000 ____D C:\Users\Mesut\AppData\Local\PMB Files

2013-12-31 16:21 - 2013-09-26 17:27 - 00000000 ____D C:\ProgramData\PMB Files

2013-12-31 16:19 - 2013-12-24 12:29 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-31 13:29 - 2013-08-23 18:26 - 00000000 ____D C:\Users\Mesut\AppData\Local\CrashDumps

2013-12-26 19:07 - 2013-06-01 21:31 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\TS3Client

2013-12-26 13:08 - 2013-06-01 13:07 - 00000000 ____D C:\Program Files\WinRAR

2013-12-26 01:06 - 2013-07-13 14:35 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-12-25 23:09 - 2013-12-25 20:29 - 00000000 ____D C:\Users\Mesut\Documents\GTA San Andreas User Files

2013-12-25 23:04 - 2013-12-25 23:04 - 03684312 _____ C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

2013-12-25 20:29 - 2013-12-25 20:29 - 00002124 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk

2013-12-25 20:28 - 2013-06-06 09:46 - 00000000 ____D C:\Program Files (x86)\MTA San Andreas 1.3

2013-12-25 20:27 - 2013-12-25 20:27 - 00000000 ____D C:\ProgramData\MTA San Andreas All

2013-12-25 19:47 - 2013-06-01 13:08 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-12-25 18:54 - 2013-06-01 14:24 - 00000000 ____D C:\ProgramData\Skype

2013-12-25 18:53 - 2013-06-01 14:24 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk

2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-24 14:57 - 2013-12-24 14:57 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-24 14:44 - 2013-12-24 14:44 - 00000000 ____D C:\Riot Games

2013-12-24 14:44 - 2013-06-01 14:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-24 12:08 - 2013-06-01 16:49 - 00000989 _____ C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2013-12-24 12:08 - 2013-06-01 14:19 - 00001282 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-24 11:55 - 2013-11-22 17:14 - 00000000 ____D C:\Users\Mesut\Desktop\Lavanda2

2013-12-24 11:55 - 2013-07-07 14:19 - 00000000 ____D C:\Users\Mesut\Desktop\Neuer Ordner

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Notepad++

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-12-23 14:51 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default

2013-12-23 14:50 - 2013-12-23 14:25 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:43 - 2009-07-14 03:34 - 57409536 _____ C:\Windows\system32\config\software.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 15466496 _____ C:\Windows\system32\config\system.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak

2013-12-22 10:40 - 2013-07-23 11:46 - 00000000 ____D C:\Users\Mesut\Desktop\samet

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:37 - 2013-08-31 15:26 - 00000000 ____D C:\Windows\pss

2013-12-21 20:24 - 2013-12-18 16:39 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-21 20:24 - 2013-12-01 01:06 - 00000000 ____D C:\Users\Mesut\Downloads\Feuergrun_v3

2013-12-21 20:24 - 2013-07-03 21:24 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO

2013-12-21 17:38 - 2013-06-11 19:00 - 00000730 _____ C:\Users\Mesut\Desktop\Neues Textdokument (2).txt

2013-12-20 22:58 - 2013-10-28 13:58 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.minecraft

2013-12-20 22:26 - 2013-08-31 18:06 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.technic

2013-12-20 22:22 - 2013-08-31 18:05 - 02303908 _____ () C:\Users\Mesut\Desktop\TechnicLauncher.exe

2013-12-20 19:15 - 2013-06-01 15:49 - 00694672 _____ C:\Windows\system32\perfh007.dat

2013-12-20 19:15 - 2013-06-01 15:49 - 00147796 _____ C:\Windows\system32\perfc007.dat

2013-12-20 19:15 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-20 16:13 - 2013-06-01 14:17 - 00064024 _____ C:\Users\Mesut\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-19 15:02 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:45 - 2013-12-18 16:44 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-13 20:58 - 2013-06-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-09 21:57 - 2013-12-09 21:47 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:58 - 2013-12-08 22:55 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:24 - 2013-12-10 18:13 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 22:24 - 2013-12-08 22:23 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 19:16 - 2013-11-04 17:16 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Mozilla

2013-12-08 02:16 - 2013-12-07 16:02 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-08 02:16 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-12-08 02:16 - 2013-08-23 00:33 - 00000000 ____D C:\ProgramData\TechSmith

2013-12-08 02:16 - 2013-08-11 14:42 - 00000000 ____D C:\Windows\Rent

2013-12-08 02:16 - 2013-07-22 17:59 - 00000000 ____D C:\Users\Mesut\AppData\Local\Akamai

2013-12-08 02:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2013-12-08 02:15 - 2013-08-23 00:33 - 00000000 ____D C:\Program Files (x86)\TechSmith

2013-12-07 23:26 - 2013-11-12 16:20 - 00000000 ____D C:\Users\Mesut\Desktop\Planungen

2013-12-07 22:46 - 2013-06-01 14:18 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-07 22:46 - 2013-06-01 14:18 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-07 20:12 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 17:18 - 2013-06-01 16:49 - 00000000 ____D C:\Users\Mesut

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-07 15:33 - 2013-12-05 13:32 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-07 15:33 - 2013-12-05 12:28 - 00000000 ____D C:\AeriaGames

2013-12-07 00:13 - 2013-09-11 16:52 - 00000755 _____ C:\Users\Mesut\Desktop\serial.txt

2013-12-07 00:13 - 2013-09-11 16:52 - 00000002 _____ C:\Users\Mesut\Desktop\myFile.txt

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 11:41 - 2013-06-04 14:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
 

Some content of TEMP:

====================

C:\Users\Mesut\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-11-30 14:29
 

==================== End Of Log ============================

--- --- ---

--- --- ---

es öffnet sich immer noch ;/ muss ich mein pc jetzt neu aufsetzten? ich frage mich wieso die nix finden

schrauber

02.01.2014 16:56

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Zerozo

03.01.2014 00:48

log

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=891dd038d3ec684f8ededdb1f3c3e4d6

# engine=16493

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-01-02 11:44:25

# local_time=2014-01-03 12:44:25 (+0100, Mitteleuropäische Zeit)

# country="Switzerland"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=774 16777213 85 91 15734582 165416137 0 0

# compatibility_mode=5893 16776574 100 94 4884693 140336115 0 0

# scanned=188819

# found=1

# cleaned=0

# scan_time=10406

sh=E508ACD8F97A24F734F8CE8BA685BCBA296E5C7D ft=1 fh=858fb24a9fdda1dc vn="multiple threats" ac=I fn="C:\Users\Mesut\Desktop\Neuer Ordner\Tools by Unpublished.exe"

Code:

 Results of screen317's Security Check version 0.99.78  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Java 7 Update 45  

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  

 Google Chrome dmlconf.dat..  
 ````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014

Ran by Mesut (administrator) on MESUT-PC on 03-01-2014 00:59:07

Running from C:\Users\Mesut\Desktop

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Windows\Rent\Update.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

() C:\Windows\Rent\Rent.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Mozilla Corporation) C:\Windows\SysWOW64\FF_BN_822043\App\Firefox\plugin-container.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [W7LXE] - C:\Users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe [28135936 2010-05-22] ()

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation)

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x974FB908CA5ECE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Mesut\AppData\Roaming\Mozilla\Firefox\Profiles\0w8hec2x.default

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mesut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 

Chrome: 

=======

CHR HomePage: hxxp://google.de/

CHR RestoreOnStartup: "https://www.google.de/"

CHR DefaultSearchKeyword: youtube.com

CHR DefaultSearchProvider: YouTube-Videosuche

CHR DefaultSearchURL: hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch

CHR DefaultNewTabURL: 

CHR Extension: (New Tab) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0

CHR Extension: (AdBlock) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (Twitch.tv Europe Lag Fix) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoehmlkhjgaboegkondkciclminpjof\2.0_0

CHR Extension: (Steam Theme) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0

CHR Extension: (Google Wallet) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx

CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx
 

==================== Services (Whitelisted) =================
 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-21] (Advanced Micro Devices, Inc.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()

R2 Rent Update; C:/Windows/Rent/Update.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [34816 2013-06-19] (Advanced Micro Devices)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)

S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-03 00:59 - 2014-01-03 00:59 - 00013450 _____ C:\Users\Mesut\Desktop\FRST.txt

2014-01-03 00:58 - 2014-01-03 00:59 - 00000000 ____D C:\FRST

2014-01-03 00:07 - 2014-01-03 00:10 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_822043

2014-01-01 19:07 - 2014-01-03 00:59 - 00000000 ____D C:\Users\Mesut\Desktop\FRST-OlderVersion

2014-01-01 18:45 - 2014-01-01 18:47 - 00000000 ____D C:\AdwCleaner

2014-01-01 18:45 - 2014-01-01 18:45 - 01233962 _____ C:\Users\Mesut\Desktop\adwcleaner.exe

2014-01-01 17:10 - 2014-01-01 17:10 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-01 17:08 - 2014-01-01 17:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Desktop\mbam-setup-1.75.0.1300.exe

2013-12-31 18:09 - 2013-12-31 18:09 - 00000000 ___HD C:\Windows\SysWOW64\FF

2013-12-25 23:04 - 2013-12-25 23:04 - 03684312 _____ C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

2013-12-25 23:03 - 2014-01-01 15:14 - 00000000 ____D C:\Users\Mesut\Desktop\SAMP

2013-12-25 20:29 - 2013-12-25 23:09 - 00000000 ____D C:\Users\Mesut\Documents\GTA San Andreas User Files

2013-12-25 20:29 - 2013-12-25 20:29 - 00002124 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk

2013-12-25 20:27 - 2013-12-25 20:27 - 00000000 ____D C:\ProgramData\MTA San Andreas All

2013-12-25 20:19 - 2013-03-04 01:46 - 00000000 ____D C:\Users\Mesut\Desktop\mta

2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-24 14:57 - 2013-12-24 14:57 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-24 14:44 - 2013-12-24 14:44 - 00000000 ____D C:\Riot Games

2013-12-24 12:29 - 2013-12-31 16:19 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-23 14:25 - 2013-12-31 16:41 - 00000000 ____D C:\Qoobox

2013-12-23 14:25 - 2013-12-23 14:50 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-23 14:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-23 14:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-22 10:38 - 2014-01-03 00:59 - 01931498 _____ (Farbar) C:\Users\Mesut\Desktop\FRST64.exe

2013-12-22 10:27 - 2014-01-02 21:39 - 00048900 _____ C:\Windows\PFRO.log

2013-12-22 10:27 - 2014-01-02 21:39 - 00001232 _____ C:\Windows\setupact.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2014-01-01 17:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:44 - 2013-12-18 16:45 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-18 16:39 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-10 18:13 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-09 21:47 - 2013-12-09 21:57 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:55 - 2013-12-08 22:58 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:23 - 2013-12-08 22:24 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 16:02 - 2013-12-08 02:16 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-07 15:36 - 2013-12-07 20:12 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-05 13:32 - 2013-12-07 15:33 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 12:28 - 2013-12-07 15:33 - 00000000 ____D C:\AeriaGames
 

==================== One Month Modified Files and Folders =======
 

2014-01-03 00:59 - 2014-01-03 00:59 - 00013450 _____ C:\Users\Mesut\Desktop\FRST.txt

2014-01-03 00:59 - 2014-01-03 00:58 - 00000000 ____D C:\FRST

2014-01-03 00:59 - 2014-01-01 19:07 - 00000000 ____D C:\Users\Mesut\Desktop\FRST-OlderVersion

2014-01-03 00:59 - 2013-12-22 10:38 - 01931498 _____ (Farbar) C:\Users\Mesut\Desktop\FRST64.exe

2014-01-03 00:51 - 2013-06-01 14:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-03 00:10 - 2014-01-03 00:07 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_822043

2014-01-02 23:48 - 2009-07-14 05:45 - 00019680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-02 23:48 - 2009-07-14 05:45 - 00019680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-02 23:44 - 2013-09-26 17:31 - 00000000 ____D C:\Users\Mesut\AppData\Local\PMB Files

2014-01-02 23:44 - 2013-09-26 17:27 - 00000000 ____D C:\ProgramData\PMB Files

2014-01-02 22:51 - 2013-06-01 14:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-02 22:00 - 2013-06-01 14:24 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Skype

2014-01-02 21:56 - 2013-06-01 16:46 - 01555324 _____ C:\Windows\WindowsUpdate.log

2014-01-02 21:49 - 2013-06-11 15:28 - 00000000 ____D C:\Program Files (x86)\Steam

2014-01-02 21:46 - 2013-09-24 21:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2014-01-02 21:41 - 2013-10-04 17:53 - 00000000 ____D C:\Users\Mesut\AppData\Local\LogMeIn Hamachi

2014-01-02 21:39 - 2013-12-22 10:27 - 00048900 _____ C:\Windows\PFRO.log

2014-01-02 21:39 - 2013-12-22 10:27 - 00001232 _____ C:\Windows\setupact.log

2014-01-02 21:39 - 2013-06-01 13:37 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-02 21:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-01 22:45 - 2013-06-01 21:31 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\TS3Client

2014-01-01 18:47 - 2014-01-01 18:45 - 00000000 ____D C:\AdwCleaner

2014-01-01 18:45 - 2014-01-01 18:45 - 01233962 _____ C:\Users\Mesut\Desktop\adwcleaner.exe

2014-01-01 17:10 - 2014-01-01 17:10 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-01 17:10 - 2013-12-21 20:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-01 17:08 - 2014-01-01 17:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-01 15:14 - 2013-12-25 23:03 - 00000000 ____D C:\Users\Mesut\Desktop\SAMP

2014-01-01 14:44 - 2013-06-13 15:12 - 00000000 ____D C:\Users\Mesut\Desktop\Mesut abi

2013-12-31 18:09 - 2013-12-31 18:09 - 00000000 ___HD C:\Windows\SysWOW64\FF

2013-12-31 18:06 - 2013-08-11 14:43 - 00139264 _____ C:\Windows\SysWOW64\r_unzip.exe

2013-12-31 16:41 - 2013-12-23 14:25 - 00000000 ____D C:\Qoobox

2013-12-31 16:38 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini

2013-12-31 16:19 - 2013-12-24 12:29 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-31 13:29 - 2013-08-23 18:26 - 00000000 ____D C:\Users\Mesut\AppData\Local\CrashDumps

2013-12-26 13:08 - 2013-06-01 13:07 - 00000000 ____D C:\Program Files\WinRAR

2013-12-26 01:06 - 2013-07-13 14:35 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-12-25 23:09 - 2013-12-25 20:29 - 00000000 ____D C:\Users\Mesut\Documents\GTA San Andreas User Files

2013-12-25 23:04 - 2013-12-25 23:04 - 03684312 _____ C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

2013-12-25 20:29 - 2013-12-25 20:29 - 00002124 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk

2013-12-25 20:28 - 2013-06-06 09:46 - 00000000 ____D C:\Program Files (x86)\MTA San Andreas 1.3

2013-12-25 20:27 - 2013-12-25 20:27 - 00000000 ____D C:\ProgramData\MTA San Andreas All

2013-12-25 19:47 - 2013-06-01 13:08 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-12-25 18:54 - 2013-06-01 14:24 - 00000000 ____D C:\ProgramData\Skype

2013-12-25 18:53 - 2013-06-01 14:24 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk

2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-24 14:57 - 2013-12-24 14:57 - 00001722 _____ C:\Users\Public\Desktop\League of Legends spielen .lnk

2013-12-24 14:44 - 2013-12-24 14:44 - 00000000 ____D C:\Riot Games

2013-12-24 14:44 - 2013-06-01 14:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-24 12:08 - 2013-06-01 16:49 - 00000989 _____ C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2013-12-24 12:08 - 2013-06-01 14:19 - 00001282 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-24 11:55 - 2013-11-22 17:14 - 00000000 ____D C:\Users\Mesut\Desktop\Lavanda2

2013-12-24 11:55 - 2013-07-07 14:19 - 00000000 ____D C:\Users\Mesut\Desktop\Neuer Ordner

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Notepad++

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-12-23 14:51 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default

2013-12-23 14:50 - 2013-12-23 14:25 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:43 - 2009-07-14 03:34 - 57409536 _____ C:\Windows\system32\config\software.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 15466496 _____ C:\Windows\system32\config\system.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak

2013-12-22 10:40 - 2013-07-23 11:46 - 00000000 ____D C:\Users\Mesut\Desktop\samet

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:37 - 2013-08-31 15:26 - 00000000 ____D C:\Windows\pss

2013-12-21 20:24 - 2013-12-18 16:39 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-21 20:24 - 2013-12-01 01:06 - 00000000 ____D C:\Users\Mesut\Downloads\Feuergrun_v3

2013-12-21 20:24 - 2013-07-03 21:24 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO

2013-12-21 17:38 - 2013-06-11 19:00 - 00000730 _____ C:\Users\Mesut\Desktop\Neues Textdokument (2).txt

2013-12-20 22:58 - 2013-10-28 13:58 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.minecraft

2013-12-20 22:26 - 2013-08-31 18:06 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.technic

2013-12-20 22:22 - 2013-08-31 18:05 - 02303908 _____ () C:\Users\Mesut\Desktop\TechnicLauncher.exe

2013-12-20 19:15 - 2013-06-01 15:49 - 00694672 _____ C:\Windows\system32\perfh007.dat

2013-12-20 19:15 - 2013-06-01 15:49 - 00147796 _____ C:\Windows\system32\perfc007.dat

2013-12-20 19:15 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-20 16:13 - 2013-06-01 14:17 - 00064024 _____ C:\Users\Mesut\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-19 15:02 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:45 - 2013-12-18 16:44 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-13 20:58 - 2013-06-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-13 10:39 - 2013-12-13 10:39 - 00003288 ____N C:\bootsqm.dat

2013-12-09 21:57 - 2013-12-09 21:47 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_2019128

2013-12-08 22:58 - 2013-12-08 22:55 - 103556646 _____ C:\Users\Mesut\Documents\Blumio-Antigewaltsong (HD Version).mp4

2013-12-08 22:24 - 2013-12-10 18:13 - 13772624 _____ C:\Users\Mesut\Desktop\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 22:24 - 2013-12-08 22:23 - 13772624 _____ C:\Users\Mesut\Documents\Blumio - Hey Mr. Nazi (Yellow Album JETZT BESTELLEN unter HIPSTORE.DE!).mp4

2013-12-08 19:16 - 2013-11-04 17:16 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Mozilla

2013-12-08 02:16 - 2013-12-07 16:02 - 00000000 ____D C:\Users\Mesut\F5C9BE9A04C34A728CD0BB67C722D608.TMP

2013-12-08 02:16 - 2013-11-28 22:41 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-12-08 02:16 - 2013-08-23 00:33 - 00000000 ____D C:\ProgramData\TechSmith

2013-12-08 02:16 - 2013-08-11 14:42 - 00000000 ____D C:\Windows\Rent

2013-12-08 02:16 - 2013-07-22 17:59 - 00000000 ____D C:\Users\Mesut\AppData\Local\Akamai

2013-12-08 02:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2013-12-08 02:15 - 2013-08-23 00:33 - 00000000 ____D C:\Program Files (x86)\TechSmith

2013-12-07 23:26 - 2013-11-12 16:20 - 00000000 ____D C:\Users\Mesut\Desktop\Planungen

2013-12-07 22:46 - 2013-06-01 14:18 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-07 22:46 - 2013-06-01 14:18 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-07 20:12 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\Documents\Bandicam

2013-12-07 17:18 - 2013-06-01 16:49 - 00000000 ____D C:\Users\Mesut

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2013-12-07 16:14 - 2013-12-07 16:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-07 15:36 - 2013-12-07 15:36 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\BANDISOFT

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000992 _____ C:\Users\Mesut\Desktop\Bandicam.lnk

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1

2013-12-07 15:35 - 2013-12-07 15:35 - 00000000 ____D C:\Program Files (x86)\Bandicam

2013-12-07 15:33 - 2013-12-05 13:32 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2013-12-07 15:33 - 2013-12-05 12:28 - 00000000 ____D C:\AeriaGames

2013-12-07 00:13 - 2013-09-11 16:52 - 00000755 _____ C:\Users\Mesut\Desktop\serial.txt

2013-12-07 00:13 - 2013-09-11 16:52 - 00000002 _____ C:\Users\Mesut\Desktop\myFile.txt

2013-12-05 13:23 - 2013-12-05 13:23 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk

2013-12-05 13:23 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\Aeria Games

2013-12-05 11:41 - 2013-06-04 14:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
 

Some content of TEMP:

====================

C:\Users\Mesut\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-11-30 14:29
 

==================== End Of Log ============================

--- --- ---

ja ;/

schrauber

03.01.2014 12:47

was ja?

Zerozo

03.01.2014 18:20

ja es öffnet sich noch

schrauber

04.01.2014 15:38

Firefox komplett deinstallieren, keine Daten behalten, neu installieren. Frisches FRST log bitte. Immer noch?

Zerozo

04.01.2014 15:45

Zitat:

Zitat von schrauber (Beitrag 1224698)

Firefox komplett deinstallieren,

es lässt sich ja nicht deinstallieren ich habs auch schon mit revo uninstalller versucht ich downloade mir mal firefox und deinstalliere es danach gleich ein versuch ist es wert ne klappt nicht ;( öffnet sich immer noch

schrauber

05.01.2014 11:58

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Zerozo

05.01.2014 18:47

oke

Code:

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org
 

Database version: v2014.01.05.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mesut :: MESUT-PC [administrator]
 

05.01.2014 18:51:10

mbar-log-2014-01-05 (18-51-10).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 265155

Time elapsed: 11 minute(s), 49 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

es öffnet sich immer noch

schrauber

06.01.2014 16:21

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

und lass bitte noch GMER scannen.

Zerozo

06.01.2014 17:18

TDSS

Code:

17:15:09.0594 3652  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

17:15:12.0130 3652  ============================================================

17:15:12.0130 3652  Current date / time: 2014/01/06 17:15:12.0130

17:15:12.0130 3652  SystemInfo:

17:15:12.0130 3652  

17:15:12.0130 3652  OS Version: 6.1.7601 ServicePack: 1.0

17:15:12.0130 3652  Product type: Workstation

17:15:12.0130 3652  ComputerName: MESUT-PC

17:15:12.0131 3652  UserName: Mesut

17:15:12.0131 3652  Windows directory: C:\Windows

17:15:12.0131 3652  System windows directory: C:\Windows

17:15:12.0131 3652  Running under WOW64

17:15:12.0131 3652  Processor architecture: Intel x64

17:15:12.0131 3652  Number of processors: 3

17:15:12.0131 3652  Page size: 0x1000

17:15:12.0131 3652  Boot type: Normal boot

17:15:12.0131 3652  ============================================================

17:15:13.0540 3652  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:15:13.0543 3652  ============================================================

17:15:13.0543 3652  \Device\Harddisk0\DR0:

17:15:13.0543 3652  MBR partitions:

17:15:13.0543 3652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:15:13.0544 3652  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800

17:15:13.0544 3652  ============================================================

17:15:13.0574 3652  C: <-> \Device\Harddisk0\DR0\Partition2

17:15:13.0574 3652  ============================================================

17:15:13.0574 3652  Initialize success

17:15:13.0574 3652  ============================================================

17:15:16.0756 4268  ============================================================

17:15:16.0757 4268  Scan started

17:15:16.0757 4268  Mode: Manual; 

17:15:16.0757 4268  ============================================================

17:15:18.0126 4268  ================ Scan system memory ========================

17:15:18.0126 4268  Scan interrupted by user!

17:15:18.0126 4268  ================ Scan services =============================

17:15:18.0172 4268  Scan interrupted by user!

17:15:18.0172 4268  ================ Scan global ===============================

17:15:18.0172 4268  Scan interrupted by user!

17:15:18.0172 4268  ================ Scan MBR ==================================

17:15:18.0172 4268  Scan interrupted by user!

17:15:18.0172 4268  ================ Scan VBR ==================================

17:15:18.0172 4268  Scan interrupted by user!

17:15:18.0172 4268  ============================================================

17:15:18.0172 4268  Scan finished

17:15:18.0172 4268  ============================================================

17:15:18.0191 1504  Detected object count: 0

17:15:18.0191 1504  Actual detected object count: 0

17:15:38.0972 1236  ============================================================

17:15:38.0972 1236  Scan started

17:15:38.0972 1236  Mode: Manual; SigCheck; TDLFS; 

17:15:38.0972 1236  ============================================================

17:15:44.0191 1236  ================ Scan system memory ========================

17:15:44.0191 1236  System memory - ok

17:15:44.0192 1236  ================ Scan services =============================

17:15:49.0926 1236  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

17:15:49.0981 1236  1394ohci - ok

17:15:50.0047 1236  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

17:15:50.0063 1236  ACPI - ok

17:15:50.0103 1236  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

17:15:50.0122 1236  AcpiPmi - ok

17:15:50.0169 1236  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

17:15:50.0189 1236  adp94xx - ok

17:15:50.0208 1236  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys

17:15:50.0225 1236  adpahci - ok

17:15:50.0257 1236  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

17:15:50.0269 1236  adpu320 - ok

17:15:50.0311 1236  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

17:15:50.0342 1236  AeLookupSvc - ok

17:15:50.0407 1236  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys

17:15:50.0443 1236  AFD - ok

17:15:50.0489 1236  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys

17:15:50.0793 1236  agp440 - ok

17:15:50.0951 1236  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe

17:15:50.0990 1236  ALG - ok

17:15:51.0088 1236  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys

17:15:51.0122 1236  aliide - ok

17:15:51.0472 1236  AMD FUEL Service - ok

17:15:51.0555 1236  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys

17:15:51.0572 1236  amdide - ok

17:15:51.0602 1236  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

17:15:51.0619 1236  AmdK8 - ok

17:15:51.0642 1236  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

17:15:51.0655 1236  AmdPPM - ok

17:15:51.0690 1236  [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys

17:15:51.0709 1236  amdsata - ok

17:15:51.0754 1236  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

17:15:51.0766 1236  amdsbs - ok

17:15:51.0789 1236  [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

17:15:51.0799 1236  amdxata - ok

17:15:51.0863 1236  [ 563EFD021AEB95CAE619643AD82F9D9F ] AODDriver4.2.0  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

17:15:51.0868 1236  AODDriver4.2.0 ( UnsignedFile.Multi.Generic ) - warning

17:15:51.0868 1236  AODDriver4.2.0 - detected UnsignedFile.Multi.Generic (1)

17:15:51.0898 1236  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys

17:15:51.0926 1236  AppID - ok

17:15:51.0951 1236  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

17:15:51.0978 1236  AppIDSvc - ok

17:15:52.0010 1236  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll

17:15:52.0022 1236  Appinfo - ok

17:15:52.0047 1236  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll

17:15:52.0062 1236  AppMgmt - ok

17:15:52.0101 1236  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys

17:15:52.0112 1236  arc - ok

17:15:52.0120 1236  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys

17:15:52.0130 1236  arcsas - ok

17:15:52.0368 1236  [ 4F68A6B5705221CCC1CC73F00D79A9E9 ] ArcService      C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe

17:15:52.0379 1236  ArcService - ok

17:15:52.0875 1236  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:15:52.0894 1236  aspnet_state - ok

17:15:52.0946 1236  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys

17:15:52.0957 1236  aswFsBlk - ok

17:15:53.0018 1236  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys

17:15:53.0032 1236  aswMonFlt - ok

17:15:53.0059 1236  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys

17:15:53.0070 1236  aswRdr - ok

17:15:53.0101 1236  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys

17:15:53.0113 1236  aswRvrt - ok

17:15:53.0180 1236  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys

17:15:53.0219 1236  aswSnx - ok

17:15:53.0238 1236  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys

17:15:53.0260 1236  aswSP - ok

17:15:53.0272 1236  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys

17:15:53.0285 1236  aswTdi - ok

17:15:53.0314 1236  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys

17:15:53.0328 1236  aswVmm - ok

17:15:53.0369 1236  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

17:15:53.0400 1236  AsyncMac - ok

17:15:53.0437 1236  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys

17:15:53.0450 1236  atapi - ok

17:15:53.0501 1236  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys

17:15:53.0514 1236  AtiPcie - ok

17:15:53.0552 1236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:15:53.0589 1236  AudioEndpointBuilder - ok

17:15:53.0598 1236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

17:15:53.0633 1236  AudioSrv - ok

17:15:53.0740 1236  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

17:15:53.0752 1236  avast! Antivirus - ok

17:15:53.0792 1236  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll

17:15:53.0807 1236  AxInstSV - ok

17:15:53.0860 1236  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys

17:15:53.0890 1236  b06bdrv - ok

17:15:53.0933 1236  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

17:15:53.0949 1236  b57nd60a - ok

17:15:53.0993 1236  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll

17:15:54.0007 1236  BDESVC - ok

17:15:54.0012 1236  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys

17:15:54.0040 1236  Beep - ok

17:15:54.0100 1236  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll

17:15:54.0138 1236  BFE - ok

17:15:54.0176 1236  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll

17:15:54.0219 1236  BITS - ok

17:15:54.0257 1236  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

17:15:54.0269 1236  blbdrive - ok

17:15:54.0274 1236  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

17:15:54.0306 1236  bowser - ok

17:15:54.0335 1236  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

17:15:54.0353 1236  BrFiltLo - ok

17:15:54.0365 1236  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

17:15:54.0383 1236  BrFiltUp - ok

17:15:54.0415 1236  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys

17:15:54.0449 1236  BridgeMP - ok

17:15:54.0503 1236  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll

17:15:54.0520 1236  Browser - ok

17:15:54.0717 1236  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

17:15:54.0741 1236  Brserid - ok

17:15:54.0779 1236  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

17:15:54.0794 1236  BrSerWdm - ok

17:15:54.0808 1236  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

17:15:54.0822 1236  BrUsbMdm - ok

17:15:54.0828 1236  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

17:15:54.0842 1236  BrUsbSer - ok

17:15:54.0859 1236  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

17:15:54.0873 1236  BTHMODEM - ok

17:15:54.0919 1236  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll

17:15:54.0950 1236  bthserv - ok

17:15:54.0979 1236  catchme - ok

17:15:55.0004 1236  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

17:15:55.0096 1236  cdfs - ok

17:15:55.0146 1236  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

17:15:55.0166 1236  cdrom - ok

17:15:55.0196 1236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll

17:15:55.0226 1236  CertPropSvc - ok

17:15:55.0251 1236  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys

17:15:55.0286 1236  circlass - ok

17:15:55.0319 1236  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys

17:15:55.0336 1236  CLFS - ok

17:15:55.0444 1236  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:15:55.0456 1236  clr_optimization_v2.0.50727_32 - ok

17:15:55.0493 1236  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:15:55.0507 1236  clr_optimization_v2.0.50727_64 - ok

17:15:55.0726 1236  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:15:55.0738 1236  clr_optimization_v4.0.30319_32 - ok

17:15:55.0782 1236  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:15:55.0793 1236  clr_optimization_v4.0.30319_64 - ok

17:15:55.0831 1236  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys

17:15:55.0843 1236  CmBatt - ok

17:15:55.0847 1236  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys

17:15:55.0858 1236  cmdide - ok

17:15:55.0898 1236  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys

17:15:55.0920 1236  CNG - ok

17:15:55.0964 1236  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

17:15:55.0973 1236  Compbatt - ok

17:15:55.0996 1236  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys

17:15:56.0011 1236  CompositeBus - ok

17:15:56.0016 1236  COMSysApp - ok

17:15:56.0023 1236  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

17:15:56.0035 1236  crcdisk - ok

17:15:56.0079 1236  [ 7FDC4626B01106A8EF328C88C7C0DEE3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

17:15:56.0100 1236  CryptSvc - ok

17:15:56.0123 1236  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys

17:15:56.0150 1236  CSC - ok

17:15:56.0185 1236  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll

17:15:56.0208 1236  CscService - ok

17:15:56.0257 1236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll

17:15:56.0290 1236  DcomLaunch - ok

17:15:56.0317 1236  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll

17:15:56.0355 1236  defragsvc - ok

17:15:56.0401 1236  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

17:15:56.0434 1236  DfsC - ok

17:15:56.0489 1236  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll

17:15:56.0622 1236  Dhcp - ok

17:15:56.0712 1236  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys

17:15:56.0744 1236  discache - ok

17:15:56.0800 1236  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys

17:15:56.0810 1236  Disk - ok

17:15:56.0832 1236  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys

17:15:56.0854 1236  dmvsc - ok

17:15:56.0883 1236  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

17:15:56.0896 1236  Dnscache - ok

17:15:56.0907 1236  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll

17:15:56.0943 1236  dot3svc - ok

17:15:56.0954 1236  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll

17:15:56.0981 1236  DPS - ok

17:15:57.0022 1236  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

17:15:57.0041 1236  drmkaud - ok

17:15:57.0088 1236  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

17:15:57.0114 1236  DXGKrnl - ok

17:15:57.0138 1236  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys

17:15:57.0150 1236  E1G60 - ok

17:15:57.0180 1236  EagleX64 - ok

17:15:57.0211 1236  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll

17:15:57.0242 1236  EapHost - ok

17:15:57.0309 1236  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys

17:15:57.0386 1236  ebdrv - ok

17:15:57.0409 1236  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe

17:15:57.0436 1236  EFS - ok

17:15:57.0531 1236  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

17:15:57.0555 1236  ehRecvr - ok

17:15:57.0565 1236  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe

17:15:57.0581 1236  ehSched - ok

17:15:57.0628 1236  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

17:15:57.0645 1236  elxstor - ok

17:15:57.0649 1236  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys

17:15:57.0665 1236  ErrDev - ok

17:15:57.0704 1236  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll

17:15:57.0742 1236  EventSystem - ok

17:15:57.0757 1236  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys

17:15:57.0788 1236  exfat - ok

17:15:57.0880 1236  FairplayKD - ok

17:15:57.0898 1236  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys

17:15:57.0933 1236  fastfat - ok

17:15:57.0975 1236  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe

17:15:57.0999 1236  Fax - ok

17:15:58.0016 1236  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys

17:15:58.0032 1236  fdc - ok

17:15:58.0065 1236  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll

17:15:58.0094 1236  fdPHost - ok

17:15:58.0103 1236  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll

17:15:58.0135 1236  FDResPub - ok

17:15:58.0161 1236  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

17:15:58.0172 1236  FileInfo - ok

17:15:58.0176 1236  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

17:15:58.0209 1236  Filetrace - ok

17:15:58.0214 1236  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys

17:15:58.0229 1236  flpydisk - ok

17:15:58.0248 1236  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

17:15:58.0262 1236  FltMgr - ok

17:15:58.0570 1236  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll

17:15:58.0756 1236  FontCache - ok

17:15:58.0839 1236  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:15:58.0866 1236  FontCache3.0.0.0 - ok

17:15:59.0058 1236  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

17:15:59.0124 1236  FsDepends - ok

17:15:59.0235 1236  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

17:15:59.0292 1236  Fs_Rec - ok

17:15:59.0429 1236  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

17:15:59.0462 1236  fvevol - ok

17:15:59.0557 1236  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

17:15:59.0570 1236  gagp30kx - ok

17:15:59.0605 1236  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll

17:15:59.0645 1236  gpsvc - ok

17:15:59.0778 1236  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:15:59.0790 1236  gupdate - ok

17:15:59.0795 1236  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:15:59.0803 1236  gupdatem - ok

17:15:59.0879 1236  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys

17:15:59.0890 1236  hamachi - ok

17:16:00.0569 1236  [ E24E88736B13BC54CA93E7F86A0F4FCF ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

17:16:00.0759 1236  Hamachi2Svc - ok

17:16:00.0851 1236  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

17:16:00.0867 1236  hcw85cir - ok

17:16:01.0033 1236  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:16:01.0063 1236  HdAudAddService - ok

17:16:01.0122 1236  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

17:16:01.0148 1236  HDAudBus - ok

17:16:01.0177 1236  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys

17:16:01.0194 1236  HidBatt - ok

17:16:01.0204 1236  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys

17:16:01.0222 1236  HidBth - ok

17:16:01.0259 1236  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys

17:16:01.0273 1236  HidIr - ok

17:16:01.0352 1236  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll

17:16:01.0403 1236  hidserv - ok

17:16:01.0517 1236  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

17:16:01.0540 1236  HidUsb - ok

17:16:01.0600 1236  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll

17:16:01.0642 1236  hkmsvc - ok

17:16:01.0716 1236  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:16:01.0778 1236  HomeGroupListener - ok

17:16:01.0951 1236  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:16:02.0004 1236  HomeGroupProvider - ok

17:16:02.0072 1236  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

17:16:02.0089 1236  HpSAMD - ok

17:16:02.0207 1236  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

17:16:02.0266 1236  HTTP - ok

17:16:02.0292 1236  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

17:16:02.0314 1236  hwpolicy - ok

17:16:02.0339 1236  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

17:16:02.0380 1236  i8042prt - ok

17:16:02.0438 1236  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

17:16:02.0461 1236  iaStorV - ok

17:16:02.0842 1236  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:16:02.0889 1236  idsvc - ok

17:16:02.0948 1236  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

17:16:02.0976 1236  iirsp - ok

17:16:03.0251 1236  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll

17:16:03.0308 1236  IKEEXT - ok

17:16:03.0336 1236  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys

17:16:03.0363 1236  intelide - ok

17:16:03.0415 1236  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys

17:16:03.0442 1236  intelppm - ok

17:16:03.0483 1236  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

17:16:03.0534 1236  IPBusEnum - ok

17:16:03.0560 1236  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:16:03.0636 1236  IpFilterDriver - ok

17:16:03.0855 1236  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

17:16:03.0894 1236  iphlpsvc - ok

17:16:03.0973 1236  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

17:16:04.0035 1236  IPMIDRV - ok

17:16:04.0062 1236  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

17:16:04.0113 1236  IPNAT - ok

17:16:04.0243 1236  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

17:16:04.0282 1236  IRENUM - ok

17:16:04.0321 1236  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

17:16:04.0351 1236  isapnp - ok

17:16:04.0497 1236  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

17:16:04.0595 1236  iScsiPrt - ok

17:16:04.0744 1236  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

17:16:04.0804 1236  kbdclass - ok

17:16:04.0955 1236  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

17:16:05.0263 1236  kbdhid - ok

17:16:05.0339 1236  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe

17:16:05.0353 1236  KeyIso - ok

17:16:05.0477 1236  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

17:16:05.0553 1236  KSecDD - ok

17:16:05.0771 1236  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

17:16:05.0788 1236  KSecPkg - ok

17:16:05.0833 1236  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

17:16:05.0889 1236  ksthunk - ok

17:16:06.0227 1236  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll

17:16:06.0287 1236  KtmRm - ok

17:16:06.0331 1236  [ A43A9920D2409BB9DA747D2FD20A2E61 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys

17:16:06.0368 1236  L1C - ok

17:16:06.0470 1236  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll

17:16:06.0517 1236  LanmanServer - ok

17:16:06.0642 1236  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:16:06.0730 1236  LanmanWorkstation - ok

17:16:06.0798 1236  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

17:16:06.0889 1236  lltdio - ok

17:16:07.0224 1236  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

17:16:07.0313 1236  lltdsvc - ok

17:16:07.0374 1236  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll

17:16:07.0474 1236  lmhosts - ok

17:16:07.0773 1236  [ 02468469C450CD16FB66A56FAB70138B ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

17:16:07.0808 1236  LMIGuardianSvc - ok

17:16:07.0854 1236  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

17:16:07.0879 1236  LSI_FC - ok

17:16:07.0912 1236  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

17:16:07.0946 1236  LSI_SAS - ok

17:16:07.0968 1236  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys

17:16:07.0992 1236  LSI_SAS2 - ok

17:16:08.0037 1236  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

17:16:08.0066 1236  LSI_SCSI - ok

17:16:08.0097 1236  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys

17:16:08.0146 1236  luafv - ok

17:16:08.0200 1236  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

17:16:08.0235 1236  Mcx2Svc - ok

17:16:08.0264 1236  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys

17:16:08.0290 1236  megasas - ok

17:16:08.0370 1236  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys

17:16:08.0390 1236  MegaSR - ok

17:16:08.0564 1236  [ B6CCDC7F88354F2D053A8ADF13DD3AAB ] Mkd2Nadr        C:\Windows\system32\drivers\Mkd2Nadr.sys

17:16:08.0594 1236  Mkd2Nadr - ok

17:16:08.0947 1236  [ 28630C95D8F1CC313E80B8EF376648F2 ] Mkd3kfNt        C:\Windows\system32\drivers\Mkd3kfNt.sys

17:16:08.0975 1236  Mkd3kfNt - ok

17:16:09.0048 1236  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll

17:16:09.0095 1236  MMCSS - ok

17:16:09.0169 1236  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys

17:16:09.0227 1236  Modem - ok

17:16:09.0258 1236  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

17:16:09.0271 1236  monitor - ok

17:16:09.0326 1236  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

17:16:09.0349 1236  mouclass - ok

17:16:09.0393 1236  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

17:16:09.0423 1236  mouhid - ok

17:16:09.0497 1236  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

17:16:09.0527 1236  mountmgr - ok

17:16:09.0588 1236  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys

17:16:09.0635 1236  mpio - ok

17:16:09.0689 1236  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

17:16:09.0922 1236  mpsdrv - ok

17:16:10.0282 1236  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll

17:16:10.0320 1236  MpsSvc - ok

17:16:10.0445 1236  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

17:16:10.0466 1236  MRxDAV - ok

17:16:10.0572 1236  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

17:16:10.0753 1236  mrxsmb - ok

17:16:10.0979 1236  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:16:11.0036 1236  mrxsmb10 - ok

17:16:11.0165 1236  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:16:11.0216 1236  mrxsmb20 - ok

17:16:11.0330 1236  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys

17:16:11.0398 1236  msahci - ok

17:16:11.0512 1236  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

17:16:11.0530 1236  msdsm - ok

17:16:11.0602 1236  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe

17:16:11.0644 1236  MSDTC - ok

17:16:11.0766 1236  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

17:16:11.0812 1236  Msfs - ok

17:16:11.0863 1236  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

17:16:11.0892 1236  mshidkmdf - ok

17:16:11.0933 1236  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

17:16:11.0971 1236  msisadrv - ok

17:16:12.0067 1236  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

17:16:12.0125 1236  MSiSCSI - ok

17:16:12.0129 1236  msiserver - ok

17:16:12.0184 1236  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

17:16:12.0234 1236  MSKSSRV - ok

17:16:12.0417 1236  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

17:16:12.0460 1236  MSPCLOCK - ok

17:16:12.0484 1236  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

17:16:12.0535 1236  MSPQM - ok

17:16:12.0559 1236  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

17:16:12.0582 1236  MsRPC - ok

17:16:12.0625 1236  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

17:16:12.0646 1236  mssmbios - ok

17:16:12.0680 1236  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

17:16:12.0714 1236  MSTEE - ok

17:16:12.0719 1236  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys

17:16:12.0734 1236  MTConfig - ok

17:16:12.0747 1236  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys

17:16:12.0760 1236  Mup - ok

17:16:12.0916 1236  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll

17:16:12.0972 1236  napagent - ok

17:16:13.0137 1236  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

17:16:13.0179 1236  NativeWifiP - ok

17:16:13.0498 1236  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys

17:16:13.0549 1236  NDIS - ok

17:16:13.0624 1236  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

17:16:13.0673 1236  NdisCap - ok

17:16:13.0713 1236  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

17:16:13.0758 1236  NdisTapi - ok

17:16:13.0792 1236  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

17:16:13.0829 1236  Ndisuio - ok

17:16:13.0862 1236  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

17:16:13.0890 1236  NdisWan - ok

17:16:13.0901 1236  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

17:16:13.0935 1236  NDProxy - ok

17:16:13.0983 1236  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

17:16:14.0018 1236  NetBIOS - ok

17:16:14.0075 1236  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

17:16:14.0113 1236  NetBT - ok

17:16:14.0136 1236  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe

17:16:14.0148 1236  Netlogon - ok

17:16:14.0293 1236  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll

17:16:14.0345 1236  Netman - ok

17:16:14.0435 1236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:16:14.0456 1236  NetMsmqActivator - ok

17:16:14.0460 1236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:16:14.0469 1236  NetPipeActivator - ok

17:16:14.0584 1236  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll

17:16:14.0643 1236  netprofm - ok

17:16:14.0675 1236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:16:14.0722 1236  NetTcpActivator - ok

17:16:14.0745 1236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:16:14.0758 1236  NetTcpPortSharing - ok

17:16:14.0868 1236  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

17:16:14.0908 1236  nfrd960 - ok

17:16:15.0031 1236  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll

17:16:15.0093 1236  NlaSvc - ok

17:16:15.0135 1236  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

17:16:15.0203 1236  Npfs - ok

17:16:15.0345 1236  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll

17:16:15.0430 1236  nsi - ok

17:16:15.0478 1236  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

17:16:15.0524 1236  nsiproxy - ok

17:16:16.0018 1236  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

17:16:16.0064 1236  Ntfs - ok

17:16:16.0136 1236  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys

17:16:16.0178 1236  Null - ok

17:16:16.0296 1236  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys

17:16:16.0349 1236  NVHDA - ok

17:16:18.0009 1236  [ EE6B7B6A54BCAFF516E30B1C15467495 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:16:18.0349 1236  nvlddmkm - ok

17:16:18.0402 1236  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

17:16:18.0417 1236  nvraid - ok

17:16:18.0422 1236  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

17:16:18.0434 1236  nvstor - ok

17:16:18.0474 1236  [ 25626309AD2F81D47C829CCB5E46E478 ] nvsvc           C:\Windows\system32\nvvsvc.exe

17:16:18.0500 1236  nvsvc - ok

17:16:18.0645 1236  [ 7BAB808957880CF38EFC6816FEF7276E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

17:16:18.0703 1236  nvUpdatusService - ok

17:16:18.0730 1236  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

17:16:18.0744 1236  nv_agp - ok

17:16:18.0769 1236  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

17:16:18.0786 1236  ohci1394 - ok

17:16:18.0810 1236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

17:16:18.0834 1236  p2pimsvc - ok

17:16:18.0869 1236  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll

17:16:18.0892 1236  p2psvc - ok

17:16:18.0929 1236  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys

17:16:18.0941 1236  Parport - ok

17:16:18.0963 1236  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys

17:16:19.0001 1236  partmgr - ok

17:16:19.0008 1236  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll

17:16:19.0027 1236  PcaSvc - ok

17:16:19.0058 1236  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys

17:16:19.0072 1236  pci - ok

17:16:19.0078 1236  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys

17:16:19.0090 1236  pciide - ok

17:16:19.0108 1236  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

17:16:19.0131 1236  pcmcia - ok

17:16:19.0152 1236  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys

17:16:19.0219 1236  pcw - ok

17:16:19.0311 1236  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

17:16:19.0362 1236  PEAUTH - ok

17:16:19.0496 1236  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

17:16:19.0584 1236  PeerDistSvc - ok

17:16:19.0856 1236  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe

17:16:19.0870 1236  PerfHost - ok

17:16:19.0926 1236  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll

17:16:19.0975 1236  pla - ok

17:16:20.0033 1236  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

17:16:20.0053 1236  PlugPlay - ok

17:16:20.0115 1236  PnkBstrA - ok

17:16:20.0156 1236  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

17:16:20.0170 1236  PNRPAutoReg - ok

17:16:20.0186 1236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

17:16:20.0208 1236  PNRPsvc - ok

17:16:20.0237 1236  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

17:16:20.0274 1236  PolicyAgent - ok

17:16:20.0300 1236  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll

17:16:20.0353 1236  Power - ok

17:16:20.0392 1236  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

17:16:20.0422 1236  PptpMiniport - ok

17:16:20.0437 1236  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys

17:16:20.0451 1236  Processor - ok

17:16:20.0486 1236  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll

17:16:20.0514 1236  ProfSvc - ok

17:16:20.0525 1236  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:16:20.0541 1236  ProtectedStorage - ok

17:16:20.0596 1236  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

17:16:20.0631 1236  Psched - ok

17:16:20.0854 1236  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

17:16:20.0998 1236  ql2300 - ok

17:16:21.0029 1236  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

17:16:21.0040 1236  ql40xx - ok

17:16:21.0068 1236  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll

17:16:21.0089 1236  QWAVE - ok

17:16:21.0094 1236  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

17:16:21.0111 1236  QWAVEdrv - ok

17:16:21.0115 1236  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

17:16:21.0145 1236  RasAcd - ok

17:16:21.0192 1236  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

17:16:21.0221 1236  RasAgileVpn - ok

17:16:21.0241 1236  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll

17:16:21.0276 1236  RasAuto - ok

17:16:21.0283 1236  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

17:16:21.0313 1236  Rasl2tp - ok

17:16:21.0330 1236  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll

17:16:21.0366 1236  RasMan - ok

17:16:21.0377 1236  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

17:16:21.0406 1236  RasPppoe - ok

17:16:21.0430 1236  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

17:16:21.0459 1236  RasSstp - ok

17:16:21.0478 1236  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

17:16:21.0509 1236  rdbss - ok

17:16:21.0514 1236  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

17:16:21.0527 1236  rdpbus - ok

17:16:21.0543 1236  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

17:16:21.0570 1236  RDPCDD - ok

17:16:21.0581 1236  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

17:16:21.0647 1236  RDPDR - ok

17:16:21.0670 1236  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

17:16:21.0700 1236  RDPENCDD - ok

17:16:21.0707 1236  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

17:16:21.0736 1236  RDPREFMP - ok

17:16:21.0756 1236  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

17:16:21.0787 1236  RdpVideoMiniport - ok

17:16:21.0827 1236  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

17:16:21.0860 1236  RDPWD - ok

17:16:21.0896 1236  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

17:16:21.0908 1236  rdyboost - ok

17:16:21.0929 1236  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll

17:16:21.0958 1236  RemoteAccess - ok

17:16:21.0988 1236  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

17:16:22.0018 1236  RemoteRegistry - ok

17:16:22.0127 1236  [ 359E4937D3A52198A1FC0BE5C2188457 ] Rent Update     C:/Windows/Rent/Update.exe

17:16:22.0143 1236  Rent Update ( UnsignedFile.Multi.Generic ) - warning

17:16:22.0143 1236  Rent Update - detected UnsignedFile.Multi.Generic (1)

17:16:22.0171 1236  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

17:16:22.0202 1236  RpcEptMapper - ok

17:16:22.0230 1236  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe

17:16:22.0242 1236  RpcLocator - ok

17:16:22.0269 1236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll

17:16:22.0302 1236  RpcSs - ok

17:16:22.0344 1236  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

17:16:22.0403 1236  rspndr - ok

17:16:22.0441 1236  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys

17:16:22.0452 1236  s3cap - ok

17:16:22.0467 1236  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe

17:16:22.0478 1236  SamSs - ok

17:16:22.0577 1236  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

17:16:22.0619 1236  sbp2port - ok

17:16:22.0672 1236  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll

17:16:22.0733 1236  SCardSvr - ok

17:16:22.0738 1236  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

17:16:22.0765 1236  scfilter - ok

17:16:22.0797 1236  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll

17:16:22.0838 1236  Schedule - ok

17:16:22.0861 1236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll

17:16:22.0889 1236  SCPolicySvc - ok

17:16:22.0907 1236  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

17:16:22.0922 1236  SDRSVC - ok

17:16:22.0949 1236  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

17:16:22.0976 1236  secdrv - ok

17:16:22.0987 1236  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll

17:16:23.0014 1236  seclogon - ok

17:16:23.0031 1236  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll

17:16:23.0060 1236  SENS - ok

17:16:23.0070 1236  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

17:16:23.0082 1236  SensrSvc - ok

17:16:23.0105 1236  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys

17:16:23.0118 1236  Serenum - ok

17:16:23.0122 1236  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys

17:16:23.0135 1236  Serial - ok

17:16:23.0140 1236  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

17:16:23.0151 1236  sermouse - ok

17:16:23.0184 1236  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll

17:16:23.0212 1236  SessionEnv - ok

17:16:23.0229 1236  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

17:16:23.0242 1236  sffdisk - ok

17:16:23.0246 1236  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

17:16:23.0260 1236  sffp_mmc - ok

17:16:23.0264 1236  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

17:16:23.0278 1236  sffp_sd - ok

17:16:23.0298 1236  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

17:16:23.0310 1236  sfloppy - ok

17:16:23.0339 1236  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll

17:16:23.0370 1236  SharedAccess - ok

17:16:23.0388 1236  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:16:23.0420 1236  ShellHWDetection - ok

17:16:23.0455 1236  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys

17:16:23.0465 1236  SiSRaid2 - ok

17:16:23.0470 1236  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

17:16:23.0481 1236  SiSRaid4 - ok

17:16:23.0519 1236  [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe

17:16:23.0553 1236  SkypeUpdate - ok

17:16:23.0570 1236  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

17:16:23.0608 1236  Smb - ok

17:16:23.0638 1236  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

17:16:23.0651 1236  SNMPTRAP - ok

17:16:23.0656 1236  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys

17:16:23.0666 1236  spldr - ok

17:16:23.0698 1236  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe

17:16:23.0714 1236  Spooler - ok

17:16:23.0791 1236  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe

17:16:23.0849 1236  sppsvc - ok

17:16:23.0863 1236  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

17:16:23.0892 1236  sppuinotify - ok

17:16:23.0926 1236  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys

17:16:23.0961 1236  srv - ok

17:16:23.0989 1236  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

17:16:24.0004 1236  srv2 - ok

17:16:24.0010 1236  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

17:16:24.0022 1236  srvnet - ok

17:16:24.0066 1236  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

17:16:24.0096 1236  SSDPSRV - ok

17:16:24.0109 1236  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll

17:16:24.0139 1236  SstpSvc - ok

17:16:24.0226 1236  [ A87A39F9B42D82F5D60D36BB1D3CC9D3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe

17:16:24.0269 1236  Steam Client Service - ok

17:16:24.0385 1236  [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

17:16:24.0400 1236  Stereo Service - ok

17:16:24.0435 1236  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys

17:16:24.0445 1236  stexstor - ok

17:16:24.0474 1236  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll

17:16:24.0632 1236  stisvc - ok

17:16:24.0651 1236  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys

17:16:24.0677 1236  storflt - ok

17:16:24.0716 1236  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll

17:16:24.0760 1236  StorSvc - ok

17:16:24.0860 1236  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys

17:16:24.0881 1236  storvsc - ok

17:16:24.0895 1236  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

17:16:24.0915 1236  swenum - ok

17:16:24.0980 1236  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll

17:16:25.0014 1236  swprv - ok

17:16:25.0020 1236  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys

17:16:25.0030 1236  Synth3dVsc - ok

17:16:25.0070 1236  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll

17:16:25.0107 1236  SysMain - ok

17:16:25.0124 1236  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:16:25.0141 1236  TabletInputService - ok

17:16:25.0173 1236  [ 3A7CABF7DE8F1325BE8F46685469AEC3 ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys

17:16:25.0183 1236  taphss6 - ok

17:16:25.0209 1236  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll

17:16:25.0240 1236  TapiSrv - ok

17:16:25.0250 1236  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll

17:16:25.0280 1236  TBS - ok

17:16:25.0404 1236  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

17:16:25.0448 1236  Tcpip - ok

17:16:25.0496 1236  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

17:16:25.0527 1236  TCPIP6 - ok

17:16:25.0597 1236  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

17:16:25.0608 1236  tcpipreg - ok

17:16:25.0640 1236  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

17:16:25.0667 1236  TDPIPE - ok

17:16:25.0696 1236  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

17:16:25.0707 1236  TDTCP - ok

17:16:25.0712 1236  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

17:16:25.0740 1236  tdx - ok

17:16:25.0745 1236  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

17:16:25.0773 1236  TermDD - ok

17:16:25.0790 1236  [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt        C:\Windows\system32\drivers\terminpt.sys

17:16:25.0829 1236  terminpt - ok

17:16:25.0935 1236  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll

17:16:26.0032 1236  TermService - ok

17:16:26.0044 1236  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll

17:16:26.0061 1236  Themes - ok

17:16:26.0076 1236  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll

17:16:26.0105 1236  THREADORDER - ok

17:16:26.0126 1236  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll

17:16:26.0156 1236  TrkWks - ok

17:16:26.0195 1236  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:16:26.0223 1236  TrustedInstaller - ok

17:16:26.0230 1236  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

17:16:26.0258 1236  tssecsrv - ok

17:16:26.0290 1236  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

17:16:26.0303 1236  TsUsbFlt - ok

17:16:26.0319 1236  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys

17:16:26.0331 1236  TsUsbGD - ok

17:16:26.0353 1236  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys

17:16:26.0365 1236  tsusbhub - ok

17:16:26.0395 1236  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

17:16:26.0424 1236  tunnel - ok

17:16:26.0428 1236  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys

17:16:26.0440 1236  uagp35 - ok

17:16:26.0464 1236  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

17:16:26.0495 1236  udfs - ok

17:16:26.0541 1236  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

17:16:26.0555 1236  UI0Detect - ok

17:16:26.0559 1236  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

17:16:26.0570 1236  uliagpkx - ok

17:16:26.0589 1236  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

17:16:26.0603 1236  umbus - ok

17:16:26.0607 1236  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys

17:16:26.0619 1236  UmPass - ok

17:16:26.0638 1236  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll

17:16:26.0654 1236  UmRdpService - ok

17:16:26.0685 1236  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll

17:16:26.0719 1236  upnphost - ok

17:16:26.0724 1236  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

17:16:26.0736 1236  usbccgp - ok

17:16:26.0747 1236  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

17:16:26.0761 1236  usbcir - ok

17:16:26.0766 1236  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

17:16:26.0778 1236  usbehci - ok

17:16:26.0816 1236  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

17:16:26.0832 1236  usbhub - ok

17:16:26.0837 1236  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

17:16:26.0848 1236  usbohci - ok

17:16:26.0857 1236  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys

17:16:26.0870 1236  usbprint - ok

17:16:26.0902 1236  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:16:26.0915 1236  USBSTOR - ok

17:16:26.0920 1236  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

17:16:26.0948 1236  usbuhci - ok

17:16:26.0977 1236  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll

17:16:27.0006 1236  UxSms - ok

17:16:27.0026 1236  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe

17:16:27.0038 1236  VaultSvc - ok

17:16:27.0055 1236  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

17:16:27.0065 1236  vdrvroot - ok

17:16:27.0099 1236  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe

17:16:27.0133 1236  vds - ok

17:16:27.0150 1236  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

17:16:27.0163 1236  vga - ok

17:16:27.0168 1236  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys

17:16:27.0194 1236  VgaSave - ok

17:16:27.0198 1236  VGPU - ok

17:16:27.0207 1236  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

17:16:27.0220 1236  vhdmp - ok

17:16:27.0234 1236  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys

17:16:27.0244 1236  viaide - ok

17:16:27.0254 1236  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys

17:16:27.0266 1236  vmbus - ok

17:16:27.0271 1236  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys

17:16:27.0282 1236  VMBusHID - ok

17:16:27.0288 1236  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

17:16:27.0299 1236  volmgr - ok

17:16:27.0381 1236  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

17:16:27.0411 1236  volmgrx - ok

17:16:27.0427 1236  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

17:16:27.0440 1236  volsnap - ok

17:16:27.0476 1236  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

17:16:27.0488 1236  vsmraid - ok

17:16:27.0542 1236  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe

17:16:27.0589 1236  VSS - ok

17:16:27.0629 1236  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys

17:16:27.0662 1236  vwifibus - ok

17:16:27.0671 1236  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll

17:16:27.0707 1236  W32Time - ok

17:16:27.0713 1236  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

17:16:27.0725 1236  WacomPen - ok

17:16:27.0768 1236  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

17:16:27.0794 1236  WANARP - ok

17:16:27.0797 1236  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

17:16:27.0824 1236  Wanarpv6 - ok

17:16:27.0871 1236  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe

17:16:27.0903 1236  wbengine - ok

17:16:27.0926 1236  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

17:16:27.0944 1236  WbioSrvc - ok

17:16:27.0953 1236  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll

17:16:27.0973 1236  wcncsvc - ok

17:16:27.0979 1236  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:16:27.0993 1236  WcsPlugInService - ok

17:16:28.0048 1236  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys

17:16:28.0059 1236  Wd - ok

17:16:28.0096 1236  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

17:16:28.0119 1236  Wdf01000 - ok

17:16:28.0138 1236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll

17:16:28.0157 1236  WdiServiceHost - ok

17:16:28.0161 1236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll

17:16:28.0178 1236  WdiSystemHost - ok

17:16:28.0188 1236  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll

17:16:28.0208 1236  WebClient - ok

17:16:28.0233 1236  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll

17:16:28.0266 1236  Wecsvc - ok

17:16:28.0282 1236  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

17:16:28.0312 1236  wercplsupport - ok

17:16:28.0323 1236  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll

17:16:28.0374 1236  WerSvc - ok

17:16:28.0443 1236  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

17:16:28.0499 1236  WfpLwf - ok

17:16:28.0503 1236  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

17:16:28.0514 1236  WIMMount - ok

17:16:28.0573 1236  WinDefend - ok

17:16:28.0582 1236  WinHttpAutoProxySvc - ok

17:16:28.0901 1236  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

17:16:28.0933 1236  Winmgmt - ok

17:16:29.0031 1236  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys

17:16:29.0043 1236  WinRing0_1_2_0 - ok

17:16:29.0150 1236  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll

17:16:29.0206 1236  WinRM - ok

17:16:29.0267 1236  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

17:16:29.0282 1236  WinUsb - ok

17:16:29.0322 1236  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll

17:16:29.0350 1236  Wlansvc - ok

17:16:29.0505 1236  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:16:29.0549 1236  wlidsvc - ok

17:16:29.0576 1236  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

17:16:29.0588 1236  WmiAcpi - ok

17:16:29.0624 1236  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

17:16:29.0638 1236  wmiApSrv - ok

17:16:29.0676 1236  WMPNetworkSvc - ok

17:16:29.0763 1236  wolf - ok

17:16:29.0790 1236  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll

17:16:29.0809 1236  WPCSvc - ok

17:16:29.0815 1236  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

17:16:29.0830 1236  WPDBusEnum - ok

17:16:29.0834 1236  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

17:16:29.0861 1236  ws2ifsl - ok

17:16:29.0872 1236  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll

17:16:29.0890 1236  wscsvc - ok

17:16:29.0894 1236  WSearch - ok

17:16:29.0992 1236  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll

17:16:30.0042 1236  wuauserv - ok

17:16:30.0078 1236  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

17:16:30.0098 1236  WudfPf - ok

17:16:30.0139 1236  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

17:16:30.0153 1236  WUDFRd - ok

17:16:30.0165 1236  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

17:16:30.0179 1236  wudfsvc - ok

17:16:30.0209 1236  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll

17:16:30.0245 1236  WwanSvc - ok

17:16:30.0526 1236  X6va012 - ok

17:16:30.0555 1236  X6va015 - ok

17:16:30.0570 1236  xhunter1 - ok

17:16:30.0591 1236  ================ Scan global ===============================

17:16:30.0632 1236  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

17:16:30.0676 1236  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

17:16:30.0688 1236  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

17:16:30.0715 1236  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

17:16:30.0742 1236  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

17:16:30.0746 1236  [Global] - ok

17:16:30.0747 1236  ================ Scan MBR ==================================

17:16:30.0779 1236  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

17:16:30.0949 1236  \Device\Harddisk0\DR0 - ok

17:16:30.0950 1236  ================ Scan VBR ==================================

17:16:30.0953 1236  [ A882CDFBE27E4AAC94F410E6067AAC64 ] \Device\Harddisk0\DR0\Partition1

17:16:30.0954 1236  \Device\Harddisk0\DR0\Partition1 - ok

17:16:30.0987 1236  [ 91E602FBBBC9427184DA285B9193E6F3 ] \Device\Harddisk0\DR0\Partition2

17:16:30.0988 1236  \Device\Harddisk0\DR0\Partition2 - ok

17:16:30.0988 1236  ============================================================

17:16:30.0988 1236  Scan finished

17:16:30.0988 1236  ============================================================

17:16:30.0999 4288  Detected object count: 2

17:16:30.0999 4288  Actual detected object count: 2

17:16:38.0603 4288  AODDriver4.2.0 ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:38.0604 4288  AODDriver4.2.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:16:38.0606 4288  Rent Update ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:38.0606 4288  Rent Update ( UnsignedFile.Multi.Generic ) - User select action: Skip

Code:

swMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software

Run date: 2014-01-06 17:20:52

-----------------------------

17:20:52.361    OS Version: Windows x64 6.1.7601 Service Pack 1

17:20:52.361    Number of processors: 3 586 0x503

17:20:52.365    ComputerName: MESUT-PC  UserName: Mesut

17:20:55.331    Initialize success

17:20:58.832    AVAST engine defs: 14010501

17:21:41.508    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e

17:21:41.513    Disk 0 Vendor: ST160LM0 2AJ1 Size: 152627MB BusType: 11

17:21:42.932    Disk 0 MBR read successfully

17:21:42.934    Disk 0 MBR scan

17:21:43.421    Disk 0 Windows 7 default MBR code

17:21:43.441    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

17:21:44.093    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152525 MB offset 206848

17:21:44.817    Disk 0 scanning C:\Windows\system32\drivers

17:22:00.105    Service scanning

17:22:25.287    Modules scanning

17:22:25.295    Disk 0 trace - called modules:

17:22:25.306    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 

17:22:25.310    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80028de5e0]

17:22:25.317    3 CLASSPNP.SYS[fffff8800195743f] -> nt!IofCallDriver -> [0xfffffa8002877b70]

17:22:25.322    5 amdxata.sys[fffff880010bd8b9] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8002874060]

17:22:27.078    AVAST engine scan C:\Windows

17:22:29.568    AVAST engine scan C:\Windows\system32

17:25:03.455    AVAST engine scan C:\Windows\system32\drivers

17:25:13.095    AVAST engine scan C:\Users\Mesut

17:35:25.920    AVAST engine scan C:\ProgramData

17:37:31.707    Scan finished successfully

17:40:03.348    Disk 0 MBR has been saved successfully to "C:\Users\Mesut\Desktop\MBR.dat"

17:40:03.352    The log file has been saved successfully to "C:\Users\Mesut\Desktop\aswMBR.txt"

schrauber

07.01.2014 10:09

Bei TDSSKiller bei REnt bitte auf Cure oder Delete stellen und nochmal laufen lassen. Danach bitte Combofix nochmal laufen lassen.

Zerozo

07.01.2014 22:29

Code:

ComboFix 14-01-04.03 - Mesut 07.01.2014  18:07:27.3.3 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.41.1033.18.2047.753 [GMT 1:00]

ausgeführt von:: c:\users\Mesut\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\HirezPipeError.txt

c:\windows\SysWow64\ff

c:\windows\SysWow64\ff\App\AppInfo\appicon.ico

c:\windows\SysWow64\ff\App\AppInfo\appicon_128.png

c:\windows\SysWow64\ff\App\AppInfo\appicon_16.png

c:\windows\SysWow64\ff\App\AppInfo\appicon_32.png

c:\windows\SysWow64\ff\App\AppInfo\appinfo.ini

c:\windows\SysWow64\ff\App\AppInfo\installer.ini

c:\windows\SysWow64\ff\App\Bin\sqlite3.exe

c:\windows\SysWow64\ff\App\DefaultData\plugins\plugins_readme.txt

c:\windows\SysWow64\ff\App\DefaultData\profile\bookmarks.html

c:\windows\SysWow64\ff\App\DefaultData\profile\prefs.js

c:\windows\SysWow64\ff\App\DefaultData\settings\FirefoxPortableSettings.ini

c:\windows\SysWow64\ff\App\Firefox\AccessibleMarshal.dll

c:\windows\SysWow64\ff\App\Firefox\active-update.xml

c:\windows\SysWow64\ff\App\Firefox\application.ini

c:\windows\SysWow64\ff\App\Firefox\breakpadinjector.dll

c:\windows\SysWow64\ff\App\Firefox\browser\blocklist.xml

c:\windows\SysWow64\ff\App\Firefox\browser\chrome.manifest

c:\windows\SysWow64\ff\App\Firefox\browser\components\browsercomps.dll

c:\windows\SysWow64\ff\App\Firefox\browser\components\components.manifest

c:\windows\SysWow64\ff\App\Firefox\browser\crashreporter-override.ini

c:\windows\SysWow64\ff\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png

c:\windows\SysWow64\ff\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf

c:\windows\SysWow64\ff\App\Firefox\browser\omni.ja

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\amazondotcom-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\bing.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\eBay-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\google.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\leo_ende_de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\wikipedia-de.xml

c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\yahoo-de.xml

c:\windows\SysWow64\ff\App\Firefox\crashreporter.exe

c:\windows\SysWow64\ff\App\Firefox\crashreporter.ini

c:\windows\SysWow64\ff\App\Firefox\D3DCompiler_43.dll

c:\windows\SysWow64\ff\App\Firefox\defaults\pref\channel-prefs.js

c:\windows\SysWow64\ff\App\Firefox\dependentlibs.list

c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png

c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf

c:\windows\SysWow64\ff\App\Firefox\firefox.exe

c:\windows\SysWow64\ff\App\Firefox\freebl3.chk

c:\windows\SysWow64\ff\App\Firefox\freebl3.dll

c:\windows\SysWow64\ff\App\Firefox\gkmedias.dll

c:\windows\SysWow64\ff\App\Firefox\libEGL.dll

c:\windows\SysWow64\ff\App\Firefox\libGLESv2.dll

c:\windows\SysWow64\ff\App\Firefox\maintenanceservice.exe

c:\windows\SysWow64\ff\App\Firefox\maintenanceservice_installer.exe

c:\windows\SysWow64\ff\App\Firefox\mozalloc.dll

c:\windows\SysWow64\ff\App\Firefox\mozglue.dll

c:\windows\SysWow64\ff\App\Firefox\mozjs.dll

c:\windows\SysWow64\ff\App\Firefox\msvcp100.dll

c:\windows\SysWow64\ff\App\Firefox\msvcr100.dll

c:\windows\SysWow64\ff\App\Firefox\nss3.dll

c:\windows\SysWow64\ff\App\Firefox\nssckbi.dll

c:\windows\SysWow64\ff\App\Firefox\nssdbm3.chk

c:\windows\SysWow64\ff\App\Firefox\nssdbm3.dll

c:\windows\SysWow64\ff\App\Firefox\omni.ja

c:\windows\SysWow64\ff\App\Firefox\platform.ini

c:\windows\SysWow64\ff\App\Firefox\plugin-container.exe

c:\windows\SysWow64\ff\App\Firefox\plugin-hang-ui.exe

c:\windows\SysWow64\ff\App\Firefox\precomplete

c:\windows\SysWow64\ff\App\Firefox\removed-files

c:\windows\SysWow64\ff\App\Firefox\softokn3.chk

c:\windows\SysWow64\ff\App\Firefox\softokn3.dll

c:\windows\SysWow64\ff\App\Firefox\uninstall\helper.exe

c:\windows\SysWow64\ff\App\Firefox\uninstall\uninstall.update

c:\windows\SysWow64\ff\App\Firefox\update-settings.ini

c:\windows\SysWow64\ff\App\Firefox\updater.exe

c:\windows\SysWow64\ff\App\Firefox\updater.ini

c:\windows\SysWow64\ff\App\Firefox\updates.xml

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.log

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.manifest

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.mar

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.status

c:\windows\SysWow64\ff\App\Firefox\updates\0\update.version

c:\windows\SysWow64\ff\App\Firefox\updates\0\updater.exe

c:\windows\SysWow64\ff\App\Firefox\updates\0\updater.ini

c:\windows\SysWow64\ff\App\Firefox\webapp-uninstaller.exe

c:\windows\SysWow64\ff\App\Firefox\webapprt-stub.exe

c:\windows\SysWow64\ff\App\Firefox\webapprt\omni.ja

c:\windows\SysWow64\ff\App\Firefox\webapprt\webapprt.ini

c:\windows\SysWow64\ff\App\Firefox\xul.dll

c:\windows\SysWow64\ff\App\readme.txt

c:\windows\SysWow64\ff\Data\plugins\npdsplay.dll

c:\windows\SysWow64\ff\Data\plugins\npzylomgamesplayer.dll

c:\windows\SysWow64\ff\Data\plugins\plugins_readme.txt

c:\windows\SysWow64\ff\Data\plugins_choice\list.txt

c:\windows\SysWow64\ff\Data\plugins_choice\np32dsw.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npauthz.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npAviraCallingID.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npctrl.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdeploytk.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdivx32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdrmv2.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npdsplay.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npgeplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npitunes.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npjp2.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npnul32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npNxGameeu.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npovshelper.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npPandoWebPlugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nppdf32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nppl3260.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npqtplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\nprpplugin.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npspwrap.dll

c:\windows\SysWow64\ff\Data\plugins_choice\NPSWF32_11_7_700_169.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npunity3d32.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npvlc.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npwinext.dll

c:\windows\SysWow64\ff\Data\plugins_choice\NPWLPG.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npwpf.dll

c:\windows\SysWow64\ff\Data\plugins_choice\npzylomgamesplayer.dll

c:\windows\SysWow64\ff\Data\profile\blocklist.xml

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-08.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-09.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-10.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-11.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-16.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-22.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-23.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-24.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-25.json

c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-28.json

c:\windows\SysWow64\ff\Data\profile\bookmarks.html

c:\windows\SysWow64\ff\Data\profile\cert8.db

c:\windows\SysWow64\ff\Data\profile\chromeappsstore.sqlite

c:\windows\SysWow64\ff\Data\profile\compatibility.ini

c:\windows\SysWow64\ff\Data\profile\content-prefs.sqlite

c:\windows\SysWow64\ff\Data\profile\cookies.sqlite

c:\windows\SysWow64\ff\Data\profile\downloads.sqlite

c:\windows\SysWow64\ff\Data\profile\extensions.ini

c:\windows\SysWow64\ff\Data\profile\extensions.sqlite

c:\windows\SysWow64\ff\Data\profile\extensions\firebug@software.joehewitt.com.xpi

c:\windows\SysWow64\ff\Data\profile\extensions\remote-control@morch.com.xpi

c:\windows\SysWow64\ff\Data\profile\firebug\annotations.json

c:\windows\SysWow64\ff\Data\profile\firebug\breakpoints.json

c:\windows\SysWow64\ff\Data\profile\formhistory.sqlite

c:\windows\SysWow64\ff\Data\profile\healthreport.sqlite

c:\windows\SysWow64\ff\Data\profile\key3.db

c:\windows\SysWow64\ff\Data\profile\localstore-safe.rdf

c:\windows\SysWow64\ff\Data\profile\localstore.rdf

c:\windows\SysWow64\ff\Data\profile\marionette.log

c:\windows\SysWow64\ff\Data\profile\mimeTypes.rdf

c:\windows\SysWow64\ff\Data\profile\minidumps\a98c2742-fa9f-4fe8-a65d-009c3107488f.dmp

c:\windows\SysWow64\ff\Data\profile\OfflineCache\index.sqlite

c:\windows\SysWow64\ff\Data\profile\parent.lock

c:\windows\SysWow64\ff\Data\profile\permissions.sqlite

c:\windows\SysWow64\ff\Data\profile\places.sqlite

c:\windows\SysWow64\ff\Data\profile\pluginreg.dat

c:\windows\SysWow64\ff\Data\profile\prefs.js

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.sbstore

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.sbstore

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.cache

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.pset

c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.sbstore

c:\windows\SysWow64\ff\Data\profile\search-metadata.json

c:\windows\SysWow64\ff\Data\profile\search.json

c:\windows\SysWow64\ff\Data\profile\search.sqlite

c:\windows\SysWow64\ff\Data\profile\secmod.db

c:\windows\SysWow64\ff\Data\profile\signons.sqlite

c:\windows\SysWow64\ff\Data\profile\start.txt

c:\windows\SysWow64\ff\Data\profile\startupCache\startupCache.4.little

c:\windows\SysWow64\ff\Data\profile\urlclassifier.pset

c:\windows\SysWow64\ff\Data\profile\urlclassifier3.sqlite

c:\windows\SysWow64\ff\Data\profile\webapps\webapps.json

c:\windows\SysWow64\ff\Data\profile\webappsstore.sqlite

c:\windows\SysWow64\ff\Data\settings\FirefoxPortableSettings.ini

c:\windows\SysWow64\ff\FirefoxPortable.exe

c:\windows\SysWow64\ff\Fonts\aaaiight.ttf

c:\windows\SysWow64\ff\Fonts\abusive pencil.ttf

c:\windows\SysWow64\ff\Fonts\Acens.ttf

c:\windows\SysWow64\ff\Fonts\Acidic.TTF

c:\windows\SysWow64\ff\Fonts\adam.ttf

c:\windows\SysWow64\ff\Fonts\adamb.ttf

c:\windows\SysWow64\ff\Fonts\adambital.ttf

c:\windows\SysWow64\ff\Fonts\Aerosol.ttf

c:\windows\SysWow64\ff\Fonts\aggstock.ttf

c:\windows\SysWow64\ff\Fonts\AIFRAGME.TTF

c:\windows\SysWow64\ff\Fonts\AIRSTREA.TTF

c:\windows\SysWow64\ff\Fonts\airstrip.ttf

c:\windows\SysWow64\ff\Fonts\aladdin.ttf

c:\windows\SysWow64\ff\Fonts\Alias.ttf

c:\windows\SysWow64\ff\Fonts\All Star Resort.ttf

c:\windows\SysWow64\ff\Fonts\AlteHaasGroteskBold.ttf

c:\windows\SysWow64\ff\Fonts\Amerdcon.ttf

c:\windows\SysWow64\ff\Fonts\Android Nation.ttf

c:\windows\SysWow64\ff\Fonts\Anime Ace.ttf

c:\windows\SysWow64\ff\Fonts\beaswfte.ttf

c:\windows\SysWow64\ff\Fonts\Blambot Custom.ttf

c:\windows\SysWow64\ff\Fonts\Blambot Pro.ttf

c:\windows\SysWow64\ff\Fonts\city_burn.ttf

c:\windows\SysWow64\ff\Fonts\CNN.ttf

c:\windows\SysWow64\ff\Fonts\Colcothar.ttf

c:\windows\SysWow64\ff\Fonts\Damn Noisy Kids.ttf

c:\windows\SysWow64\ff\Fonts\Daredevil.ttf

c:\windows\SysWow64\ff\Fonts\DENSMORE.TTF

c:\windows\SysWow64\ff\Fonts\desperado.ttf

c:\windows\SysWow64\ff\Fonts\Detectives Inc.ttf

c:\windows\SysWow64\ff\Fonts\detroitghetto.ttf

c:\windows\SysWow64\ff\Fonts\devotion.ttf

c:\windows\SysWow64\ff\Fonts\dirtyheadline.ttf

c:\windows\SysWow64\ff\Fonts\Diskoboll.ttf

c:\windows\SysWow64\ff\Fonts\EARWIGFA.TTF

c:\windows\SysWow64\ff\Fonts\EDITION_.TTF

c:\windows\SysWow64\ff\Fonts\Ellianarelle s Path.ttf

c:\windows\SysWow64\ff\Fonts\EMPIREST.TTF

c:\windows\SysWow64\ff\Fonts\EpoXY_histoRy.ttf

c:\windows\SysWow64\ff\Fonts\ERTHQAKE.TTF

c:\windows\SysWow64\ff\Fonts\esp.ttf

c:\windows\SysWow64\ff\Fonts\EUROSWH.TTF

c:\windows\SysWow64\ff\Fonts\EVITA.TTF

c:\windows\SysWow64\ff\Fonts\FAREAST.TTF

c:\windows\SysWow64\ff\Fonts\fbsbltc.ttf

c:\windows\SysWow64\ff\Fonts\FerroRosso.ttf

c:\windows\SysWow64\ff\Fonts\Fiesta.ttf

c:\windows\SysWow64\ff\Fonts\fight.TTF

c:\windows\SysWow64\ff\Fonts\Findet Nemo.ttf

c:\windows\SysWow64\ff\Fonts\Flat Earth Scribe.ttf

c:\windows\SysWow64\ff\Fonts\friends good.ttf

c:\windows\SysWow64\ff\Fonts\GameCube.ttf

c:\windows\SysWow64\ff\Fonts\Ginga.ttf

c:\windows\SysWow64\ff\Fonts\Godzilla.ttf

c:\windows\SysWow64\ff\Fonts\GothicFlames.ttf

c:\windows\SysWow64\ff\Fonts\gothikka.ttf

c:\windows\SysWow64\ff\Fonts\Graffogie.ttf

c:\windows\SysWow64\ff\Fonts\groening.ttf

c:\windows\SysWow64\ff\Fonts\gyparody.ttf

c:\windows\SysWow64\ff\Fonts\halflife.ttf

c:\windows\SysWow64\ff\Fonts\Halo.ttf

c:\windows\SysWow64\ff\Fonts\HandSean.ttf

c:\windows\SysWow64\ff\Fonts\HARD_ROCK.ttf

c:\windows\SysWow64\ff\Fonts\Hellraiser SC.ttf

c:\windows\SysWow64\ff\Fonts\Hursheys.ttf

c:\windows\SysWow64\ff\Fonts\idiot.ttf

c:\windows\SysWow64\ff\Fonts\Impossible.ttf

c:\windows\SysWow64\ff\Fonts\in_my_head.ttf

c:\windows\SysWow64\ff\Fonts\Indianhotel.ttf

c:\windows\SysWow64\ff\Fonts\jandles.ttf

c:\windows\SysWow64\ff\Fonts\JaneAust.ttf

c:\windows\SysWow64\ff\Fonts\JerseyLetters.ttf

c:\windows\SysWow64\ff\Fonts\JungleRuff.ttf

c:\windows\SysWow64\ff\Fonts\kaileenw.ttf

c:\windows\SysWow64\ff\Fonts\karabine.ttf

c:\windows\SysWow64\ff\Fonts\Karate.ttf

c:\windows\SysWow64\ff\Fonts\Kitten Meat.ttf

c:\windows\SysWow64\ff\Fonts\Kittkat.ttf

c:\windows\SysWow64\ff\Fonts\Laine.TTF

c:\windows\SysWow64\ff\Fonts\Lazy.ttf

c:\windows\SysWow64\ff\Fonts\LEDLIGHT.ttf

c:\windows\SysWow64\ff\Fonts\Legothick.ttf

c:\windows\SysWow64\ff\Fonts\linkin.ttf

c:\windows\SysWow64\ff\Fonts\LinkinPark.ttf

c:\windows\SysWow64\ff\Fonts\lottepaperfang.ttf

c:\windows\SysWow64\ff\Fonts\maksukehoitus.ttf

c:\windows\SysWow64\ff\Fonts\manga_speak.ttf

c:\windows\SysWow64\ff\Fonts\MARK.TTF

c:\windows\SysWow64\ff\Fonts\Marlboc.ttf

c:\windows\SysWow64\ff\Fonts\Marlbow.ttf

c:\windows\SysWow64\ff\Fonts\Megadeth.ttf

c:\windows\SysWow64\ff\Fonts\meresre.ttf

c:\windows\SysWow64\ff\Fonts\morgenstern.ttf

c:\windows\SysWow64\ff\Fonts\N-Gage.ttf

c:\windows\SysWow64\ff\Fonts\NASALIZA.TTF

c:\windows\SysWow64\ff\Fonts\neon2.ttf

c:\windows\SysWow64\ff\Fonts\NEUROTOX.TTF

c:\windows\SysWow64\ff\Fonts\nevis.ttf

c:\windows\SysWow64\ff\Fonts\Orange Fizz.ttf

c:\windows\SysWow64\ff\Fonts\oreos.ttf

c:\windows\SysWow64\ff\Fonts\Origami.ttf

c:\windows\SysWow64\ff\Fonts\PaisleyCaps .ttf

c:\windows\SysWow64\ff\Fonts\Patches.ttf

c:\windows\SysWow64\ff\Fonts\pdark.ttf

c:\windows\SysWow64\ff\Fonts\Phorssa.ttf

c:\windows\SysWow64\ff\Fonts\Planet of the Apes.ttf

c:\windows\SysWow64\ff\Fonts\Playtoy.ttf

c:\windows\SysWow64\ff\Fonts\Pleiades.TTF

c:\windows\SysWow64\ff\Fonts\postoffice.ttf

c:\windows\SysWow64\ff\Fonts\Pozo.ttf

c:\windows\SysWow64\ff\Fonts\Prototype.ttf

c:\windows\SysWow64\ff\Fonts\Prozak.ttf

c:\windows\SysWow64\ff\Fonts\Pyromane.ttf

c:\windows\SysWow64\ff\Fonts\quake.TTF

c:\windows\SysWow64\ff\Fonts\Requiem.ttf

c:\windows\SysWow64\ff\Fonts\Resident Evil Large.ttf

c:\windows\SysWow64\ff\Fonts\retroRockPoster.ttf

c:\windows\SysWow64\ff\Fonts\ribbon.ttf

c:\windows\SysWow64\ff\Fonts\riesling.ttf

c:\windows\SysWow64\ff\Fonts\Rockit.ttf

c:\windows\SysWow64\ff\Fonts\romeo.ttf

c:\windows\SysWow64\ff\Fonts\Rounded.ttf

c:\windows\SysWow64\ff\Fonts\rzrarti.ttf

c:\windows\SysWow64\ff\Fonts\Scream Real.ttf

c:\windows\SysWow64\ff\Fonts\se7en.ttf

c:\windows\SysWow64\ff\Fonts\Searfont.ttf

c:\windows\SysWow64\ff\Fonts\shellhead.ttf

c:\windows\SysWow64\ff\Fonts\Sickness.ttf

c:\windows\SysWow64\ff\Fonts\sidewalk.ttf

c:\windows\SysWow64\ff\Fonts\Sin City.ttf

c:\windows\SysWow64\ff\Fonts\Sliced_Juice.ttf

c:\windows\SysWow64\ff\Fonts\Smallville1.ttf

c:\windows\SysWow64\ff\Fonts\Spirit Medium.ttf

c:\windows\SysWow64\ff\Fonts\splinter2.ttf

c:\windows\SysWow64\ff\Fonts\spongefont.ttf

c:\windows\SysWow64\ff\Fonts\stentiga.ttf

c:\windows\SysWow64\ff\Fonts\TAGSTER.TTF

c:\windows\SysWow64\ff\Fonts\Taste of steel.ttf

c:\windows\SysWow64\ff\Fonts\TERMINAT.TTF

c:\windows\SysWow64\ff\Fonts\the ring.ttf

c:\windows\SysWow64\ff\Fonts\the sixth sense.ttf

c:\windows\SysWow64\ff\Fonts\the_King__26_Queen_font.ttf

c:\windows\SysWow64\ff\Fonts\the_Poison.ttf

c:\windows\SysWow64\ff\Fonts\TheGodFather.ttf

c:\windows\SysWow64\ff\Fonts\tiza.ttf

c:\windows\SysWow64\ff\Fonts\tondo.ttf

c:\windows\SysWow64\ff\Fonts\tron.ttf

c:\windows\SysWow64\ff\Fonts\Trumania.ttf

c:\windows\SysWow64\ff\Fonts\Turok.ttf

c:\windows\SysWow64\ff\Fonts\ultimate MIDNIGHT.ttf

c:\windows\SysWow64\ff\Fonts\Umberto.ttf

c:\windows\SysWow64\ff\Fonts\Unreal.ttf

c:\windows\SysWow64\ff\Fonts\Uptown__.ttf

c:\windows\SysWow64\ff\Fonts\uwch.ttf

c:\windows\SysWow64\ff\Fonts\Vampiress.ttf

c:\windows\SysWow64\ff\Fonts\Varsity.ttf

c:\windows\SysWow64\ff\Fonts\vintage.ttf

c:\windows\SysWow64\ff\Fonts\walk_plank.ttf

c:\windows\SysWow64\ff\Fonts\weezerfont.ttf

c:\windows\SysWow64\ff\Fonts\WillyWonka.ttf

c:\windows\SysWow64\ff\Fonts\Xfiles.ttf

c:\windows\SysWow64\ff\Fonts\Yoshitoshi.ttf

c:\windows\SysWow64\ff\Fonts\Yukon Gold.ttf

c:\windows\SysWow64\ff\Fonts\zerogene.ttf

c:\windows\SysWow64\ff\Other\Help\images\donation_button.png

c:\windows\SysWow64\ff\Other\Help\images\favicon.ico

c:\windows\SysWow64\ff\Other\Help\images\help_background_footer.png

c:\windows\SysWow64\ff\Other\Help\images\help_background_header.png

c:\windows\SysWow64\ff\Other\Help\images\help_logo_top.png

c:\windows\SysWow64\ff\Other\Source\AppSource.txt

c:\windows\SysWow64\ff\Other\Source\CheckForPlatformSplashDisable.nsh

c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.ini

c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.jpg

c:\windows\SysWow64\ff\Other\Source\FirefoxPortableU.nsi

c:\windows\SysWow64\ff\Other\Source\License.txt

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_DUTCH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISHGB.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_FRENCH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_GERMAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_HUNGARIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ITALIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_JAPANESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_KOREAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_POLISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESEBR.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_RUSSIAN.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SIMPCHINESE.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISH.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISHINTERNATIONAL.nsh

c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_TRADCHINESE.nsh

c:\windows\SysWow64\ff\Other\Source\ReadINIStrWithDefault.nsh

c:\windows\SysWow64\ff\Other\Source\Readme.txt

c:\windows\SysWow64\ff\Other\Source\ReplaceInFileWithTextReplace.nsh

c:\windows\SysWow64\ff\Other\Source\SetFileAttributesDirectoryNormal.nsh

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-12-07 bis 2014-01-07  ))))))))))))))))))))))))))))))

.

.

2014-01-07 17:18 . 2014-01-07 17:18        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2014-01-07 17:18 . 2014-01-07 17:18        --------        d-----w-        c:\users\hedev\AppData\Local\temp

2014-01-07 17:18 . 2014-01-07 17:18        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-01-07 16:43 . 2014-01-07 16:43        --------        d--h--w-        c:\windows\SysWow64\FF_BN_416211

2014-01-07 16:24 . 2014-01-07 16:24        --------        d-----w-        C:\TDSSKiller_Quarantine

2014-01-05 17:51 . 2014-01-05 18:03        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-01-05 17:51 . 2014-01-05 17:51        117464        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-01-05 17:29 . 2014-01-05 17:44        89304        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-01-02 23:58 . 2014-01-02 23:59        --------        d-----w-        C:\FRST

2014-01-01 17:45 . 2014-01-01 17:47        --------        d-----w-        C:\AdwCleaner

2013-12-25 19:27 . 2013-12-25 19:27        --------        d-----w-        c:\programdata\MTA San Andreas All

2013-12-25 16:45 . 2013-12-25 16:45        --------        d-----w-        c:\program files (x86)\VS Revo Group

2013-12-24 13:44 . 2013-12-24 13:44        --------        d-----w-        C:\Riot Games

2013-12-24 11:16 . 2013-12-24 11:16        --------        d-----w-        c:\windows\ERUNT

2013-12-21 19:59 . 2013-12-21 19:59        --------        d-----w-        c:\users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 19:58 . 2013-12-21 19:58        --------        d-----w-        c:\programdata\Malwarebytes

2013-12-18 15:46 . 2013-12-18 15:46        --------        d-----w-        c:\users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 15:44 . 2013-12-18 15:45        --------        d-----w-        c:\program files (x86)\OpenOffice 4

2013-12-09 20:47 . 2013-12-09 20:57        --------        d--h--w-        c:\windows\SysWow64\FF_BN_2019128

2013-12-08 17:31 . 2013-12-08 17:31        --------        d-----w-        c:\program files (x86)\Common Files\Bitdefender

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-31 17:06 . 2013-08-11 13:43        139264        ----a-w-        c:\windows\SysWow64\r_unzip.exe

2013-11-28 21:41 . 2013-08-29 12:10        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-28 21:41 . 2013-08-24 21:01        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-07 10:52 . 2013-11-07 10:52        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{09326DD3-D6DC-4DFE-9AF4-BF364A099A02}\offreg.dll

2013-10-12 14:08 . 2013-07-13 16:11        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-10-12 14:08 . 2013-07-13 16:02        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-10-12 14:07 . 2013-07-13 16:02        281872        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-10-12 14:07 . 2013-07-13 16:02        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]

"Akamai NetSession Interface"="c:\users\Mesut\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-21 766208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0sdnclean64.exe

.

R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]

R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

R3 wolf;wolf;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 36409309

*NewlyCreated* - 62736061

*Deregistered* - 36409309

*Deregistered* - 62736061

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 10:46        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 13:18]

.

2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 13:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"W7LXE"="c:\users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe" [2010-05-22 28135936]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

ustart page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

Trusted Zone: aeriagames.com

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-36409309.sys

AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-BattlEye for OA - c:\program files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe

AddRemove-Crossfire Europe - c:\sg interactive\Crossfire Europe\uninst.exe

AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe

AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\SecuROM\License information*]

"datasecu"=hex:17,da,a6,e3,92,01,53,db,f8,5c,8b,3b,60,7c,08,98,ac,49,d1,b6,cc,

   39,44,5b,a7,84,3b,5c,d4,6b,42,e5,15,d7,0f,29,9b,4e,1b,b3,91,40,c1,06,12,de,\

"rkeysecu"=hex:91,1c,db,6d,7a,7c,a7,7d,27,17,29,3e,4e,a0,d8,99

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-01-07  18:21:55

ComboFix-quarantined-files.txt  2014-01-07 17:21

ComboFix2.txt  2013-12-23 13:51

.

Vor Suchlauf: 92'529'999'872 bytes free

Nach Suchlauf: 21 Verzeichnis(se), 92'568'514'560 Bytes frei

.

- - End Of File - - 85E4A26368197ED22F48A75004E30CB5

Code:

17:58:17.0764 4284  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

17:58:19.0399 4284  ============================================================

17:58:19.0399 4284  Current date / time: 2014/01/07 17:58:19.0399

17:58:19.0399 4284  SystemInfo:

17:58:19.0399 4284  

17:58:19.0399 4284  OS Version: 6.1.7601 ServicePack: 1.0

17:58:19.0399 4284  Product type: Workstation

17:58:19.0400 4284  ComputerName: MESUT-PC

17:58:19.0400 4284  UserName: Mesut

17:58:19.0400 4284  Windows directory: C:\Windows

17:58:19.0400 4284  System windows directory: C:\Windows

17:58:19.0400 4284  Running under WOW64

17:58:19.0400 4284  Processor architecture: Intel x64

17:58:19.0400 4284  Number of processors: 3

17:58:19.0400 4284  Page size: 0x1000

17:58:19.0400 4284  Boot type: Normal boot

17:58:19.0400 4284  ============================================================

17:58:20.0718 4284  BG loaded

17:58:21.0101 4284  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:58:21.0111 4284  ============================================================

17:58:21.0112 4284  \Device\Harddisk0\DR0:

17:58:21.0119 4284  MBR partitions:

17:58:21.0119 4284  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:58:21.0119 4284  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800

17:58:21.0119 4284  ============================================================

17:58:21.0208 4284  C: <-> \Device\Harddisk0\DR0\Partition2

17:58:21.0208 4284  ============================================================

17:58:21.0208 4284  Initialize success

17:58:21.0208 4284  ============================================================

17:58:26.0311 4740  ============================================================

17:58:26.0311 4740  Scan started

17:58:26.0311 4740  Mode: Manual; 

17:58:26.0311 4740  ============================================================

17:58:29.0449 4740  ================ Scan system memory ========================

17:58:29.0449 4740  System memory - ok

17:58:29.0450 4740  ================ Scan services =============================

17:58:29.0901 4740  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

17:58:29.0908 4740  1394ohci - ok

17:58:29.0989 4740  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

17:58:29.0996 4740  ACPI - ok

17:58:30.0014 4740  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

17:58:30.0016 4740  AcpiPmi - ok

17:58:30.0056 4740  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

17:58:30.0066 4740  adp94xx - ok

17:58:30.0083 4740  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys

17:58:30.0088 4740  adpahci - ok

17:58:30.0095 4740  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

17:58:30.0098 4740  adpu320 - ok

17:58:30.0129 4740  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

17:58:30.0130 4740  AeLookupSvc - ok

17:58:30.0195 4740  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys

17:58:30.0206 4740  AFD - ok

17:58:30.0230 4740  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys

17:58:30.0234 4740  agp440 - ok

17:58:30.0249 4740  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe

17:58:30.0252 4740  ALG - ok

17:58:30.0271 4740  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys

17:58:30.0273 4740  aliide - ok

17:58:30.0403 4740  AMD FUEL Service - ok

17:58:30.0412 4740  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys

17:58:30.0415 4740  amdide - ok

17:58:30.0439 4740  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

17:58:30.0442 4740  AmdK8 - ok

17:58:30.0453 4740  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

17:58:30.0455 4740  AmdPPM - ok

17:58:30.0487 4740  [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys

17:58:30.0488 4740  amdsata - ok

17:58:30.0531 4740  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

17:58:30.0536 4740  amdsbs - ok

17:58:30.0565 4740  [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

17:58:30.0567 4740  amdxata - ok

17:58:30.0639 4740  [ 563EFD021AEB95CAE619643AD82F9D9F ] AODDriver4.2.0  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

17:58:30.0640 4740  AODDriver4.2.0 - ok

17:58:30.0673 4740  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys

17:58:30.0674 4740  AppID - ok

17:58:30.0705 4740  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

17:58:30.0706 4740  AppIDSvc - ok

17:58:30.0730 4740  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll

17:58:30.0732 4740  Appinfo - ok

17:58:30.0766 4740  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll

17:58:30.0769 4740  AppMgmt - ok

17:58:30.0832 4740  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys

17:58:30.0836 4740  arc - ok

17:58:30.0846 4740  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys

17:58:30.0850 4740  arcsas - ok

17:58:31.0044 4740  [ 4F68A6B5705221CCC1CC73F00D79A9E9 ] ArcService      C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe

17:58:31.0048 4740  ArcService - ok

17:58:31.0295 4740  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:58:31.0310 4740  aspnet_state - ok

17:58:31.0366 4740  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys

17:58:31.0367 4740  aswFsBlk - ok

17:58:31.0428 4740  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys

17:58:31.0470 4740  aswMonFlt - ok

17:58:31.0513 4740  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys

17:58:31.0516 4740  aswRdr - ok

17:58:31.0556 4740  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys

17:58:31.0559 4740  aswRvrt - ok

17:58:31.0622 4740  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys

17:58:31.0641 4740  aswSnx - ok

17:58:31.0693 4740  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys

17:58:31.0698 4740  aswSP - ok

17:58:31.0714 4740  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys

17:58:31.0716 4740  aswTdi - ok

17:58:31.0746 4740  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys

17:58:31.0749 4740  aswVmm - ok

17:58:31.0790 4740  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

17:58:31.0791 4740  AsyncMac - ok

17:58:31.0835 4740  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys

17:58:31.0838 4740  atapi - ok

17:58:31.0899 4740  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys

17:58:31.0901 4740  AtiPcie - ok

17:58:31.0967 4740  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:58:31.0980 4740  AudioEndpointBuilder - ok

17:58:31.0999 4740  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

17:58:32.0005 4740  AudioSrv - ok

17:58:32.0116 4740  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

17:58:32.0119 4740  avast! Antivirus - ok

17:58:32.0158 4740  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll

17:58:32.0162 4740  AxInstSV - ok

17:58:32.0217 4740  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys

17:58:32.0227 4740  b06bdrv - ok

17:58:32.0278 4740  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

17:58:32.0285 4740  b57nd60a - ok

17:58:32.0314 4740  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll

17:58:32.0318 4740  BDESVC - ok

17:58:32.0349 4740  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys

17:58:32.0351 4740  Beep - ok

17:58:32.0404 4740  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll

17:58:32.0415 4740  BFE - ok

17:58:32.0453 4740  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll

17:58:32.0476 4740  BITS - ok

17:58:32.0489 4740  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

17:58:32.0491 4740  blbdrive - ok

17:58:32.0496 4740  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

17:58:32.0498 4740  bowser - ok

17:58:32.0519 4740  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

17:58:32.0521 4740  BrFiltLo - ok

17:58:32.0526 4740  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

17:58:32.0527 4740  BrFiltUp - ok

17:58:32.0559 4740  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys

17:58:32.0561 4740  BridgeMP - ok

17:58:32.0585 4740  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll

17:58:32.0587 4740  Browser - ok

17:58:32.0615 4740  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

17:58:32.0619 4740  Brserid - ok

17:58:32.0624 4740  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

17:58:32.0626 4740  BrSerWdm - ok

17:58:32.0631 4740  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

17:58:32.0632 4740  BrUsbMdm - ok

17:58:32.0638 4740  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

17:58:32.0642 4740  BrUsbSer - ok

17:58:32.0673 4740  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

17:58:32.0675 4740  BTHMODEM - ok

17:58:32.0718 4740  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll

17:58:32.0720 4740  bthserv - ok

17:58:32.0757 4740  catchme - ok

17:58:32.0793 4740  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

17:58:32.0797 4740  cdfs - ok

17:58:32.0817 4740  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

17:58:32.0821 4740  cdrom - ok

17:58:32.0851 4740  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll

17:58:32.0853 4740  CertPropSvc - ok

17:58:32.0872 4740  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys

17:58:32.0873 4740  circlass - ok

17:58:32.0958 4740  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys

17:58:32.0967 4740  CLFS - ok

17:58:33.0078 4740  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:58:33.0086 4740  clr_optimization_v2.0.50727_32 - ok

17:58:33.0126 4740  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:58:33.0133 4740  clr_optimization_v2.0.50727_64 - ok

17:58:33.0349 4740  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:58:33.0435 4740  clr_optimization_v4.0.30319_32 - ok

17:58:33.0471 4740  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:58:33.0497 4740  clr_optimization_v4.0.30319_64 - ok

17:58:33.0530 4740  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys

17:58:33.0532 4740  CmBatt - ok

17:58:33.0542 4740  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys

17:58:33.0544 4740  cmdide - ok

17:58:33.0587 4740  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys

17:58:33.0592 4740  CNG - ok

17:58:33.0641 4740  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

17:58:33.0644 4740  Compbatt - ok

17:58:33.0660 4740  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys

17:58:33.0663 4740  CompositeBus - ok

17:58:33.0676 4740  COMSysApp - ok

17:58:33.0685 4740  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

17:58:33.0686 4740  crcdisk - ok

17:58:33.0734 4740  [ 7FDC4626B01106A8EF328C88C7C0DEE3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

17:58:33.0737 4740  CryptSvc - ok

17:58:33.0768 4740  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys

17:58:33.0775 4740  CSC - ok

17:58:33.0823 4740  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll

17:58:33.0837 4740  CscService - ok

17:58:33.0882 4740  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll

17:58:33.0896 4740  DcomLaunch - ok

17:58:33.0939 4740  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll

17:58:33.0944 4740  defragsvc - ok

17:58:33.0967 4740  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

17:58:33.0969 4740  DfsC - ok

17:58:34.0014 4740  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll

17:58:34.0022 4740  Dhcp - ok

17:58:34.0032 4740  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys

17:58:34.0035 4740  discache - ok

17:58:34.0090 4740  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys

17:58:34.0093 4740  Disk - ok

17:58:34.0129 4740  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys

17:58:34.0132 4740  dmvsc - ok

17:58:34.0174 4740  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

17:58:34.0180 4740  Dnscache - ok

17:58:34.0198 4740  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll

17:58:34.0206 4740  dot3svc - ok

17:58:34.0222 4740  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll

17:58:34.0228 4740  DPS - ok

17:58:34.0267 4740  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

17:58:34.0269 4740  drmkaud - ok

17:58:34.0328 4740  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

17:58:34.0348 4740  DXGKrnl - ok

17:58:34.0373 4740  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys

17:58:34.0377 4740  E1G60 - ok

17:58:34.0415 4740  EagleX64 - ok

17:58:34.0457 4740  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll

17:58:34.0463 4740  EapHost - ok

17:58:34.0537 4740  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys

17:58:34.0571 4740  ebdrv - ok

17:58:34.0631 4740  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe

17:58:34.0637 4740  EFS - ok

17:58:34.0781 4740  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

17:58:34.0794 4740  ehRecvr - ok

17:58:34.0810 4740  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe

17:58:34.0812 4740  ehSched - ok

17:58:34.0840 4740  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

17:58:34.0846 4740  elxstor - ok

17:58:34.0851 4740  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys

17:58:34.0853 4740  ErrDev - ok

17:58:34.0918 4740  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll

17:58:34.0929 4740  EventSystem - ok

17:58:34.0958 4740  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys

17:58:34.0964 4740  exfat - ok

17:58:35.0059 4740  FairplayKD - ok

17:58:35.0078 4740  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys

17:58:35.0084 4740  fastfat - ok

17:58:35.0121 4740  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe

17:58:35.0127 4740  Fax - ok

17:58:35.0150 4740  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys

17:58:35.0152 4740  fdc - ok

17:58:35.0188 4740  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll

17:58:35.0189 4740  fdPHost - ok

17:58:35.0203 4740  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll

17:58:35.0205 4740  FDResPub - ok

17:58:35.0240 4740  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

17:58:35.0241 4740  FileInfo - ok

17:58:35.0250 4740  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

17:58:35.0253 4740  Filetrace - ok

17:58:35.0262 4740  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys

17:58:35.0265 4740  flpydisk - ok

17:58:35.0282 4740  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

17:58:35.0286 4740  FltMgr - ok

17:58:35.0325 4740  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll

17:58:35.0334 4740  FontCache - ok

17:58:35.0385 4740  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:58:35.0387 4740  FontCache3.0.0.0 - ok

17:58:35.0393 4740  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

17:58:35.0396 4740  FsDepends - ok

17:58:35.0437 4740  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

17:58:35.0438 4740  Fs_Rec - ok

17:58:35.0489 4740  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

17:58:35.0494 4740  fvevol - ok

17:58:35.0516 4740  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

17:58:35.0519 4740  gagp30kx - ok

17:58:35.0557 4740  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll

17:58:35.0574 4740  gpsvc - ok

17:58:35.0648 4740  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:58:35.0652 4740  gupdate - ok

17:58:35.0660 4740  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:58:35.0662 4740  gupdatem - ok

17:58:35.0748 4740  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys

17:58:35.0751 4740  hamachi - ok

17:58:35.0902 4740  [ E24E88736B13BC54CA93E7F86A0F4FCF ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

17:58:35.0924 4740  Hamachi2Svc - ok

17:58:35.0955 4740  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

17:58:35.0956 4740  hcw85cir - ok

17:58:36.0011 4740  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:58:36.0018 4740  HdAudAddService - ok

17:58:36.0060 4740  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

17:58:36.0064 4740  HDAudBus - ok

17:58:36.0073 4740  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys

17:58:36.0076 4740  HidBatt - ok

17:58:36.0088 4740  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys

17:58:36.0091 4740  HidBth - ok

17:58:36.0131 4740  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys

17:58:36.0134 4740  HidIr - ok

17:58:36.0167 4740  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll

17:58:36.0172 4740  hidserv - ok

17:58:36.0197 4740  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

17:58:36.0200 4740  HidUsb - ok

17:58:36.0238 4740  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll

17:58:36.0246 4740  hkmsvc - ok

17:58:36.0267 4740  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:58:36.0275 4740  HomeGroupListener - ok

17:58:36.0303 4740  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:58:36.0313 4740  HomeGroupProvider - ok

17:58:36.0323 4740  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

17:58:36.0327 4740  HpSAMD - ok

17:58:36.0378 4740  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

17:58:36.0383 4740  HTTP - ok

17:58:36.0389 4740  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

17:58:36.0390 4740  hwpolicy - ok

17:58:36.0424 4740  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

17:58:36.0426 4740  i8042prt - ok

17:58:36.0455 4740  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

17:58:36.0460 4740  iaStorV - ok

17:58:36.0518 4740  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:58:36.0534 4740  idsvc - ok

17:58:36.0539 4740  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

17:58:36.0541 4740  iirsp - ok

17:58:36.0580 4740  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll

17:58:36.0591 4740  IKEEXT - ok

17:58:36.0621 4740  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys

17:58:36.0623 4740  intelide - ok

17:58:36.0638 4740  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys

17:58:36.0639 4740  intelppm - ok

17:58:36.0701 4740  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

17:58:36.0708 4740  IPBusEnum - ok

17:58:36.0718 4740  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:58:36.0722 4740  IpFilterDriver - ok

17:58:36.0764 4740  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

17:58:36.0771 4740  iphlpsvc - ok

17:58:36.0791 4740  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

17:58:36.0793 4740  IPMIDRV - ok

17:58:36.0799 4740  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

17:58:36.0801 4740  IPNAT - ok

17:58:36.0818 4740  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

17:58:36.0820 4740  IRENUM - ok

17:58:36.0825 4740  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

17:58:36.0826 4740  isapnp - ok

17:58:36.0861 4740  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

17:58:36.0867 4740  iScsiPrt - ok

17:58:36.0877 4740  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

17:58:36.0880 4740  kbdclass - ok

17:58:36.0909 4740  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

17:58:36.0912 4740  kbdhid - ok

17:58:36.0927 4740  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe

17:58:36.0929 4740  KeyIso - ok

17:58:36.0963 4740  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

17:58:36.0965 4740  KSecDD - ok

17:58:37.0014 4740  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

17:58:37.0024 4740  KSecPkg - ok

17:58:37.0042 4740  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

17:58:37.0043 4740  ksthunk - ok

17:58:37.0070 4740  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll

17:58:37.0075 4740  KtmRm - ok

17:58:37.0107 4740  [ A43A9920D2409BB9DA747D2FD20A2E61 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys

17:58:37.0109 4740  L1C - ok

17:58:37.0158 4740  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll

17:58:37.0163 4740  LanmanServer - ok

17:58:37.0186 4740  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:58:37.0190 4740  LanmanWorkstation - ok

17:58:37.0229 4740  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

17:58:37.0232 4740  lltdio - ok

17:58:37.0267 4740  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

17:58:37.0273 4740  lltdsvc - ok

17:58:37.0291 4740  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll

17:58:37.0294 4740  lmhosts - ok

17:58:37.0352 4740  [ 02468469C450CD16FB66A56FAB70138B ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

17:58:37.0357 4740  LMIGuardianSvc - ok

17:58:37.0445 4740  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

17:58:37.0479 4740  LSI_FC - ok

17:58:37.0484 4740  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

17:58:37.0487 4740  LSI_SAS - ok

17:58:37.0492 4740  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys

17:58:37.0494 4740  LSI_SAS2 - ok

17:58:37.0517 4740  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

17:58:37.0519 4740  LSI_SCSI - ok

17:58:37.0525 4740  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys

17:58:37.0527 4740  luafv - ok

17:58:37.0546 4740  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

17:58:37.0549 4740  Mcx2Svc - ok

17:58:37.0555 4740  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys

17:58:37.0557 4740  megasas - ok

17:58:37.0572 4740  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys

17:58:37.0576 4740  MegaSR - ok

17:58:37.0644 4740  [ B6CCDC7F88354F2D053A8ADF13DD3AAB ] Mkd2Nadr        C:\Windows\system32\drivers\Mkd2Nadr.sys

17:58:37.0648 4740  Mkd2Nadr - ok

17:58:37.0717 4740  [ 28630C95D8F1CC313E80B8EF376648F2 ] Mkd3kfNt        C:\Windows\system32\drivers\Mkd3kfNt.sys

17:58:37.0722 4740  Mkd3kfNt - ok

17:58:37.0807 4740  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll

17:58:37.0814 4740  MMCSS - ok

17:58:37.0838 4740  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys

17:58:37.0841 4740  Modem - ok

17:58:37.0863 4740  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

17:58:37.0865 4740  monitor - ok

17:58:37.0879 4740  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

17:58:37.0882 4740  mouclass - ok

17:58:37.0891 4740  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

17:58:37.0892 4740  mouhid - ok

17:58:37.0911 4740  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

17:58:37.0913 4740  mountmgr - ok

17:58:37.0919 4740  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys

17:58:37.0922 4740  mpio - ok

17:58:37.0937 4740  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

17:58:37.0938 4740  mpsdrv - ok

17:58:37.0970 4740  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll

17:58:37.0981 4740  MpsSvc - ok

17:58:37.0987 4740  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

17:58:37.0990 4740  MRxDAV - ok

17:58:38.0023 4740  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

17:58:38.0025 4740  mrxsmb - ok

17:58:38.0067 4740  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:58:38.0073 4740  mrxsmb10 - ok

17:58:38.0084 4740  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:58:38.0088 4740  mrxsmb20 - ok

17:58:38.0103 4740  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys

17:58:38.0105 4740  msahci - ok

17:58:38.0111 4740  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

17:58:38.0113 4740  msdsm - ok

17:58:38.0131 4740  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe

17:58:38.0134 4740  MSDTC - ok

17:58:38.0188 4740  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

17:58:38.0190 4740  Msfs - ok

17:58:38.0204 4740  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

17:58:38.0206 4740  mshidkmdf - ok

17:58:38.0213 4740  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

17:58:38.0215 4740  msisadrv - ok

17:58:38.0261 4740  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

17:58:38.0265 4740  MSiSCSI - ok

17:58:38.0270 4740  msiserver - ok

17:58:38.0313 4740  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

17:58:38.0315 4740  MSKSSRV - ok

17:58:38.0321 4740  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

17:58:38.0322 4740  MSPCLOCK - ok

17:58:38.0327 4740  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

17:58:38.0328 4740  MSPQM - ok

17:58:38.0344 4740  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

17:58:38.0349 4740  MsRPC - ok

17:58:38.0357 4740  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

17:58:38.0358 4740  mssmbios - ok

17:58:38.0363 4740  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

17:58:38.0364 4740  MSTEE - ok

17:58:38.0368 4740  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys

17:58:38.0370 4740  MTConfig - ok

17:58:38.0374 4740  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys

17:58:38.0376 4740  Mup - ok

17:58:38.0401 4740  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll

17:58:38.0406 4740  napagent - ok

17:58:38.0455 4740  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

17:58:38.0463 4740  NativeWifiP - ok

17:58:38.0524 4740  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys

17:58:38.0542 4740  NDIS - ok

17:58:38.0567 4740  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

17:58:38.0568 4740  NdisCap - ok

17:58:38.0586 4740  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

17:58:38.0587 4740  NdisTapi - ok

17:58:38.0601 4740  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

17:58:38.0603 4740  Ndisuio - ok

17:58:38.0660 4740  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

17:58:38.0664 4740  NdisWan - ok

17:58:38.0674 4740  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

17:58:38.0677 4740  NDProxy - ok

17:58:38.0714 4740  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

17:58:38.0716 4740  NetBIOS - ok

17:58:38.0736 4740  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

17:58:38.0740 4740  NetBT - ok

17:58:38.0757 4740  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe

17:58:38.0760 4740  Netlogon - ok

17:58:38.0816 4740  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll

17:58:38.0829 4740  Netman - ok

17:58:38.0901 4740  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:58:38.0927 4740  NetMsmqActivator - ok

17:58:38.0935 4740  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:58:38.0938 4740  NetPipeActivator - ok

17:58:38.0962 4740  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll

17:58:38.0970 4740  netprofm - ok

17:58:38.0975 4740  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:58:38.0977 4740  NetTcpActivator - ok

17:58:38.0981 4740  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:58:38.0983 4740  NetTcpPortSharing - ok

17:58:39.0011 4740  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

17:58:39.0013 4740  nfrd960 - ok

17:58:39.0042 4740  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll

17:58:39.0054 4740  NlaSvc - ok

17:58:39.0064 4740  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

17:58:39.0067 4740  Npfs - ok

17:58:39.0100 4740  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll

17:58:39.0103 4740  nsi - ok

17:58:39.0108 4740  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

17:58:39.0109 4740  nsiproxy - ok

17:58:39.0163 4740  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

17:58:39.0181 4740  Ntfs - ok

17:58:39.0193 4740  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys

17:58:39.0194 4740  Null - ok

17:58:39.0254 4740  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys

17:58:39.0260 4740  NVHDA - ok

17:58:39.0565 4740  [ EE6B7B6A54BCAFF516E30B1C15467495 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:58:39.0790 4740  nvlddmkm - ok

17:58:39.0841 4740  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

17:58:39.0846 4740  nvraid - ok

17:58:39.0857 4740  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

17:58:39.0862 4740  nvstor - ok

17:58:39.0900 4740  [ 25626309AD2F81D47C829CCB5E46E478 ] nvsvc           C:\Windows\system32\nvvsvc.exe

17:58:39.0912 4740  nvsvc - ok

17:58:40.0063 4740  [ 7BAB808957880CF38EFC6816FEF7276E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

17:58:40.0084 4740  nvUpdatusService - ok

17:58:40.0100 4740  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

17:58:40.0103 4740  nv_agp - ok

17:58:40.0118 4740  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

17:58:40.0119 4740  ohci1394 - ok

17:58:40.0148 4740  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

17:58:40.0153 4740  p2pimsvc - ok

17:58:40.0185 4740  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll

17:58:40.0191 4740  p2psvc - ok

17:58:40.0233 4740  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys

17:58:40.0235 4740  Parport - ok

17:58:40.0256 4740  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys

17:58:40.0258 4740  partmgr - ok

17:58:40.0265 4740  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll

17:58:40.0269 4740  PcaSvc - ok

17:58:40.0285 4740  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys

17:58:40.0288 4740  pci - ok

17:58:40.0292 4740  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys

17:58:40.0294 4740  pciide - ok

17:58:40.0312 4740  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

17:58:40.0316 4740  pcmcia - ok

17:58:40.0321 4740  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys

17:58:40.0323 4740  pcw - ok

17:58:40.0345 4740  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

17:58:40.0353 4740  PEAUTH - ok

17:58:40.0392 4740  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

17:58:40.0408 4740  PeerDistSvc - ok

17:58:40.0639 4740  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe

17:58:40.0646 4740  PerfHost - ok

17:58:40.0753 4740  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll

17:58:40.0774 4740  pla - ok

17:58:40.0841 4740  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

17:58:40.0857 4740  PlugPlay - ok

17:58:40.0889 4740  PnkBstrA - ok

17:58:40.0928 4740  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

17:58:40.0936 4740  PNRPAutoReg - ok

17:58:40.0960 4740  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

17:58:40.0971 4740  PNRPsvc - ok

17:58:40.0998 4740  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

17:58:41.0005 4740  PolicyAgent - ok

17:58:41.0027 4740  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll

17:58:41.0033 4740  Power - ok

17:58:41.0075 4740  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

17:58:41.0078 4740  PptpMiniport - ok

17:58:41.0087 4740  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys

17:58:41.0089 4740  Processor - ok

17:58:41.0126 4740  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll

17:58:41.0137 4740  ProfSvc - ok

17:58:41.0153 4740  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:58:41.0159 4740  ProtectedStorage - ok

17:58:41.0197 4740  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

17:58:41.0201 4740  Psched - ok

17:58:41.0258 4740  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

17:58:41.0279 4740  ql2300 - ok

17:58:41.0285 4740  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

17:58:41.0287 4740  ql40xx - ok

17:58:41.0319 4740  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll

17:58:41.0324 4740  QWAVE - ok

17:58:41.0330 4740  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

17:58:41.0331 4740  QWAVEdrv - ok

17:58:41.0336 4740  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

17:58:41.0338 4740  RasAcd - ok

17:58:41.0387 4740  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

17:58:41.0389 4740  RasAgileVpn - ok

17:58:41.0414 4740  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll

17:58:41.0423 4740  RasAuto - ok

17:58:41.0449 4740  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

17:58:41.0451 4740  Rasl2tp - ok

17:58:41.0470 4740  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll

17:58:41.0477 4740  RasMan - ok

17:58:41.0482 4740  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

17:58:41.0485 4740  RasPppoe - ok

17:58:41.0490 4740  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

17:58:41.0492 4740  RasSstp - ok

17:58:41.0506 4740  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

17:58:41.0510 4740  rdbss - ok

17:58:41.0516 4740  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

17:58:41.0517 4740  rdpbus - ok

17:58:41.0540 4740  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

17:58:41.0541 4740  RDPCDD - ok

17:58:41.0550 4740  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

17:58:41.0553 4740  RDPDR - ok

17:58:41.0576 4740  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

17:58:41.0578 4740  RDPENCDD - ok

17:58:41.0585 4740  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

17:58:41.0587 4740  RDPREFMP - ok

17:58:41.0607 4740  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

17:58:41.0609 4740  RdpVideoMiniport - ok

17:58:41.0690 4740  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

17:58:41.0696 4740  RDPWD - ok

17:58:41.0738 4740  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

17:58:41.0744 4740  rdyboost - ok

17:58:41.0770 4740  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll

17:58:41.0778 4740  RemoteAccess - ok

17:58:41.0806 4740  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

17:58:41.0811 4740  RemoteRegistry - ok

17:58:41.0822 4740  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

17:58:41.0826 4740  RpcEptMapper - ok

17:58:41.0837 4740  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe

17:58:41.0840 4740  RpcLocator - ok

17:58:41.0866 4740  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll

17:58:41.0872 4740  RpcSs - ok

17:58:41.0893 4740  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

17:58:41.0895 4740  rspndr - ok

17:58:41.0915 4740  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys

17:58:41.0917 4740  s3cap - ok

17:58:41.0930 4740  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe

17:58:41.0932 4740  SamSs - ok

17:58:41.0953 4740  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

17:58:41.0955 4740  sbp2port - ok

17:58:41.0987 4740  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll

17:58:41.0992 4740  SCardSvr - ok

17:58:42.0002 4740  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

17:58:42.0005 4740  scfilter - ok

17:58:42.0040 4740  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll

17:58:42.0054 4740  Schedule - ok

17:58:42.0080 4740  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll

17:58:42.0081 4740  SCPolicySvc - ok

17:58:42.0103 4740  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

17:58:42.0108 4740  SDRSVC - ok

17:58:42.0156 4740  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

17:58:42.0159 4740  secdrv - ok

17:58:42.0183 4740  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll

17:58:42.0192 4740  seclogon - ok

17:58:42.0227 4740  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll

17:58:42.0236 4740  SENS - ok

17:58:42.0255 4740  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

17:58:42.0264 4740  SensrSvc - ok

17:58:42.0292 4740  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys

17:58:42.0295 4740  Serenum - ok

17:58:42.0304 4740  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys

17:58:42.0308 4740  Serial - ok

17:58:42.0317 4740  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

17:58:42.0321 4740  sermouse - ok

17:58:42.0346 4740  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll

17:58:42.0351 4740  SessionEnv - ok

17:58:42.0356 4740  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

17:58:42.0357 4740  sffdisk - ok

17:58:42.0362 4740  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

17:58:42.0364 4740  sffp_mmc - ok

17:58:42.0369 4740  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

17:58:42.0370 4740  sffp_sd - ok

17:58:42.0393 4740  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

17:58:42.0395 4740  sfloppy - ok

17:58:42.0424 4740  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll

17:58:42.0428 4740  SharedAccess - ok

17:58:42.0451 4740  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:58:42.0456 4740  ShellHWDetection - ok

17:58:42.0474 4740  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys

17:58:42.0475 4740  SiSRaid2 - ok

17:58:42.0479 4740  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

17:58:42.0481 4740  SiSRaid4 - ok

17:58:42.0513 4740  [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe

17:58:42.0515 4740  SkypeUpdate - ok

17:58:42.0533 4740  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

17:58:42.0537 4740  Smb - ok

17:58:42.0590 4740  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

17:58:42.0598 4740  SNMPTRAP - ok

17:58:42.0603 4740  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys

17:58:42.0604 4740  spldr - ok

17:58:42.0687 4740  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe

17:58:42.0704 4740  Spooler - ok

17:58:42.0807 4740  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe

17:58:42.0831 4740  sppsvc - ok

17:58:42.0848 4740  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

17:58:42.0851 4740  sppuinotify - ok

17:58:42.0877 4740  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys

17:58:42.0882 4740  srv - ok

17:58:42.0896 4740  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

17:58:42.0900 4740  srv2 - ok

17:58:42.0906 4740  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

17:58:42.0908 4740  srvnet - ok

17:58:42.0951 4740  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

17:58:42.0961 4740  SSDPSRV - ok

17:58:42.0972 4740  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll

17:58:42.0982 4740  SstpSvc - ok

17:58:43.0078 4740  [ A87A39F9B42D82F5D60D36BB1D3CC9D3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe

17:58:43.0087 4740  Steam Client Service - ok

17:58:43.0252 4740  [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

17:58:43.0260 4740  Stereo Service - ok

17:58:43.0287 4740  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys

17:58:43.0290 4740  stexstor - ok

17:58:43.0330 4740  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll

17:58:43.0349 4740  stisvc - ok

17:58:43.0370 4740  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys

17:58:43.0373 4740  storflt - ok

17:58:43.0402 4740  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll

17:58:43.0465 4740  StorSvc - ok

17:58:43.0521 4740  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys

17:58:43.0526 4740  storvsc - ok

17:58:43.0540 4740  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

17:58:43.0550 4740  swenum - ok

17:58:43.0676 4740  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll

17:58:43.0694 4740  swprv - ok

17:58:43.0715 4740  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys

17:58:43.0717 4740  Synth3dVsc - ok

17:58:43.0758 4740  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll

17:58:43.0779 4740  SysMain - ok

17:58:43.0798 4740  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:58:43.0801 4740  TabletInputService - ok

17:58:43.0847 4740  [ 3A7CABF7DE8F1325BE8F46685469AEC3 ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys

17:58:43.0849 4740  taphss6 - ok

17:58:43.0873 4740  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll

17:58:43.0878 4740  TapiSrv - ok

17:58:43.0891 4740  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll

17:58:43.0894 4740  TBS - ok

17:58:43.0972 4740  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

17:58:43.0992 4740  Tcpip - ok

17:58:44.0037 4740  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

17:58:44.0049 4740  TCPIP6 - ok

17:58:44.0083 4740  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

17:58:44.0084 4740  tcpipreg - ok

17:58:44.0115 4740  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

17:58:44.0116 4740  TDPIPE - ok

17:58:44.0138 4740  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

17:58:44.0139 4740  TDTCP - ok

17:58:44.0144 4740  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

17:58:44.0146 4740  tdx - ok

17:58:44.0169 4740  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

17:58:44.0170 4740  TermDD - ok

17:58:44.0187 4740  [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt        C:\Windows\system32\drivers\terminpt.sys

17:58:44.0188 4740  terminpt - ok

17:58:44.0232 4740  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll

17:58:44.0253 4740  TermService - ok

17:58:44.0264 4740  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll

17:58:44.0273 4740  Themes - ok

17:58:44.0295 4740  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll

17:58:44.0298 4740  THREADORDER - ok

17:58:44.0312 4740  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll

17:58:44.0317 4740  TrkWks - ok

17:58:44.0359 4740  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:58:44.0364 4740  TrustedInstaller - ok

17:58:44.0378 4740  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

17:58:44.0382 4740  tssecsrv - ok

17:58:44.0405 4740  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

17:58:44.0407 4740  TsUsbFlt - ok

17:58:44.0435 4740  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys

17:58:44.0436 4740  TsUsbGD - ok

17:58:44.0442 4740  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys

17:58:44.0444 4740  tsusbhub - ok

17:58:44.0486 4740  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

17:58:44.0490 4740  tunnel - ok

17:58:44.0500 4740  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys

17:58:44.0504 4740  uagp35 - ok

17:58:44.0529 4740  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

17:58:44.0533 4740  udfs - ok

17:58:44.0572 4740  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

17:58:44.0582 4740  UI0Detect - ok

17:58:44.0592 4740  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

17:58:44.0596 4740  uliagpkx - ok

17:58:44.0632 4740  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

17:58:44.0634 4740  umbus - ok

17:58:44.0638 4740  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys

17:58:44.0640 4740  UmPass - ok

17:58:44.0670 4740  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll

17:58:44.0676 4740  UmRdpService - ok

17:58:44.0695 4740  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll

17:58:44.0701 4740  upnphost - ok

17:58:44.0707 4740  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

17:58:44.0709 4740  usbccgp - ok

17:58:44.0745 4740  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

17:58:44.0747 4740  usbcir - ok

17:58:44.0752 4740  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

17:58:44.0754 4740  usbehci - ok

17:58:44.0770 4740  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

17:58:44.0775 4740  usbhub - ok

17:58:44.0780 4740  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

17:58:44.0782 4740  usbohci - ok

17:58:44.0800 4740  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys

17:58:44.0802 4740  usbprint - ok

17:58:44.0833 4740  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:58:44.0835 4740  USBSTOR - ok

17:58:44.0840 4740  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

17:58:44.0842 4740  usbuhci - ok

17:58:44.0875 4740  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll

17:58:44.0879 4740  UxSms - ok

17:58:44.0891 4740  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe

17:58:44.0894 4740  VaultSvc - ok

17:58:44.0909 4740  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

17:58:44.0911 4740  vdrvroot - ok

17:58:44.0942 4740  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe

17:58:44.0951 4740  vds - ok

17:58:44.0960 4740  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

17:58:44.0961 4740  vga - ok

17:58:44.0966 4740  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys

17:58:44.0968 4740  VgaSave - ok

17:58:44.0972 4740  VGPU - ok

17:58:44.0980 4740  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

17:58:44.0983 4740  vhdmp - ok

17:58:44.0999 4740  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys

17:58:45.0000 4740  viaide - ok

17:58:45.0019 4740  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys

17:58:45.0022 4740  vmbus - ok

17:58:45.0026 4740  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys

17:58:45.0027 4740  VMBusHID - ok

17:58:45.0032 4740  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

17:58:45.0034 4740  volmgr - ok

17:58:45.0054 4740  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

17:58:45.0058 4740  volmgrx - ok

17:58:45.0081 4740  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

17:58:45.0084 4740  volsnap - ok

17:58:45.0119 4740  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

17:58:45.0122 4740  vsmraid - ok

17:58:45.0181 4740  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe

17:58:45.0209 4740  VSS - ok

17:58:45.0215 4740  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys

17:58:45.0216 4740  vwifibus - ok

17:58:45.0225 4740  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll

17:58:45.0233 4740  W32Time - ok

17:58:45.0239 4740  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

17:58:45.0241 4740  WacomPen - ok

17:58:45.0288 4740  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

17:58:45.0290 4740  WANARP - ok

17:58:45.0296 4740  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

17:58:45.0299 4740  Wanarpv6 - ok

17:58:45.0350 4740  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe

17:58:45.0369 4740  wbengine - ok

17:58:45.0392 4740  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

17:58:45.0398 4740  WbioSrvc - ok

17:58:45.0407 4740  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll

17:58:45.0414 4740  wcncsvc - ok

17:58:45.0420 4740  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:58:45.0424 4740  WcsPlugInService - ok

17:58:45.0447 4740  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys

17:58:45.0448 4740  Wd - ok

17:58:45.0485 4740  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

17:58:45.0494 4740  Wdf01000 - ok

17:58:45.0515 4740  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll

17:58:45.0520 4740  WdiServiceHost - ok

17:58:45.0524 4740  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll

17:58:45.0528 4740  WdiSystemHost - ok

17:58:45.0543 4740  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll

17:58:45.0550 4740  WebClient - ok

17:58:45.0577 4740  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll

17:58:45.0583 4740  Wecsvc - ok

17:58:45.0592 4740  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

17:58:45.0596 4740  wercplsupport - ok

17:58:45.0633 4740  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll

17:58:45.0638 4740  WerSvc - ok

17:58:45.0731 4740  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

17:58:45.0734 4740  WfpLwf - ok

17:58:45.0743 4740  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

17:58:45.0746 4740  WIMMount - ok

17:58:45.0772 4740  WinDefend - ok

17:58:45.0788 4740  WinHttpAutoProxySvc - ok

17:58:45.0913 4740  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

17:58:45.0919 4740  Winmgmt - ok

17:58:46.0019 4740  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys

17:58:46.0022 4740  WinRing0_1_2_0 - ok

17:58:46.0099 4740  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll

17:58:46.0126 4740  WinRM - ok

17:58:46.0190 4740  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

17:58:46.0194 4740  WinUsb - ok

17:58:46.0240 4740  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll

17:58:46.0259 4740  Wlansvc - ok

17:58:46.0422 4740  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:58:46.0449 4740  wlidsvc - ok

17:58:46.0477 4740  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

17:58:46.0478 4740  WmiAcpi - ok

17:58:46.0514 4740  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

17:58:46.0517 4740  wmiApSrv - ok

17:58:46.0555 4740  WMPNetworkSvc - ok

17:58:46.0653 4740  wolf - ok

17:58:46.0724 4740  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll

17:58:46.0735 4740  WPCSvc - ok

17:58:46.0745 4740  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

17:58:46.0757 4740  WPDBusEnum - ok

17:58:46.0777 4740  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

17:58:46.0779 4740  ws2ifsl - ok

17:58:46.0795 4740  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll

17:58:46.0799 4740  wscsvc - ok

17:58:46.0804 4740  WSearch - ok

17:58:46.0910 4740  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll

17:58:46.0930 4740  wuauserv - ok

17:58:46.0967 4740  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

17:58:46.0969 4740  WudfPf - ok

17:58:47.0019 4740  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

17:58:47.0026 4740  WUDFRd - ok

17:58:47.0066 4740  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

17:58:47.0078 4740  wudfsvc - ok

17:58:47.0110 4740  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll

17:58:47.0116 4740  WwanSvc - ok

17:58:47.0383 4740  X6va012 - ok

17:58:47.0423 4740  X6va015 - ok

17:58:47.0472 4740  xhunter1 - ok

17:58:47.0498 4740  ================ Scan global ===============================

17:58:47.0522 4740  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

17:58:47.0566 4740  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

17:58:47.0576 4740  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

17:58:47.0615 4740  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

17:58:47.0643 4740  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

17:58:47.0650 4740  [Global] - ok

17:58:47.0650 4740  ================ Scan MBR ==================================

17:58:47.0702 4740  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

17:58:47.0875 4740  \Device\Harddisk0\DR0 - ok

17:58:47.0875 4740  ================ Scan VBR ==================================

17:58:47.0878 4740  [ A882CDFBE27E4AAC94F410E6067AAC64 ] \Device\Harddisk0\DR0\Partition1

17:58:47.0880 4740  \Device\Harddisk0\DR0\Partition1 - ok

17:58:47.0887 4740  [ 91E602FBBBC9427184DA285B9193E6F3 ] \Device\Harddisk0\DR0\Partition2

17:58:47.0889 4740  \Device\Harddisk0\DR0\Partition2 - ok

17:58:47.0889 4740  ============================================================

17:58:47.0889 4740  Scan finished

17:58:47.0889 4740  ============================================================

17:58:47.0902 3740  Detected object count: 0

17:58:47.0902 3740  Actual detected object count: 0

18:00:47.0368 4764  Deinitialize success

also es öffnet sich nicht mehr wie es scheint ist es weg danke :) aba das kan ich erst genau sagen noch ein paar tage den es gab mal zeiten wo es sich 2-3tage nicht geöffnet hat

schrauber

08.01.2014 12:06

Gefällt mir immer noch nicht richtig. Bitte Combofix noch einmal löschen, neu laden, laufen lassen und das Logfile posten.

Zerozo

08.01.2014 16:42

Code:

ComboFix 14-01-08.02 - Mesut 08.01.2014  16:25:43.4.3 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.41.1033.18.2047.717 [GMT 1:00]

ausgeführt von:: c:\users\Mesut\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Internet Explorer\dmlconf.dat

c:\program files (x86)\SearchProtect

c:\program files (x86)\SearchProtect\EULA.txt

c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe

c:\program files (x86)\SearchProtect\Main\bin\SPTool.dll

c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe

c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat

c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe

c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe

c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll

c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll

c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe

c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css

c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html

c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js

c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js

c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png

c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png

c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js

c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js

c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js

c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js

c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js

c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js

c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js

c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css

c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html

c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js

c:\program files (x86)\SearchProtect\UI\dialogs\settings.html

c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js

c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css

c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html

c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js

c:\program files (x86)\SearchProtect\UI\dialogs\style.css

c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js

c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css

c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html

c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-12-08 bis 2014-01-08  ))))))))))))))))))))))))))))))

.

.

2014-01-08 15:37 . 2014-01-08 15:37        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2014-01-08 15:37 . 2014-01-08 15:37        --------        d-----w-        c:\users\hedev\AppData\Local\temp

2014-01-08 15:37 . 2014-01-08 15:37        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-01-07 20:17 . 2010-02-04 09:01        74072        ----a-w-        c:\windows\SysWow64\XAPOFX1_4.dll

2014-01-07 20:17 . 2010-02-04 09:01        528216        ----a-w-        c:\windows\SysWow64\XAudio2_6.dll

2014-01-07 20:17 . 2010-02-04 09:01        238936        ----a-w-        c:\windows\SysWow64\xactengine3_6.dll

2014-01-07 20:17 . 2010-02-04 09:01        22360        ----a-w-        c:\windows\SysWow64\X3DAudio1_7.dll

2014-01-07 20:17 . 2009-03-09 14:27        4178264        ----a-w-        c:\windows\SysWow64\D3DX9_41.dll

2014-01-07 20:17 . 2007-04-04 17:53        81768        ----a-w-        c:\windows\SysWow64\xinput1_3.dll

2014-01-07 20:17 . 2007-03-12 15:42        3495784        ----a-w-        c:\windows\SysWow64\d3dx9_33.dll

2014-01-07 20:17 . 2014-01-07 20:17        --------        d-----w-        c:\program files (x86)\Microsoft XNA

2014-01-07 19:51 . 2014-01-07 19:52        --------        d-----w-        c:\users\Mesut\AppData\Local\SearchProtect

2014-01-07 16:43 . 2014-01-07 16:43        --------        d--h--w-        c:\windows\SysWow64\FF_BN_416211

2014-01-07 16:24 . 2014-01-07 16:24        --------        d-----w-        C:\TDSSKiller_Quarantine

2014-01-05 17:51 . 2014-01-05 18:03        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-01-05 17:51 . 2014-01-05 17:51        117464        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-01-05 17:29 . 2014-01-05 17:44        89304        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-01-02 23:58 . 2014-01-02 23:59        --------        d-----w-        C:\FRST

2014-01-01 17:45 . 2014-01-01 17:47        --------        d-----w-        C:\AdwCleaner

2013-12-25 19:27 . 2013-12-25 19:27        --------        d-----w-        c:\programdata\MTA San Andreas All

2013-12-25 16:45 . 2013-12-25 16:45        --------        d-----w-        c:\program files (x86)\VS Revo Group

2013-12-24 13:44 . 2013-12-24 13:44        --------        d-----w-        C:\Riot Games

2013-12-24 11:16 . 2013-12-24 11:16        --------        d-----w-        c:\windows\ERUNT

2013-12-21 19:59 . 2013-12-21 19:59        --------        d-----w-        c:\users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 19:58 . 2013-12-21 19:58        --------        d-----w-        c:\programdata\Malwarebytes

2013-12-18 15:46 . 2013-12-18 15:46        --------        d-----w-        c:\users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 15:44 . 2013-12-18 15:45        --------        d-----w-        c:\program files (x86)\OpenOffice 4

2013-12-09 20:47 . 2013-12-09 20:57        --------        d--h--w-        c:\windows\SysWow64\FF_BN_2019128

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-31 17:06 . 2013-08-11 13:43        139264        ----a-w-        c:\windows\SysWow64\r_unzip.exe

2013-11-28 21:41 . 2013-08-29 12:10        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-28 21:41 . 2013-08-24 21:01        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-07 10:52 . 2013-11-07 10:52        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{09326DD3-D6DC-4DFE-9AF4-BF364A099A02}\offreg.dll

2013-10-12 14:08 . 2013-07-13 16:11        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-10-12 14:08 . 2013-07-13 16:02        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-10-12 14:07 . 2013-07-13 16:02        281872        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-10-12 14:07 . 2013-07-13 16:02        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]

"Akamai NetSession Interface"="c:\users\Mesut\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-21 766208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0sdnclean64.exe

.

R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]

R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

R3 wolf;wolf;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys;c:\aeriagames\WolfTeam-DE\avital\wolf64.sys [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 CltMngSvc;Search Protect by Conduit Service;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 10:46        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 13:18]

.

2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 13:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"W7LXE"="c:\users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe" [2010-05-22 28135936]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

ustart page = hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPE178E7E2-62D8-4E1F-8D9D-9EE9989AE4A1&SSPV=

mDefault_Search_URL = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

Trusted Zone: aeriagames.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-BattlEye for OA - c:\program files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe

AddRemove-Crossfire Europe - c:\sg interactive\Crossfire Europe\uninst.exe

AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe

AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe

AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3476550111-2045390708-2280625213-1000\Software\SecuROM\License information*]

"datasecu"=hex:17,da,a6,e3,92,01,53,db,f8,5c,8b,3b,60,7c,08,98,ac,49,d1,b6,cc,

   39,44,5b,a7,84,3b,5c,d4,6b,42,e5,15,d7,0f,29,9b,4e,1b,b3,91,40,c1,06,12,de,\

"rkeysecu"=hex:91,1c,db,6d,7a,7c,a7,7d,27,17,29,3e,4e,a0,d8,99

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-01-08  16:40:19

ComboFix-quarantined-files.txt  2014-01-08 15:40

ComboFix2.txt  2014-01-07 17:21

ComboFix3.txt  2013-12-23 13:51

.

Vor Suchlauf: 92'121'653'248 bytes free

Nach Suchlauf: 21 Verzeichnis(se), 91'938'725'888 Bytes frei

.

- - End Of File - - 5D92CF1AA536E6A893FF0D59E406239A

schrauber

09.01.2014 11:25

AdwCleaner löschen wenn vorhanden:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Zerozo

10.01.2014 20:58

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.01.10.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mesut :: MESUT-PC [Administrator]
 

Schutz: Deaktiviert
 

10.01.2014 15:32:21

MBAM-log-2014-01-10 (15-37-00).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 248200

Laufzeit: 4 Minute(n), 29 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|start page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPE178E7E2-62D8-4E1F-8D9D-9EE9989AE4A1&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

der rest kommt noch

Code:

# AdwCleaner v3.016 - Report created 10/01/2014 at 15:45:04

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : Mesut - MESUT-PC

# Running from : C:\Users\Mesut\Desktop\adwcleaner.exe

# Option : Clean
 

***** [ Services ] *****
 

Service Deleted : CltMngSvc
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\Users\Mesut\AppData\Local\Searchprotect
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v9.0.8112.16483
 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start page]
 

-\\ Mozilla Firefox v
 

-\\ Google Chrome v31.0.1650.63
 

[ File : C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [1001 octets] - [01/01/2014 18:45:45]

AdwCleaner[R1].txt - [1551 octets] - [10/01/2014 15:38:16]

AdwCleaner[S0].txt - [1064 octets] - [01/01/2014 18:47:14]

AdwCleaner[S1].txt - [1233 octets] - [10/01/2014 15:45:04]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1293 octets] ##########

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014

Ran by Mesut (administrator) on MESUT-PC on 10-01-2014 20:56:04

Running from C:\Users\Mesut\Desktop

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Akamai Technologies, Inc.) C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [W7LXE] - C:\Users\Mesut\Desktop\Windows 7 Loader eXtreme Edition v3.503\w7lxe.exe [28135936 2010-05-22] ()

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation)

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mesut\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x974FB908CA5ECE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mesut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 

Chrome: 

=======

CHR HomePage: hxxp://google.de/

CHR RestoreOnStartup: "https://www.google.de/"

CHR DefaultSearchKeyword: youtube.com

CHR DefaultSearchProvider: YouTube-Videosuche

CHR DefaultSearchURL: hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch

CHR DefaultNewTabURL: 

CHR Extension: (AdBlock) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (Twitch.tv Europe Lag Fix) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoehmlkhjgaboegkondkciclminpjof\2.0_0

CHR Extension: (Steam Theme) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0

CHR Extension: (Google Wallet) - C:\Users\Mesut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx

CHR HKCU\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx

CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Mesut\AppData\Local\newhb2.crx
 

==================== Services (Whitelisted) =================
 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-21] (Advanced Micro Devices, Inc.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()
 

==================== Drivers (Whitelisted) ====================
 

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [34816 2013-06-19] (Advanced Micro Devices)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)

S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 wolf; \??\C:\AeriaGames\WolfTeam-DE\avital\wolf64.sys [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-10 20:56 - 2014-01-10 20:56 - 00012823 _____ C:\Users\Mesut\Desktop\FRST.txt

2014-01-10 17:47 - 2014-01-10 18:51 - 00000000 ____D C:\Users\Mesut\Documents\InfiniteCrisis

2014-01-10 17:46 - 2014-01-10 17:49 - 00000000 ____D C:\Users\Mesut\AppData\Local\InfiniteCrisis

2014-01-10 16:47 - 2014-01-10 16:47 - 00000000 ____D C:\Users\Mesut\AppData\Local\Turbine

2014-01-10 16:42 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2014-01-10 16:42 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2014-01-10 16:42 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2014-01-10 16:42 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2014-01-10 16:42 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2014-01-10 16:42 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2014-01-10 16:41 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2014-01-10 16:41 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2014-01-10 16:41 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2014-01-10 16:41 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2014-01-10 16:41 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2014-01-10 16:41 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2014-01-10 16:41 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2014-01-10 16:41 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2014-01-10 16:41 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2014-01-10 16:41 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2014-01-10 16:41 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2014-01-10 16:41 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2014-01-10 16:41 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2014-01-10 16:41 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2014-01-10 16:41 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2014-01-10 16:41 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2014-01-10 16:41 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2014-01-10 16:41 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2014-01-10 16:41 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2014-01-10 16:41 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2014-01-10 16:41 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll

2014-01-10 16:41 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2014-01-10 16:41 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll

2014-01-10 16:41 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2014-01-10 16:41 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2014-01-10 16:41 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2014-01-10 16:41 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2014-01-10 16:41 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2014-01-10 16:41 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2014-01-10 16:41 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2014-01-10 16:41 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2014-01-10 16:41 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2014-01-10 16:41 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2014-01-10 16:41 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2014-01-10 16:41 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2014-01-10 16:41 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2014-01-10 16:41 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2014-01-10 16:41 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2014-01-10 16:41 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2014-01-10 16:41 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2014-01-10 16:41 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2014-01-10 16:41 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2014-01-10 16:41 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2014-01-10 16:41 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2014-01-10 16:41 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2014-01-10 16:41 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2014-01-10 16:41 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2014-01-10 16:41 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2014-01-10 16:41 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2014-01-10 16:41 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2014-01-10 16:41 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2014-01-10 16:41 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2014-01-10 16:41 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2014-01-10 16:41 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2014-01-10 16:41 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2014-01-10 16:41 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2014-01-10 16:41 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2014-01-10 16:41 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2014-01-10 16:41 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2014-01-10 16:41 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2014-01-10 16:41 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2014-01-10 16:41 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2014-01-10 16:41 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2014-01-10 16:41 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2014-01-10 16:41 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2014-01-10 16:41 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2014-01-10 16:41 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2014-01-10 16:41 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2014-01-10 16:41 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2014-01-10 16:41 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2014-01-10 16:41 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll

2014-01-10 16:41 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2014-01-10 16:41 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll

2014-01-10 16:41 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2014-01-10 16:41 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll

2014-01-10 16:41 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2014-01-10 16:41 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll

2014-01-10 16:41 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2014-01-10 16:41 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll

2014-01-10 16:41 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2014-01-10 16:41 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll

2014-01-10 16:41 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2014-01-10 16:41 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll

2014-01-10 16:41 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2014-01-10 16:41 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll

2014-01-10 16:41 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2014-01-10 16:41 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll

2014-01-10 16:41 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2014-01-10 16:41 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll

2014-01-10 16:41 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2014-01-10 16:41 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll

2014-01-10 16:41 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2014-01-10 16:41 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll

2014-01-10 16:41 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2014-01-10 16:41 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll

2014-01-10 16:41 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2014-01-10 16:41 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll

2014-01-10 16:40 - 2014-01-10 16:41 - 00016883 _____ C:\Windows\DirectX.log

2014-01-10 16:40 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll

2014-01-10 16:40 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2014-01-10 16:40 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll

2014-01-10 16:40 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2014-01-10 16:40 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll

2014-01-10 16:40 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll

2014-01-10 16:40 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2014-01-10 16:40 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll

2014-01-10 16:40 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2014-01-10 16:40 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll

2014-01-10 16:40 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2014-01-10 16:40 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2014-01-10 16:40 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll

2014-01-10 16:40 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll

2014-01-10 16:40 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2014-01-10 16:40 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll

2014-01-10 16:40 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2014-01-10 16:40 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll

2014-01-10 16:40 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2014-01-10 16:40 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2014-01-10 16:40 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll

2014-01-10 16:40 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll

2014-01-10 16:40 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll

2014-01-10 16:40 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2014-01-10 16:40 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2014-01-10 16:40 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2014-01-10 16:40 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll

2014-01-10 16:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll

2014-01-10 16:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2014-01-10 16:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll

2014-01-10 16:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2014-01-10 16:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll

2014-01-10 16:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2014-01-10 16:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll

2014-01-10 16:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2014-01-10 16:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll

2014-01-10 16:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2014-01-10 16:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll

2014-01-10 16:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2014-01-10 16:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll

2014-01-10 16:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2014-01-10 16:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll

2014-01-10 16:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2014-01-10 16:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll

2014-01-10 16:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2014-01-10 16:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll

2014-01-10 16:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll

2014-01-10 16:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2014-01-10 16:38 - 2014-01-10 16:38 - 00001088 _____ C:\Users\Public\Desktop\InfiniteCrisis.lnk

2014-01-10 16:38 - 2014-01-10 16:38 - 00000000 ____D C:\ProgramData\Turbine

2014-01-10 16:37 - 2014-01-10 17:44 - 00000000 ____D C:\Program Files (x86)\InfiniteCrisis

2014-01-10 16:32 - 2014-01-10 16:37 - 138644080 _____ C:\Users\Mesut\Downloads\InfiniteCrisis-GLOBAL_Setup.exe

2014-01-10 16:07 - 2014-01-10 16:07 - 00000699 _____ C:\Users\Mesut\Desktop\JRT.txt

2014-01-10 15:59 - 2014-01-10 15:59 - 01037068 _____ (Thisisu) C:\Users\Mesut\Desktop\JRT.exe

2014-01-10 15:38 - 2014-01-10 15:38 - 01233962 _____ C:\Users\Mesut\Desktop\adwcleaner.exe

2014-01-10 15:29 - 2014-01-10 15:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-10 15:29 - 2014-01-10 15:29 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-10 15:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-10 15:25 - 2014-01-10 15:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-08 16:40 - 2014-01-08 16:40 - 00023040 _____ C:\ComboFix.txt

2014-01-08 16:23 - 2014-01-08 16:23 - 05162308 ____R (Swearware) C:\Users\Mesut\Desktop\ComboFix.exe

2014-01-07 21:18 - 2014-01-07 21:18 - 00000000 ____D C:\Users\Mesut\Documents\My Games

2014-01-07 21:17 - 2014-01-07 21:17 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA

2014-01-07 21:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2014-01-07 21:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2014-01-07 21:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2014-01-07 21:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2014-01-07 21:17 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2014-01-07 21:17 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2014-01-07 21:17 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2014-01-07 21:10 - 2014-01-07 21:10 - 00000000 ____D C:\Users\Mesut\Downloads\Terraria1.2.2

2014-01-07 21:08 - 2014-01-07 21:10 - 42086756 ____R C:\Users\Mesut\Downloads\Terraria1.2.2.rar

2014-01-07 20:49 - 2014-01-07 20:49 - 01142864 _____ (BitTorrent Inc.) C:\Users\Mesut\Desktop\utorrent_3.3.2b30416.exe

2014-01-07 17:43 - 2014-01-07 17:43 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_416211

2014-01-07 17:24 - 2014-01-07 17:24 - 00000000 ____D C:\TDSSKiller_Quarantine

2014-01-06 17:06 - 2014-01-06 17:07 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mesut\Desktop\tdsskiller.exe

2014-01-05 18:51 - 2014-01-05 19:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-05 18:32 - 2014-01-05 19:03 - 00000000 ____D C:\Users\Mesut\Desktop\mbar

2014-01-05 18:29 - 2014-01-05 18:44 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-01-04 15:47 - 2014-01-04 15:47 - 00000000 ____D C:\ProgramData\Mozilla

2014-01-03 00:58 - 2014-01-10 20:55 - 00000000 ____D C:\FRST

2014-01-01 19:07 - 2014-01-10 20:55 - 00000000 ____D C:\Users\Mesut\Desktop\FRST-OlderVersion

2014-01-01 18:45 - 2014-01-10 15:45 - 00000000 ____D C:\AdwCleaner

2013-12-25 23:04 - 2013-12-25 23:04 - 03684312 _____ C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

2013-12-25 23:03 - 2014-01-05 22:03 - 00000000 ____D C:\Users\Mesut\Desktop\SAMP

2013-12-25 20:29 - 2013-12-25 23:09 - 00000000 ____D C:\Users\Mesut\Documents\GTA San Andreas User Files

2013-12-25 20:29 - 2013-12-25 20:29 - 00002124 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk

2013-12-25 20:27 - 2013-12-25 20:27 - 00000000 ____D C:\ProgramData\MTA San Andreas All

2013-12-25 20:19 - 2013-03-04 01:46 - 00000000 ____D C:\Users\Mesut\Desktop\mta

2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-24 14:44 - 2013-12-24 14:44 - 00000000 ____D C:\Riot Games

2013-12-24 12:29 - 2013-12-31 16:19 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-23 14:25 - 2014-01-08 16:40 - 00000000 ____D C:\Qoobox

2013-12-23 14:25 - 2013-12-23 14:50 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-23 14:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-23 14:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-23 14:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-22 10:38 - 2014-01-10 20:55 - 01932166 _____ (Farbar) C:\Users\Mesut\Desktop\FRST64.exe

2013-12-22 10:27 - 2014-01-10 15:47 - 00055168 _____ C:\Windows\PFRO.log

2013-12-22 10:27 - 2014-01-10 15:47 - 00001960 _____ C:\Windows\setupact.log

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:44 - 2013-12-18 16:45 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-18 16:39 - 2013-12-21 20:24 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files
 

==================== One Month Modified Files and Folders =======
 

2014-01-10 20:56 - 2014-01-10 20:56 - 00012823 _____ C:\Users\Mesut\Desktop\FRST.txt

2014-01-10 20:55 - 2014-01-03 00:58 - 00000000 ____D C:\FRST

2014-01-10 20:55 - 2014-01-01 19:07 - 00000000 ____D C:\Users\Mesut\Desktop\FRST-OlderVersion

2014-01-10 20:55 - 2013-12-22 10:38 - 01932166 _____ (Farbar) C:\Users\Mesut\Desktop\FRST64.exe

2014-01-10 20:55 - 2013-06-01 14:24 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Skype

2014-01-10 20:51 - 2013-06-01 14:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-10 19:50 - 2009-07-14 05:45 - 00019680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-10 19:50 - 2009-07-14 05:45 - 00019680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-10 18:51 - 2014-01-10 17:47 - 00000000 ____D C:\Users\Mesut\Documents\InfiniteCrisis

2014-01-10 17:49 - 2014-01-10 17:46 - 00000000 ____D C:\Users\Mesut\AppData\Local\InfiniteCrisis

2014-01-10 17:44 - 2014-01-10 16:37 - 00000000 ____D C:\Program Files (x86)\InfiniteCrisis

2014-01-10 17:05 - 2013-06-11 19:00 - 00000800 _____ C:\Users\Mesut\Desktop\Neues Textdokument (2).txt

2014-01-10 16:47 - 2014-01-10 16:47 - 00000000 ____D C:\Users\Mesut\AppData\Local\Turbine

2014-01-10 16:46 - 2013-08-29 13:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-10 16:46 - 2013-08-24 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-10 16:45 - 2013-11-28 22:39 - 00000000 ____D C:\Users\Mesut\AppData\Local\Adobe

2014-01-10 16:41 - 2014-01-10 16:40 - 00016883 _____ C:\Windows\DirectX.log

2014-01-10 16:38 - 2014-01-10 16:38 - 00001088 _____ C:\Users\Public\Desktop\InfiniteCrisis.lnk

2014-01-10 16:38 - 2014-01-10 16:38 - 00000000 ____D C:\ProgramData\Turbine

2014-01-10 16:37 - 2014-01-10 16:32 - 138644080 _____ C:\Users\Mesut\Downloads\InfiniteCrisis-GLOBAL_Setup.exe

2014-01-10 16:07 - 2014-01-10 16:07 - 00000699 _____ C:\Users\Mesut\Desktop\JRT.txt

2014-01-10 15:59 - 2014-01-10 15:59 - 01037068 _____ (Thisisu) C:\Users\Mesut\Desktop\JRT.exe

2014-01-10 15:49 - 2013-10-04 17:53 - 00000000 ____D C:\Users\Mesut\AppData\Local\LogMeIn Hamachi

2014-01-10 15:49 - 2013-09-24 21:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2014-01-10 15:49 - 2013-06-11 15:28 - 00000000 ____D C:\Program Files (x86)\Steam

2014-01-10 15:47 - 2013-12-22 10:27 - 00055168 _____ C:\Windows\PFRO.log

2014-01-10 15:47 - 2013-12-22 10:27 - 00001960 _____ C:\Windows\setupact.log

2014-01-10 15:47 - 2013-06-01 14:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-10 15:47 - 2013-06-01 13:37 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-10 15:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-10 15:45 - 2014-01-01 18:45 - 00000000 ____D C:\AdwCleaner

2014-01-10 15:45 - 2013-06-01 16:46 - 01805571 _____ C:\Windows\WindowsUpdate.log

2014-01-10 15:38 - 2014-01-10 15:38 - 01233962 _____ C:\Users\Mesut\Desktop\adwcleaner.exe

2014-01-10 15:30 - 2014-01-10 15:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-10 15:29 - 2014-01-10 15:29 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-10 15:25 - 2014-01-10 15:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mesut\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-09 20:40 - 2013-09-26 17:31 - 00000000 ____D C:\Users\Mesut\AppData\Local\PMB Files

2014-01-09 20:40 - 2013-09-26 17:27 - 00000000 ____D C:\ProgramData\PMB Files

2014-01-09 17:53 - 2013-06-01 21:31 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\TS3Client

2014-01-08 22:15 - 2013-11-12 16:20 - 00000000 ____D C:\Users\Mesut\Desktop\Planungen

2014-01-08 22:15 - 2013-06-01 15:49 - 00694672 _____ C:\Windows\system32\perfh007.dat

2014-01-08 22:15 - 2013-06-01 15:49 - 00147796 _____ C:\Windows\system32\perfc007.dat

2014-01-08 22:15 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-08 16:40 - 2014-01-08 16:40 - 00023040 _____ C:\ComboFix.txt

2014-01-08 16:40 - 2013-12-23 14:25 - 00000000 ____D C:\Qoobox

2014-01-08 16:37 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini

2014-01-08 16:23 - 2014-01-08 16:23 - 05162308 ____R (Swearware) C:\Users\Mesut\Desktop\ComboFix.exe

2014-01-07 21:18 - 2014-01-07 21:18 - 00000000 ____D C:\Users\Mesut\Documents\My Games

2014-01-07 21:17 - 2014-01-07 21:17 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA

2014-01-07 21:17 - 2013-09-22 14:22 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\uTorrent

2014-01-07 21:13 - 2013-08-23 18:26 - 00000000 ____D C:\Users\Mesut\AppData\Local\CrashDumps

2014-01-07 21:10 - 2014-01-07 21:10 - 00000000 ____D C:\Users\Mesut\Downloads\Terraria1.2.2

2014-01-07 21:10 - 2014-01-07 21:08 - 42086756 ____R C:\Users\Mesut\Downloads\Terraria1.2.2.rar

2014-01-07 20:49 - 2014-01-07 20:49 - 01142864 _____ (BitTorrent Inc.) C:\Users\Mesut\Desktop\utorrent_3.3.2b30416.exe

2014-01-07 17:43 - 2014-01-07 17:43 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_416211

2014-01-07 17:24 - 2014-01-07 17:24 - 00000000 ____D C:\TDSSKiller_Quarantine

2014-01-06 17:07 - 2014-01-06 17:06 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mesut\Desktop\tdsskiller.exe

2014-01-05 22:03 - 2013-12-25 23:03 - 00000000 ____D C:\Users\Mesut\Desktop\SAMP

2014-01-05 19:03 - 2014-01-05 18:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-05 19:03 - 2014-01-05 18:32 - 00000000 ____D C:\Users\Mesut\Desktop\mbar

2014-01-05 18:44 - 2014-01-05 18:29 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-01-04 15:48 - 2013-11-04 17:16 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Mozilla

2014-01-04 15:47 - 2014-01-04 15:47 - 00000000 ____D C:\ProgramData\Mozilla

2014-01-01 14:44 - 2013-06-13 15:12 - 00000000 ____D C:\Users\Mesut\Desktop\Mesut abi

2013-12-31 18:06 - 2013-08-11 14:43 - 00139264 _____ C:\Windows\SysWOW64\r_unzip.exe

2013-12-31 16:19 - 2013-12-24 12:29 - 00000000 ____D C:\Users\Mesut\Downloads\FRST-OlderVersion

2013-12-26 13:08 - 2013-06-01 13:07 - 00000000 ____D C:\Program Files\WinRAR

2013-12-26 01:06 - 2013-07-13 14:35 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-12-25 23:09 - 2013-12-25 20:29 - 00000000 ____D C:\Users\Mesut\Documents\GTA San Andreas User Files

2013-12-25 23:04 - 2013-12-25 23:04 - 03684312 _____ C:\Users\Mesut\Desktop\rgnlauncher0.9.6.exe

2013-12-25 20:29 - 2013-12-25 20:29 - 00002124 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk

2013-12-25 20:28 - 2013-06-06 09:46 - 00000000 ____D C:\Program Files (x86)\MTA San Andreas 1.3

2013-12-25 20:27 - 2013-12-25 20:27 - 00000000 ____D C:\ProgramData\MTA San Andreas All

2013-12-25 19:47 - 2013-06-01 13:08 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-12-25 18:54 - 2013-06-01 14:24 - 00000000 ____D C:\ProgramData\Skype

2013-12-25 18:53 - 2013-06-01 14:24 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk

2013-12-25 17:45 - 2013-12-25 17:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-24 14:44 - 2013-12-24 14:44 - 00000000 ____D C:\Riot Games

2013-12-24 14:44 - 2013-06-01 14:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Windows\ERUNT

2013-12-24 12:08 - 2013-06-01 16:49 - 00000989 _____ C:\Users\Mesut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2013-12-24 12:08 - 2013-06-01 14:19 - 00001282 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-24 11:55 - 2013-07-07 14:19 - 00000000 ____D C:\Users\Mesut\Desktop\Neuer Ordner

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Notepad++

2013-12-24 10:49 - 2013-08-01 18:46 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-12-23 14:51 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default

2013-12-23 14:50 - 2013-12-23 14:25 - 00000000 ____D C:\Windows\erdnt

2013-12-23 14:43 - 2009-07-14 03:34 - 57409536 _____ C:\Windows\system32\config\software.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 15466496 _____ C:\Windows\system32\config\system.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak

2013-12-23 14:43 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak

2013-12-22 10:40 - 2013-07-23 11:46 - 00000000 ____D C:\Users\Mesut\Desktop\samet

2013-12-22 10:27 - 2013-12-22 10:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-21 20:59 - 2013-12-21 20:59 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\Malwarebytes

2013-12-21 20:58 - 2013-12-21 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-21 20:37 - 2013-08-31 15:26 - 00000000 ____D C:\Windows\pss

2013-12-21 20:24 - 2013-12-18 16:39 - 00000000 ____D C:\Users\Mesut\Desktop\OpenOffice 4.0.1 (de) Installation Files

2013-12-21 20:24 - 2013-07-03 21:24 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO

2013-12-20 22:58 - 2013-10-28 13:58 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.minecraft

2013-12-20 22:26 - 2013-08-31 18:06 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\.technic

2013-12-20 22:22 - 2013-08-31 18:05 - 02303908 _____ () C:\Users\Mesut\Desktop\TechnicLauncher.exe

2013-12-20 16:13 - 2013-06-01 14:17 - 00064024 _____ C:\Users\Mesut\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-19 15:02 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-18 16:46 - 2013-12-18 16:46 - 00000000 ____D C:\Users\Mesut\AppData\Roaming\OpenOffice

2013-12-18 16:45 - 2013-12-18 16:45 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

2013-12-18 16:45 - 2013-12-18 16:44 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-12-13 20:58 - 2013-06-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google
 

Some content of TEMP:

====================

C:\Users\Mesut\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-09 17:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber

11.01.2014 13:33

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Zerozo

15.01.2014 23:30

sry das ich so spät zurück schreibe habe schul stres wie mache ich die firewall aus :D? kenne mich net so aus^^

schrauber

16.01.2014 17:16

Firewall kann an bleiben :)

Alle Zeitangaben in WEZ +1. Es ist jetzt 12:49 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19