Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7: PC "stürzt ab" beim Spielen (https://www.trojaner-board.de/146717-windows-7-pc-stuerzt-ab-beim-spielen.html)

IGooDLiKe125 26.12.2013 22:56
Windows 7: PC "stürzt ab" beim Spielen
 
Hallo Liebe com.

Ich habe folgendes Problem... Beim Spielen Stürzt mein PC immer ab & fährt danach von selbst wieder hoch

wenn der PC wieder Hochgefahren ist kommt ein Fenster mit "Lösung für Problem suchen"
wenn ich auf Mehr anzeigen gehe kommt folgendes
Code:
Problemsignatur:
  Problemereignisname:        BlueScreen
  Betriebsystemversion:        6.1.7601.2.1.0.768.3
  Gebietsschema-ID:        1031

Zusatzinformationen zum Problem:
  BCCode:        116
  BCP1:        FFFFFA8006CC34E0
  BCP2:        FFFFF8800775BF50
  BCP3:        FFFFFFFFC000009A
  BCP4:        0000000000000004
  OS Version:        6_1_7601
  Service Pack:        1_0
  Product:        768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\122613-21606-01.dmp
  C:\Users\GooDLike\AppData\Local\Temp\WER-109637-0.sysdata.xml
Würde mich freuen wenn mir jemand helfen könnte

cosinus 26.12.2013 23:54
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

IGooDLiKe125 27.12.2013 20:33
Nein hab leider keine weiteren funde.. den anderen fund habe ich aus dem "problem Lösen" fenster


Irgendwie wird keine Addition.txt auf meinem desktop gespeichert..


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by GooDLike (administrator) on GOODLIKE-PC on 27-12-2013 20:31:32
Running from C:\Users\GooDLike\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ICQ) C:\Users\GooDLike\AppData\Roaming\ICQM\icq.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-11-29] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [202296 2011-04-24] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
AppInit_DLLs:  [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://badoo.com/startpage/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=HitachiXHDS721010DLE630_MSE5215V1P2J5U1P2J5UX&ts=1375097842
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FT Downloader - C:\Users\GooDLike\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftd@ftd.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

Chrome:
=======
CHR HomePage: file:///C:/Users/GooDLike/Desktop/EpiiiiC/porn
CHR RestoreOnStartup: "hxxp://badoo.com/startpage/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\GooDLike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (Vince) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpdhkfmndlnlmmhcalabijjpogicdpa\3_0
CHR Extension: (Lightning Newtab) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0
CHR Extension: (Plus-HD-2.2) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.124_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [202296 2011-04-24] (Kaspersky Lab ZAO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [615728 2012-08-02] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-08-30] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 20:28 - 2013-12-27 20:31 - 00018489 _____ C:\Users\GooDLike\Downloads\FRST.txt
2013-12-27 20:27 - 2013-12-27 20:27 - 01930746 _____ (Farbar) C:\Users\GooDLike\Downloads\FRST64.exe
2013-12-26 22:36 - 2013-12-26 22:36 - 00448632 _____ C:\Windows\Minidump\122613-21606-01.dmp
2013-12-26 19:09 - 2013-12-26 23:06 - 00000000 ____D C:\Users\GooDLike\Desktop\IGooDLiKeI
2013-12-25 17:21 - 2013-12-25 17:21 - 00644904 _____ C:\Windows\Minidump\122513-29281-01.dmp
2013-12-20 12:32 - 2013-12-20 12:32 - 00446288 _____ C:\Windows\Minidump\122013-14539-01.dmp
2013-12-17 17:55 - 2013-12-17 17:55 - 00000000 _____ C:\Windows\SysWOW64\sho812.tmp
2013-12-12 03:02 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:02 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:02 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:02 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:01 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:01 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:01 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:01 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:01 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:01 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:01 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:01 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:01 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:01 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:01 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:01 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:01 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:01 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:01 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:01 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:01 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:01 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:01 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:01 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:01 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:01 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:01 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:01 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:01 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:01 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:01 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:01 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 03:18 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 03:18 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 03:18 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 03:18 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 03:18 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 03:18 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 03:18 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 03:18 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 03:18 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 03:18 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 03:18 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 03:18 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 03:18 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 03:18 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 03:18 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 03:18 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 03:18 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 03:18 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 03:18 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-03 19:53 - 2013-12-03 19:54 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\ICQ-Profile
2013-12-03 19:53 - 2013-12-03 19:53 - 00001818 _____ C:\Users\GooDLike\Desktop\ICQ.lnk
2013-12-03 19:53 - 2013-12-03 19:53 - 00001676 _____ C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2013-12-03 19:53 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2013-12-03 19:53 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\ICQM

==================== One Month Modified Files and Folders =======

2013-12-27 20:31 - 2013-12-27 20:28 - 00018489 _____ C:\Users\GooDLike\Downloads\FRST.txt
2013-12-27 20:27 - 2013-12-27 20:27 - 01930746 _____ (Farbar) C:\Users\GooDLike\Downloads\FRST64.exe
2013-12-27 19:51 - 2012-12-25 21:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 19:34 - 2012-08-02 16:08 - 02096529 _____ C:\Windows\WindowsUpdate.log
2013-12-27 19:32 - 2012-12-20 22:54 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 04:32 - 2012-12-20 22:54 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 00:37 - 2012-10-10 22:08 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Skype
2013-12-26 23:06 - 2013-12-26 19:09 - 00000000 ____D C:\Users\GooDLike\Desktop\IGooDLiKeI
2013-12-26 23:05 - 2012-08-02 16:11 - 00000000 ____D C:\Users\GooDLike
2013-12-26 23:04 - 2012-11-28 12:45 - 00000000 ____D C:\Users\GooDLike\Desktop\Programme für Trojanerboard
2013-12-26 23:01 - 2013-04-25 21:15 - 00000000 ____D C:\Program Files (x86)\Vogel Verlag
2013-12-26 23:00 - 2012-12-25 22:51 - 00000000 ____D C:\Users\GooDLike\AppData\Local\LogMeIn Hamachi
2013-12-26 22:44 - 2009-07-14 05:45 - 00024576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 22:44 - 2009-07-14 05:45 - 00024576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 22:38 - 2012-08-02 16:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-26 22:36 - 2013-12-26 22:36 - 00448632 _____ C:\Windows\Minidump\122613-21606-01.dmp
2013-12-26 22:36 - 2013-09-04 05:54 - 00011939 _____ C:\Windows\setupact.log
2013-12-26 22:36 - 2013-07-10 17:44 - 00000000 ____D C:\Windows\Minidump
2013-12-26 22:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-26 22:35 - 2013-09-04 22:59 - 710174830 _____ C:\Windows\MEMORY.DMP
2013-12-26 22:35 - 2012-02-22 15:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-26 19:49 - 2012-08-02 16:08 - 00000000 ____D C:\Recovery
2013-12-26 19:09 - 2011-05-16 15:04 - 00697300 _____ C:\Windows\system32\perfh007.dat
2013-12-26 19:09 - 2011-05-16 15:04 - 00148338 _____ C:\Windows\system32\perfc007.dat
2013-12-26 19:09 - 2009-07-14 06:13 - 01614964 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-25 17:21 - 2013-12-25 17:21 - 00644904 _____ C:\Windows\Minidump\122513-29281-01.dmp
2013-12-20 12:32 - 2013-12-20 12:32 - 00446288 _____ C:\Windows\Minidump\122013-14539-01.dmp
2013-12-17 17:55 - 2013-12-17 17:55 - 00000000 _____ C:\Windows\SysWOW64\sho812.tmp
2013-12-15 03:03 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:00 - 2011-07-18 21:31 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 06:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 04:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 03:20 - 2009-07-14 05:45 - 00431688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 03:02 - 2013-04-10 15:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 03:51 - 2012-12-25 21:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 03:51 - 2012-12-25 21:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 03:51 - 2011-12-01 22:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 19:54 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\ICQ-Profile
2013-12-03 19:53 - 2013-12-03 19:53 - 00001818 _____ C:\Users\GooDLike\Desktop\ICQ.lnk
2013-12-03 19:53 - 2013-12-03 19:53 - 00001676 _____ C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2013-12-03 19:53 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2013-12-03 19:53 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\ICQM
2013-12-03 04:27 - 2012-12-20 22:54 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 04:27 - 2012-12-20 22:54 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\GooDLike\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\GooDLike\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 00:58

==================== End Of Log ============================
--- --- ---

cosinus 28.12.2013 15:53
Zitat:
Irgendwie wird keine Addition.txt auf meinem desktop gespeichert..
FRST starten, Haken setzen bei additions.txt

IGooDLiKe125 28.12.2013 17:46
ok habs jetzt :) ....

Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2013 01
Ran by GooDLike at 2013-12-28 17:44:39
Running from C:\Users\GooDLike\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Kaspersky Internet Security (Disabled - Out of date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AS: Kaspersky Internet Security (Disabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Kaspersky Internet Security (Disabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.9.0)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink Power2Go (x32 Version: 7.0.0.1327)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink PowerRecover (x32 Version: 5.5.4125)
CyberLink WaveEditor (x32 Version: 1.0.1.2821)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Free YouTube to MP3 Converter version 3.11.34.1015 (x32 Version: 3.11.34.1015)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
GeForce Experience NvStream Client Components (Version: 0.1.87)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
HUAWEI DataCard Driver 4.20.12.00 (x32 Version: 4.20.12.00)
ICQ 8.2 (build 6870) (HKCU Version: 8.2.6870.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
iTunes (Version: 11.1.0.126)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 7 Update 3 (64-bit) (Version: 7.0.30)
Java(TM) 7 Update 3 (x32 Version: 7.0.30)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
League of Legends (x32 Version: 1.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Medion Home Cinema (x32 Version: 8.0.3216)
Memeo Instant Backup (x32 Version: 4.60.0.7943)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mobile Connection Manager (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6516)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
SHIELD Streaming (Version: 1.05.28)
SIW version 2011.10.29 (x32 Version: 2011.10.29)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.3 (x32 Version: 6.3.107)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 8 (x32 Version: 8.0.18051)
Trojan Killer (x32 Version: 2.1.8.5)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinZip 17.5 (Version: 17.5.10562)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

22-12-2013 00:45:25 Windows Update
22-12-2013 18:00:22 Windows-Sicherung
25-12-2013 11:43:27 Windows Update
26-12-2013 21:58:45 Removed Badoo Desktop
26-12-2013 21:59:10 Removed Bonjour
26-12-2013 21:59:58 Removed LogMeIn Hamachi
26-12-2013 22:01:02 Removed VirtualDJ Home FREE
26-12-2013 22:01:47 Removed XSplit
26-12-2013 22:07:37 TuneUp Utilities 2013 wird entfernt
26-12-2013 22:08:44 TuneUp Utilities Language Pack (de-DE) wird entfernt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-04 14:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1175F187-0323-4F22-BD25-E399B7C98CAA} - \Plus-HD-2.2-firefoxinstaller No Task File
Task: {13291D0B-6730-4258-98AA-7D05F7054D4F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2F9846FF-299A-4474-923A-3CA0B1BDE922} - \Plus-HD-2.2-chromeinstaller No Task File
Task: {43935255-2F09-4554-AD5D-4A24614AD350} - System32\Tasks\{8E08711E-210A-4A42-AE17-34BA1A617506} => C:\Program Files (x86)\Cossacks 2 - Battle for Europe\Run\Data\engine.exe
Task: {464B1B18-27F7-4450-87AC-97A29F3A76DD} - System32\Tasks\{F9DA7F92-FA4B-4FCC-BBE4-076C7D95A724} => C:\Program Files (x86)\Cossacks 2 - Battle for Europe\Run\Data\engine.exe
Task: {51B6C71F-1862-4930-B166-0EEA377E2563} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {55067E8C-39D0-4A83-9137-213BBCB8B6E7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6396BC95-F1D0-484A-8D61-594FA849A88F} - \Plus-HD-2.2-enabler No Task File
Task: {84634A36-D0E7-4EF8-A388-67628706ABD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {AF320831-4448-4882-8145-32958052FE86} - System32\Tasks\{802CDEDC-BA01-4BE5-9002-4FB33CD961FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {BF25A8E2-F6A9-48FD-8DE5-322A9E4A40A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C26A7054-D041-466B-8012-F5258F0BE99E} - \Omiga Plus RunAsStdUser No Task File
Task: {CB73B844-F157-49F4-B48A-DD89A21536CC} - \Plus-HD-2.2-updater No Task File
Task: {CDD95EA4-C3B6-47E5-A747-76735ED45108} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {E56F70B3-D6EE-4169-813F-6EDC1ACA98E4} - \Plus-HD-2.2-codedownloader No Task File
Task: {E9228E51-360E-495F-87FF-8FD5691E340F} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 22:13 - 2011-04-24 22:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 18:56 - 2011-04-20 18:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2013-12-05 17:33 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 17:33 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 17:33 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 17:33 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 17:33 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 17:33 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2013-09-20 02:30 - 2013-09-20 02:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-02-22 22:54 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-02-22 22:53 - 2012-01-20 04:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: TSSTcorp CDDVDW SH-216AB
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2013 01:34:58 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/28/2013 01:31:30 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/28/2013 00:48:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (12/27/2013 01:05:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (12/26/2013 11:08:25 PM) (Source: Microsoft-Windows-RestartManager) (User: GooDLike-PC)
Description: Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden.

Error: (12/26/2013 11:05:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/26/2013 11:00:43 PM) (Source: MsiInstaller) (User: GooDLike-PC)
Description: Produkt: Virtual DJ Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:

Google Chrome

Error: (12/26/2013 11:00:42 PM) (Source: MsiInstaller) (User: GooDLike-PC)
Description: Produkt: Virtual DJ Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:

Google Chrome

Error: (12/26/2013 11:00:41 PM) (Source: MsiInstaller) (User: GooDLike-PC)
Description: Produkt: Virtual DJ Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:

Google Chrome

Error: (12/26/2013 10:36:55 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


System errors:
=============
Error: (12/28/2013 01:31:51 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (12/28/2013 01:30:58 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa8010b4d4e0, 0xfffff88006990f50, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP122813-27128-01

Error: (12/28/2013 01:30:48 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎12.‎2013 um 13:28:51 unerwartet heruntergefahren.

Error: (12/26/2013 10:37:28 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (12/26/2013 10:36:07 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa8006cc34e0, 0xfffff8800775bf50, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP122613-21606-01

Error: (12/26/2013 10:36:02 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎12.‎2013 um 22:30:37 unerwartet heruntergefahren.

Error: (12/26/2013 10:25:39 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (12/26/2013 10:09:15 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (12/26/2013 08:02:03 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (12/26/2013 07:52:18 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


Microsoft Office Sessions:
=========================
Error: (12/28/2013 01:34:58 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/28/2013 01:31:30 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (12/28/2013 00:48:35 AM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (12/27/2013 01:05:26 AM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (12/26/2013 11:08:25 PM) (Source: Microsoft-Windows-RestartManager)(User: GooDLike-PC)
Description: 1C:\Windows\explorer.exeWindows-Explorer0411721760

Error: (12/26/2013 11:05:11 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\GooDLike\Downloads\esetsmartinstaller_enu.exe

Error: (12/26/2013 11:00:43 PM) (Source: MsiInstaller)(User: GooDLike-PC)
Description: Produkt: Virtual DJ Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:

Google Chrome(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/26/2013 11:00:42 PM) (Source: MsiInstaller)(User: GooDLike-PC)
Description: Produkt: Virtual DJ Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:

Google Chrome(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/26/2013 11:00:41 PM) (Source: MsiInstaller)(User: GooDLike-PC)
Description: Produkt: Virtual DJ Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:

Google Chrome(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/26/2013 10:36:55 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


CodeIntegrity Errors:
===================================
  Date: 2013-09-04 06:52:05.293
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-04 06:52:05.257
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-12 11:35:30.944
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\GooDLike\Desktop\Neuer Ordner (3)\Injector.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-12 11:35:30.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\GooDLike\Desktop\Neuer Ordner (3)\Injector.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 8158.89 MB
Available physical RAM: 5017.61 MB
Total Pagefile: 16315.97 MB
Available Pagefile: 12544.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:780.39 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1FE9121A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2013 01
Ran by GooDLike (administrator) on GOODLIKE-PC on 28-12-2013 17:44:15
Running from C:\Users\GooDLike\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-11-29] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [202296 2011-04-24] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
AppInit_DLLs:  [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://badoo.com/startpage/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=HitachiXHDS721010DLE630_MSE5215V1P2J5U1P2J5UX&ts=1375097842
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FT Downloader - C:\Users\GooDLike\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftd@ftd.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

Chrome:
=======
CHR HomePage: file:///C:/Users/GooDLike/Desktop/EpiiiiC/porn
CHR RestoreOnStartup: "hxxp://badoo.com/startpage/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\GooDLike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (Vince) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpdhkfmndlnlmmhcalabijjpogicdpa\3_0
CHR Extension: (Lightning Newtab) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0
CHR Extension: (Plus-HD-2.2) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.25.124_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [202296 2011-04-24] (Kaspersky Lab ZAO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [615728 2012-08-02] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-08-30] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-28 17:44 - 2013-12-28 17:44 - 00000000 ____D C:\Users\GooDLike\Downloads\FRST-OlderVersion
2013-12-28 13:30 - 2013-12-28 13:30 - 00529792 _____ C:\Windows\Minidump\122813-27128-01.dmp
2013-12-27 20:28 - 2013-12-28 17:44 - 00018438 _____ C:\Users\GooDLike\Downloads\FRST.txt
2013-12-27 20:27 - 2013-12-28 17:44 - 01931176 _____ (Farbar) C:\Users\GooDLike\Downloads\FRST64.exe
2013-12-26 22:36 - 2013-12-26 22:36 - 00448632 _____ C:\Windows\Minidump\122613-21606-01.dmp
2013-12-26 19:09 - 2013-12-26 23:06 - 00000000 ____D C:\Users\GooDLike\Desktop\IGooDLiKeI
2013-12-25 17:21 - 2013-12-25 17:21 - 00644904 _____ C:\Windows\Minidump\122513-29281-01.dmp
2013-12-20 12:32 - 2013-12-20 12:32 - 00446288 _____ C:\Windows\Minidump\122013-14539-01.dmp
2013-12-17 17:55 - 2013-12-17 17:55 - 00000000 _____ C:\Windows\SysWOW64\sho812.tmp
2013-12-12 03:02 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:02 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:02 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:02 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:01 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:01 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:01 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:01 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:01 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:01 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:01 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:01 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:01 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:01 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:01 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:01 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:01 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:01 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:01 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:01 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:01 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:01 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:01 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:01 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:01 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:01 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:01 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:01 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:01 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:01 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:01 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:01 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 03:18 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 03:18 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 03:18 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 03:18 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 03:18 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 03:18 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 03:18 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 03:18 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 03:18 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 03:18 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 03:18 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 03:18 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 03:18 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 03:18 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 03:18 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 03:18 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 03:18 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 03:18 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 03:18 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-03 19:53 - 2013-12-03 19:54 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\ICQ-Profile
2013-12-03 19:53 - 2013-12-03 19:53 - 00001818 _____ C:\Users\GooDLike\Desktop\ICQ.lnk
2013-12-03 19:53 - 2013-12-03 19:53 - 00001676 _____ C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2013-12-03 19:53 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2013-12-03 19:53 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\ICQM

==================== One Month Modified Files and Folders =======

2013-12-28 17:44 - 2013-12-28 17:44 - 00000000 ____D C:\Users\GooDLike\Downloads\FRST-OlderVersion
2013-12-28 17:44 - 2013-12-27 20:28 - 00018438 _____ C:\Users\GooDLike\Downloads\FRST.txt
2013-12-28 17:44 - 2013-12-27 20:27 - 01931176 _____ (Farbar) C:\Users\GooDLike\Downloads\FRST64.exe
2013-12-28 17:44 - 2013-09-03 18:31 - 00000000 ____D C:\FRST
2013-12-28 17:32 - 2012-12-20 22:54 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-28 17:03 - 2012-08-02 16:08 - 01116504 _____ C:\Windows\WindowsUpdate.log
2013-12-28 16:51 - 2012-12-25 21:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-28 13:38 - 2009-07-14 05:45 - 00024576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 13:38 - 2009-07-14 05:45 - 00024576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 13:32 - 2012-08-02 16:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-28 13:31 - 2013-09-04 05:54 - 00012107 _____ C:\Windows\setupact.log
2013-12-28 13:31 - 2012-12-20 22:54 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 13:30 - 2013-12-28 13:30 - 00529792 _____ C:\Windows\Minidump\122813-27128-01.dmp
2013-12-28 13:30 - 2013-09-04 22:59 - 1109546358 _____ C:\Windows\MEMORY.DMP
2013-12-28 13:30 - 2013-07-10 17:44 - 00000000 ____D C:\Windows\Minidump
2013-12-28 13:30 - 2012-02-22 15:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-28 13:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 13:30 - 2009-07-14 05:45 - 00430288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 08:25 - 2012-08-02 16:12 - 00112480 _____ C:\Users\GooDLike\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-27 00:37 - 2012-10-10 22:08 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Skype
2013-12-26 23:06 - 2013-12-26 19:09 - 00000000 ____D C:\Users\GooDLike\Desktop\IGooDLiKeI
2013-12-26 23:05 - 2012-08-02 16:11 - 00000000 ____D C:\Users\GooDLike
2013-12-26 23:04 - 2012-11-28 12:45 - 00000000 ____D C:\Users\GooDLike\Desktop\Programme für Trojanerboard
2013-12-26 23:01 - 2013-04-25 21:15 - 00000000 ____D C:\Program Files (x86)\Vogel Verlag
2013-12-26 23:00 - 2012-12-25 22:51 - 00000000 ____D C:\Users\GooDLike\AppData\Local\LogMeIn Hamachi
2013-12-26 22:36 - 2013-12-26 22:36 - 00448632 _____ C:\Windows\Minidump\122613-21606-01.dmp
2013-12-26 19:49 - 2012-08-02 16:08 - 00000000 ____D C:\Recovery
2013-12-26 19:09 - 2011-05-16 15:04 - 00697300 _____ C:\Windows\system32\perfh007.dat
2013-12-26 19:09 - 2011-05-16 15:04 - 00148338 _____ C:\Windows\system32\perfc007.dat
2013-12-26 19:09 - 2009-07-14 06:13 - 01614964 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-25 17:21 - 2013-12-25 17:21 - 00644904 _____ C:\Windows\Minidump\122513-29281-01.dmp
2013-12-20 12:32 - 2013-12-20 12:32 - 00446288 _____ C:\Windows\Minidump\122013-14539-01.dmp
2013-12-17 17:55 - 2013-12-17 17:55 - 00000000 _____ C:\Windows\SysWOW64\sho812.tmp
2013-12-15 03:03 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:00 - 2011-07-18 21:31 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 06:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 04:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 03:02 - 2013-04-10 15:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 03:51 - 2012-12-25 21:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 03:51 - 2012-12-25 21:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 03:51 - 2011-12-01 22:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 19:54 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\ICQ-Profile
2013-12-03 19:53 - 2013-12-03 19:53 - 00001818 _____ C:\Users\GooDLike\Desktop\ICQ.lnk
2013-12-03 19:53 - 2013-12-03 19:53 - 00001676 _____ C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2013-12-03 19:53 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2013-12-03 19:53 - 2013-12-03 19:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\ICQM
2013-12-03 04:27 - 2012-12-20 22:54 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 04:27 - 2012-12-20 22:54 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 00:58

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

cosinus 29.12.2013 21:04
Zitat:
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Kaspersky Internet Security (Disabled - Out of date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
Wieso hast du MSE und Kaspersky installiert? :wtf:
Sowas sollte man nicht tun, zwei Virenscanner dieser Art behindern sich gegenseitig und bremsen das System aus! Bitte umgehend eins der beiden deinstallieren.

IGooDLiKe125 02.01.2014 20:09
Ok hab jetzt kaspersky deinstalliert ...
wie soll ich jetzt weiter vorgehn ?

cosinus 03.01.2014 11:46
FRST neu runterladen, neue Logs erstellen - Haken bei additions.txt muss gesetzt sein!

IGooDLiKe125 31.01.2014 21:55
Sry hat etwas gedauert , da ich im ausland war ...



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by GooDLike (administrator) on GOODLIKE-PC on 31-01-2014 21:54:39
Running from C:\Users\GooDLike\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\GooDLike\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-11-29] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)
AppInit_DLLs:  => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://badoo.com/startpage/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=HitachiXHDS721010DLE630_MSE5215V1P2J5U1P2J5UX&ts=1375097842
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FT Downloader - C:\Users\GooDLike\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftd@ftd.com.xpi [2013-06-26]

Chrome:
=======
CHR HomePage: file:///C:/Users/GooDLike/Desktop/EpiiiiC/porn
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\GooDLike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (Vince) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpdhkfmndlnlmmhcalabijjpogicdpa [2013-07-29]
CHR Extension: (Lightning Newtab) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-08-23]
CHR Extension: (Plus-HD-2.2) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2013-10-03]
CHR Extension: (Google Wallet) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\GooDLike\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-18]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-08-22]

==================== Services (Whitelisted) =================

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-08-30] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-31 21:53 - 2014-01-31 21:53 - 02079744 _____ (Farbar) C:\Users\GooDLike\Downloads\FRST64 (1).exe
2014-01-31 21:51 - 2014-01-31 21:51 - 00485888 _____ C:\Windows\Minidump\013114-14742-01.dmp
2014-01-31 21:45 - 2014-01-31 21:45 - 00393192 _____ C:\Windows\Minidump\013114-15085-01.dmp
2014-01-30 23:10 - 2014-01-30 23:11 - 00391824 _____ C:\Windows\Minidump\013014-22183-01.dmp
2014-01-30 17:53 - 2014-01-30 17:53 - 00000932 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-01-30 17:53 - 2014-01-30 17:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Guild Wars 2
2014-01-30 17:53 - 2014-01-30 17:53 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2014-01-30 17:52 - 2014-01-30 17:53 - 00000000 ____D C:\Users\GooDLike\Documents\Guild Wars 2
2014-01-30 17:50 - 2014-01-30 17:52 - 22716480 _____ (ArenaNet) C:\Users\GooDLike\Downloads\Gw2Setup.exe
2014-01-30 17:28 - 2014-01-30 17:28 - 00000000 ____D C:\ProgramData\EPSON
2014-01-30 17:28 - 2014-01-30 17:28 - 00000000 ____D C:\Program Files\Common Files\EPSON
2014-01-29 15:47 - 2014-01-29 16:02 - 00000000 ____D C:\Users\GooDLike\Documents\GUILD WARS
2014-01-29 15:45 - 2014-01-29 15:45 - 01376768 _____ C:\Users\GooDLike\Downloads\7z920-x64.msi
2014-01-29 15:45 - 2014-01-29 15:45 - 00000000 ____D C:\Program Files\7-Zip
2014-01-28 22:12 - 2014-01-28 22:12 - 00338472 _____ (Amônétízé Ltd) C:\Users\GooDLike\Downloads\FlashPlayersetup__3873_i299105803_il155.exe
2014-01-28 06:08 - 2014-01-28 06:08 - 00340008 _____ (Amônétízé Ltd) C:\Users\GooDLike\Downloads\FlashPlayersetup__3873_i299674682_il22.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00441272 _____ C:\Users\GooDLike\Downloads\Hangover.3.German.BDRip.exe
2014-01-15 20:56 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:56 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:56 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-01-31 21:54 - 2013-12-27 20:28 - 00015841 _____ C:\Users\GooDLike\Downloads\FRST.txt
2014-01-31 21:54 - 2013-09-03 18:31 - 00000000 ____D C:\FRST
2014-01-31 21:54 - 2012-08-02 16:08 - 01721356 _____ C:\Windows\WindowsUpdate.log
2014-01-31 21:53 - 2014-01-31 21:53 - 02079744 _____ (Farbar) C:\Users\GooDLike\Downloads\FRST64 (1).exe
2014-01-31 21:51 - 2014-01-31 21:51 - 00485888 _____ C:\Windows\Minidump\013114-14742-01.dmp
2014-01-31 21:51 - 2013-09-04 22:59 - 664906234 _____ C:\Windows\MEMORY.DMP
2014-01-31 21:51 - 2013-09-04 05:54 - 00018749 _____ C:\Windows\setupact.log
2014-01-31 21:51 - 2013-07-10 17:44 - 00000000 ____D C:\Windows\Minidump
2014-01-31 21:51 - 2012-12-20 22:54 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 21:51 - 2012-02-22 15:34 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-31 21:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-31 21:45 - 2014-01-31 21:45 - 00393192 _____ C:\Windows\Minidump\013114-15085-01.dmp
2014-01-31 21:42 - 2013-04-10 13:44 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\TS3Client
2014-01-31 21:40 - 2013-04-10 13:44 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2014-01-31 21:32 - 2012-12-20 22:54 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 20:51 - 2012-12-25 21:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 23:19 - 2009-07-14 05:45 - 00024576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 23:19 - 2009-07-14 05:45 - 00024576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 23:11 - 2014-01-30 23:10 - 00391824 _____ C:\Windows\Minidump\013014-22183-01.dmp
2014-01-30 17:53 - 2014-01-30 17:53 - 00000932 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-01-30 17:53 - 2014-01-30 17:53 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Guild Wars 2
2014-01-30 17:53 - 2014-01-30 17:53 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2014-01-30 17:53 - 2014-01-30 17:52 - 00000000 ____D C:\Users\GooDLike\Documents\Guild Wars 2
2014-01-30 17:52 - 2014-01-30 17:50 - 22716480 _____ (ArenaNet) C:\Users\GooDLike\Downloads\Gw2Setup.exe
2014-01-30 17:28 - 2014-01-30 17:28 - 00000000 ____D C:\ProgramData\EPSON
2014-01-30 17:28 - 2014-01-30 17:28 - 00000000 ____D C:\Program Files\Common Files\EPSON
2014-01-30 17:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2014-01-29 16:02 - 2014-01-29 15:47 - 00000000 ____D C:\Users\GooDLike\Documents\GUILD WARS
2014-01-29 15:46 - 2012-10-24 19:29 - 00000000 ____D C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-29 15:45 - 2014-01-29 15:45 - 01376768 _____ C:\Users\GooDLike\Downloads\7z920-x64.msi
2014-01-29 15:45 - 2014-01-29 15:45 - 00000000 ____D C:\Program Files\7-Zip
2014-01-29 15:40 - 2013-09-16 19:21 - 00000000 ____D C:\Users\GooDLike\AppData\Local\WinZip
2014-01-28 22:12 - 2014-01-28 22:12 - 00338472 _____ (Amônétízé Ltd) C:\Users\GooDLike\Downloads\FlashPlayersetup__3873_i299105803_il155.exe
2014-01-28 06:08 - 2014-01-28 06:08 - 00340008 _____ (Amônétízé Ltd) C:\Users\GooDLike\Downloads\FlashPlayersetup__3873_i299674682_il22.exe
2014-01-19 16:42 - 2014-01-19 16:42 - 00441272 _____ C:\Users\GooDLike\Downloads\Hangover.3.German.BDRip.exe
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 03:18 - 2009-07-14 05:45 - 00430288 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:01 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:00 - 2011-07-18 21:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\GooDLike\AppData\Local\Temp\Gw2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 01:13

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by GooDLike at 2014-01-31 21:55:13
Running from C:\Users\GooDLike\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.9.0 - Asmedia Technology)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden
CyberLink WaveEditor (x32 Version: 1.0.1.2821 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.2821 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
EPSON BX305 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.11.34.1015 (x32 Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guild Wars 2 (x32 Version:  - NCsoft Corporation, Ltd.)
HUAWEI DataCard Driver 4.20.12.00 (x32 Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
ICQ 8.2 (build 6870) (HKCU Version: 8.2.6870.0 - Mail.Ru)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 3 (64-bit) (Version: 7.0.30 - Oracle)
Java(TM) 7 Update 3 (x32 Version: 7.0.30 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation)
League of Legends (x32 Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (x32 Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mobile Connection Manager (x32 Version:  - Mobile Connection Manager)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5 - NVIDIA Corporation)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6516 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden
SIW version 2011.10.29 (x32 Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (x32 Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (x32 Version: 6.3.107 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0 - Adobe Systems Incorporated)
TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (x32 Version: 8.0.18051 - TeamViewer)
Trojan Killer (x32 Version: 2.1.8.5 - Gridinsoft LLC)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.5 (Version: 17.5.10562 - WinZip Computing, S.L. )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

15-01-2014 19:46:24 Windows Update
16-01-2014 02:00:11 Windows Update
19-01-2014 02:29:12 Windows Update
19-01-2014 18:00:21 Windows-Sicherung
22-01-2014 15:58:18 Windows Update
26-01-2014 02:15:22 Windows Update
26-01-2014 18:00:24 Windows-Sicherung
29-01-2014 14:45:37 Installed 7-Zip 9.20 (x64 edition)
29-01-2014 15:57:48 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-04 14:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1175F187-0323-4F22-BD25-E399B7C98CAA} - \Plus-HD-2.2-firefoxinstaller No Task File
Task: {13291D0B-6730-4258-98AA-7D05F7054D4F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2F9846FF-299A-4474-923A-3CA0B1BDE922} - \Plus-HD-2.2-chromeinstaller No Task File
Task: {43935255-2F09-4554-AD5D-4A24614AD350} - System32\Tasks\{8E08711E-210A-4A42-AE17-34BA1A617506} => C:\Program Files (x86)\Cossacks 2 - Battle for Europe\Run\Data\engine.exe
Task: {464B1B18-27F7-4450-87AC-97A29F3A76DD} - System32\Tasks\{F9DA7F92-FA4B-4FCC-BBE4-076C7D95A724} => C:\Program Files (x86)\Cossacks 2 - Battle for Europe\Run\Data\engine.exe
Task: {51B6C71F-1862-4930-B166-0EEA377E2563} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {55067E8C-39D0-4A83-9137-213BBCB8B6E7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6396BC95-F1D0-484A-8D61-594FA849A88F} - \Plus-HD-2.2-enabler No Task File
Task: {84634A36-D0E7-4EF8-A388-67628706ABD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {AF320831-4448-4882-8145-32958052FE86} - System32\Tasks\{802CDEDC-BA01-4BE5-9002-4FB33CD961FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {BF25A8E2-F6A9-48FD-8DE5-322A9E4A40A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C26A7054-D041-466B-8012-F5258F0BE99E} - \Omiga Plus RunAsStdUser No Task File
Task: {CB73B844-F157-49F4-B48A-DD89A21536CC} - \Plus-HD-2.2-updater No Task File
Task: {CDD95EA4-C3B6-47E5-A747-76735ED45108} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {E56F70B3-D6EE-4169-813F-6EDC1ACA98E4} - \Plus-HD-2.2-codedownloader No Task File
Task: {E9228E51-360E-495F-87FF-8FD5691E340F} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-01-28 12:33 - 2014-01-23 06:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 12:33 - 2014-01-23 06:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 12:33 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 12:33 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 12:33 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-01-28 12:33 - 2014-01-23 06:56 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
2013-09-20 02:30 - 2013-09-20 02:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-02-22 22:54 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-02-22 22:53 - 2012-01-20 04:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: TSSTcorp CDDVDW SH-216AB
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2014 09:51:35 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/31/2014 09:51:28 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/31/2014 09:51:28 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/31/2014 09:51:28 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/31/2014 09:46:13 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/31/2014 09:46:06 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/31/2014 09:46:06 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/31/2014 09:46:06 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/31/2014 09:39:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: update.exe_TeamSpeak 3 Client Updater, Version: 1.0.0.0, Zeitstempel: 0x50eae266
Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.8.3.0, Zeitstempel: 0x50a20ceb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002acac
ID des fehlerhaften Prozesses: 0x1438
Startzeit der fehlerhaften Anwendung: 0xupdate.exe_TeamSpeak 3 Client Updater0
Pfad der fehlerhaften Anwendung: update.exe_TeamSpeak 3 Client Updater1
Pfad des fehlerhaften Moduls: update.exe_TeamSpeak 3 Client Updater2
Berichtskennung: update.exe_TeamSpeak 3 Client Updater3

Error: (01/31/2014 09:35:31 PM) (Source: RasClient) (User: )
Description: CoID={B30FF07F-6284-4853-A1FC-A6BCD38CB54A}: Der Benutzer "GooDLike-PC\GooDLike" hat eine Verbindung mit dem Namen "o2 Internet" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 797.


System errors:
=============
Error: (01/31/2014 09:51:51 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (01/31/2014 09:51:12 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa800c42d4e0, 0xfffff8800632af50, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP013114-14742-01

Error: (01/31/2014 09:51:11 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎31.‎01.‎2014 um 21:49:37 unerwartet heruntergefahren.

Error: (01/31/2014 09:46:28 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (01/31/2014 09:45:49 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa800a8cd010, 0xfffff880063a6f50, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP013114-15085-01

Error: (01/31/2014 09:45:49 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎31.‎01.‎2014 um 21:44:40 unerwartet heruntergefahren.

Error: (01/30/2014 11:12:35 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (01/30/2014 11:11:02 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa800c53f4e0, 0xfffff880063cff50, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP013014-22183-01

Error: (01/30/2014 11:10:58 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎30.‎01.‎2014 um 23:09:45 unerwartet heruntergefahren.

Error: (01/30/2014 05:17:28 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


Microsoft Office Sessions:
=========================
Error: (01/31/2014 09:51:35 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/31/2014 09:51:28 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/31/2014 09:51:28 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/31/2014 09:51:28 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/31/2014 09:46:13 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/31/2014 09:46:06 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/31/2014 09:46:06 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/31/2014 09:46:06 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/31/2014 09:39:43 PM) (Source: Application Error)(User: )
Description: update.exe_TeamSpeak 3 Client Updater1.0.0.050eae266QtCore4.dll4.8.3.050a20cebc0000005000000000002acac143801cf1ec44d0f164aC:\Program Files\TeamSpeak 3 Client\update.exeC:\Program Files\TeamSpeak 3 Client\QtCore4.dllcfe68b68-8ab7-11e3-a679-8c89a5c72dee

Error: (01/31/2014 09:35:31 PM) (Source: RasClient)(User: )
Description: {B30FF07F-6284-4853-A1FC-A6BCD38CB54A}GooDLike-PC\GooDLikeo2 Internet797


CodeIntegrity Errors:
===================================
  Date: 2013-09-04 06:52:05.293
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-04 06:52:05.257
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-12 11:35:30.944
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\GooDLike\Desktop\Neuer Ordner (3)\Injector.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-12 11:35:30.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\GooDLike\Desktop\Neuer Ordner (3)\Injector.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8158.89 MB
Available physical RAM: 5900.36 MB
Total Pagefile: 16315.97 MB
Available Pagefile: 13821.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:759.42 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1FE9121A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

cosinus 01.02.2014 02:04
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

IGooDLiKe125 01.02.2014 12:36
2014.02.01 (12:00)
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
GooDLike :: GOODLIKE-PC [administrator]

01.02.2014 12:00:46
mbar-log-2014-02-01 (12-00-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 267706
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=HitachiXHDS721010DLE630_MSE5215V1P2J5U1P2J5UX&ts=1375097842) Good: (hxxp://www.google.com) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
2014.02.01 ( 12:13)
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
GooDLike :: GOODLIKE-PC [administrator]

01.02.2014 12:13:23
mbar-log-2014-02-01 (12-13-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 267605
Time elapsed: 9 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 01.02.2014 21:53
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


IGooDLiKe125 02.02.2014 19:57
AdwCleaner

Code:
# AdwCleaner v3.018 - Bericht erstellt am 02/02/2014 um 19:43:11
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : GooDLike - GOODLIKE-PC
# Gestartet von : C:\Users\GooDLike\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

-\\ Google Chrome v32.0.1700.102

[ Datei : C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11259 octets] - [04/09/2013 21:30:10]
AdwCleaner[R1].txt - [7725 octets] - [04/09/2013 21:32:04]
AdwCleaner[R2].txt - [1598 octets] - [02/02/2014 19:42:30]
AdwCleaner[S0].txt - [3031 octets] - [04/09/2013 21:30:55]
AdwCleaner[S1].txt - [6825 octets] - [04/09/2013 21:32:23]
AdwCleaner[S2].txt - [1511 octets] - [02/02/2014 19:43:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1571 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by GooDLike on 02.02.2014 at 19:50:08,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\GooDLike\appdata\local\{E34918EC-F8E5-4097-8978-C168CC9702E6}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2014 at 19:53:44,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by GooDLike (administrator) on GOODLIKE-PC on 02-02-2014 19:55:26
Running from C:\Users\GooDLike\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-11-29] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink)
AppInit_DLLs:  => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://badoo.com/startpage/
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FT Downloader - C:\Users\GooDLike\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftd@ftd.com.xpi [2013-06-26]

Chrome:
=======
CHR HomePage: file:///C:/Users/GooDLike/Desktop/EpiiiiC/porn
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\GooDLike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (Vince) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpdhkfmndlnlmmhcalabijjpogicdpa [2013-07-29]
CHR Extension: (Plus-HD-2.2) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2013-10-03]
CHR Extension: (Google Wallet) - C:\Users\GooDLike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\GooDLike\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-18]

==================== Services (Whitelisted) =================

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-08-30] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 19:53 - 2014-02-02 19:53 - 00000739 _____ () C:\Users\GooDLike\Desktop\JRT.txt
2014-02-02 19:48 - 2014-02-02 19:48 - 01037068 _____ (Thisisu) C:\Users\GooDLike\Downloads\JRT.exe
2014-02-02 19:41 - 2014-02-02 19:41 - 01166132 _____ () C:\Users\GooDLike\Downloads\adwcleaner.exe
2014-02-01 13:16 - 2014-02-01 13:16 - 00416792 _____ () C:\Windows\Minidump\020114-14726-01.dmp
2014-02-01 13:09 - 2014-02-01 13:09 - 00447768 _____ () C:\Windows\Minidump\020114-15350-01.dmp
2014-02-01 12:13 - 2014-02-01 12:13 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-01 12:00 - 2014-02-01 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-01 11:59 - 2014-02-01 12:34 - 00000000 ____D () C:\Users\GooDLike\Desktop\mbar
2014-02-01 11:59 - 2014-02-01 12:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-01 11:58 - 2014-02-01 11:59 - 12589848 _____ (Malwarebytes Corp.) C:\Users\GooDLike\Downloads\mbar-1.07.0.1009.exe
2014-02-01 03:51 - 2014-02-01 03:51 - 00445344 _____ () C:\Windows\Minidump\020114-14773-01.dmp
2014-01-31 22:23 - 2014-01-31 22:23 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-31 22:20 - 2014-01-31 22:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\GooDLike\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-31 22:15 - 2014-01-31 22:15 - 00000000 ____D () C:\_OTL
2014-01-31 22:14 - 2014-01-31 22:15 - 00168958 _____ () C:\Users\GooDLike\Downloads\OTL.Txt
2014-01-31 22:14 - 2014-01-31 22:14 - 00085216 _____ () C:\Users\GooDLike\Downloads\Extras.Txt
2014-01-31 22:01 - 2014-01-31 22:01 - 00602112 _____ (OldTimer Tools) C:\Users\GooDLike\Downloads\OTL.exe
2014-01-31 21:51 - 2014-01-31 21:51 - 00485888 _____ () C:\Windows\Minidump\013114-14742-01.dmp
2014-01-31 21:45 - 2014-01-31 21:45 - 00393192 _____ () C:\Windows\Minidump\013114-15085-01.dmp
2014-01-30 23:10 - 2014-01-30 23:11 - 00391824 _____ () C:\Windows\Minidump\013014-22183-01.dmp
2014-01-30 17:53 - 2014-01-30 17:53 - 00000932 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-01-30 17:53 - 2014-01-30 17:53 - 00000000 ____D () C:\Users\GooDLike\AppData\Roaming\Guild Wars 2
2014-01-30 17:53 - 2014-01-30 17:53 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-01-30 17:52 - 2014-01-30 17:53 - 00000000 ____D () C:\Users\GooDLike\Documents\Guild Wars 2
2014-01-30 17:50 - 2014-01-30 17:52 - 22716480 _____ (ArenaNet) C:\Users\GooDLike\Downloads\Gw2Setup.exe
2014-01-30 17:28 - 2014-01-30 17:28 - 00000000 ____D () C:\ProgramData\EPSON
2014-01-30 17:28 - 2014-01-30 17:28 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-01-29 15:47 - 2014-01-29 16:02 - 00000000 ____D () C:\Users\GooDLike\Documents\GUILD WARS
2014-01-29 15:45 - 2014-01-29 15:45 - 01376768 _____ () C:\Users\GooDLike\Downloads\7z920-x64.msi
2014-01-29 15:45 - 2014-01-29 15:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-01-15 20:56 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:56 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:56 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:56 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-02 19:55 - 2013-12-28 17:44 - 00000000 ____D () C:\Users\GooDLike\Downloads\FRST-OlderVersion
2014-02-02 19:55 - 2013-12-27 20:28 - 00014996 _____ () C:\Users\GooDLike\Downloads\FRST.txt
2014-02-02 19:55 - 2013-12-27 20:27 - 02080256 _____ (Farbar) C:\Users\GooDLike\Downloads\FRST64.exe
2014-02-02 19:55 - 2013-09-03 18:31 - 00000000 ____D () C:\FRST
2014-02-02 19:53 - 2014-02-02 19:53 - 00000739 _____ () C:\Users\GooDLike\Desktop\JRT.txt
2014-02-02 19:52 - 2009-07-14 05:45 - 00024576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 19:52 - 2009-07-14 05:45 - 00024576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 19:51 - 2012-12-25 21:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 19:48 - 2014-02-02 19:48 - 01037068 _____ (Thisisu) C:\Users\GooDLike\Downloads\JRT.exe
2014-02-02 19:48 - 2012-08-02 16:08 - 01930576 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 19:45 - 2012-12-20 22:54 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 19:44 - 2013-09-04 05:54 - 00020093 _____ () C:\Windows\setupact.log
2014-02-02 19:44 - 2012-02-22 15:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-02 19:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 19:43 - 2013-09-04 20:30 - 00000000 ____D () C:\AdwCleaner
2014-02-02 19:41 - 2014-02-02 19:41 - 01166132 _____ () C:\Users\GooDLike\Downloads\adwcleaner.exe
2014-02-02 19:32 - 2012-12-20 22:54 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 13:16 - 2014-02-01 13:16 - 00416792 _____ () C:\Windows\Minidump\020114-14726-01.dmp
2014-02-01 13:16 - 2013-09-04 22:59 - 667483148 _____ () C:\Windows\MEMORY.DMP
2014-02-01 13:16 - 2013-07-10 17:44 - 00000000 ____D () C:\Windows\Minidump
2014-02-01 13:09 - 2014-02-01 13:09 - 00447768 _____ () C:\Windows\Minidump\020114-15350-01.dmp
2014-02-01 12:44 - 2013-04-10 13:44 - 00000000 ____D () C:\Users\GooDLike\AppData\Roaming\TS3Client
2014-02-01 12:34 - 2014-02-01 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-01 12:34 - 2014-02-01 11:59 - 00000000 ____D () C:\Users\GooDLike\Desktop\mbar
2014-02-01 12:13 - 2014-02-01 12:13 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-01 12:12 - 2014-02-01 11:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-01 11:59 - 2014-02-01 11:58 - 12589848 _____ (Malwarebytes Corp.) C:\Users\GooDLike\Downloads\mbar-1.07.0.1009.exe
2014-02-01 03:51 - 2014-02-01 03:51 - 00445344 _____ () C:\Windows\Minidump\020114-14773-01.dmp
2014-02-01 03:44 - 2013-09-04 05:54 - 00232610 _____ () C:\Windows\PFRO.log
2014-01-31 22:49 - 2012-11-30 16:51 - 01595580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-31 22:49 - 2011-05-16 15:04 - 00699884 _____ () C:\Windows\system32\perfh007.dat
2014-01-31 22:49 - 2011-05-16 15:04 - 00149766 _____ () C:\Windows\system32\perfc007.dat
2014-01-31 22:49 - 2009-07-14 06:13 - 01643118 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-31 22:47 - 2012-02-22 15:33 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-01-31 22:46 - 2012-02-22 15:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-31 22:23 - 2014-01-31 22:23 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-31 22:23 - 2013-09-04 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-31 22:21 - 2014-01-31 22:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\GooDLike\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-31 22:15 - 2014-01-31 22:15 - 00000000 ____D () C:\_OTL
2014-01-31 22:15 - 2014-01-31 22:14 - 00168958 _____ () C:\Users\GooDLike\Downloads\OTL.Txt
2014-01-31 22:14 - 2014-01-31 22:14 - 00085216 _____ () C:\Users\GooDLike\Downloads\Extras.Txt
2014-01-31 22:01 - 2014-01-31 22:01 - 00602112 _____ (OldTimer Tools) C:\Users\GooDLike\Downloads\OTL.exe
2014-01-31 21:55 - 2013-12-28 17:44 - 00039243 _____ () C:\Users\GooDLike\Downloads\Addition.txt
2014-01-31 21:51 - 2014-01-31 21:51 - 00485888 _____ () C:\Windows\Minidump\013114-14742-01.dmp
2014-01-31 21:45 - 2014-01-31 21:45 - 00393192 _____ () C:\Windows\Minidump\013114-15085-01.dmp
2014-01-31 21:40 - 2013-04-10 13:44 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-01-30 23:11 - 2014-01-30 23:10 - 00391824 _____ () C:\Windows\Minidump\013014-22183-01.dmp
2014-01-30 17:53 - 2014-01-30 17:53 - 00000932 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-01-30 17:53 - 2014-01-30 17:53 - 00000000 ____D () C:\Users\GooDLike\AppData\Roaming\Guild Wars 2
2014-01-30 17:53 - 2014-01-30 17:53 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-01-30 17:53 - 2014-01-30 17:52 - 00000000 ____D () C:\Users\GooDLike\Documents\Guild Wars 2
2014-01-30 17:52 - 2014-01-30 17:50 - 22716480 _____ (ArenaNet) C:\Users\GooDLike\Downloads\Gw2Setup.exe
2014-01-30 17:28 - 2014-01-30 17:28 - 00000000 ____D () C:\ProgramData\EPSON
2014-01-30 17:28 - 2014-01-30 17:28 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-01-30 17:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\spool
2014-01-29 16:02 - 2014-01-29 15:47 - 00000000 ____D () C:\Users\GooDLike\Documents\GUILD WARS
2014-01-29 15:46 - 2012-10-24 19:29 - 00000000 ____D () C:\Users\GooDLike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-29 15:45 - 2014-01-29 15:45 - 01376768 _____ () C:\Users\GooDLike\Downloads\7z920-x64.msi
2014-01-29 15:45 - 2014-01-29 15:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-01-29 15:40 - 2013-09-16 19:21 - 00000000 ____D () C:\Users\GooDLike\AppData\Local\WinZip
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 03:18 - 2009-07-14 05:45 - 00430288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:01 - 2013-08-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2011-07-18 21:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\GooDLike\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 01:13

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by GooDLike at 2014-02-02 19:56:01
Running from C:\Users\GooDLike\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.9.0 - Asmedia Technology)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden
CyberLink WaveEditor (x32 Version: 1.0.1.2821 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.2821 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
EPSON BX305 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.11.34.1015 (x32 Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guild Wars 2 (x32 Version:  - NCsoft Corporation, Ltd.)
HUAWEI DataCard Driver 4.20.12.00 (x32 Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
ICQ 8.2 (build 6870) (HKCU Version: 8.2.6870.0 - Mail.Ru)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 3 (64-bit) (Version: 7.0.30 - Oracle)
Java(TM) 7 Update 3 (x32 Version: 7.0.30 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation)
League of Legends (x32 Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (x32 Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mobile Connection Manager (x32 Version:  - Mobile Connection Manager)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5 - NVIDIA Corporation)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6516 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden
SIW version 2011.10.29 (x32 Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (x32 Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (x32 Version: 6.3.107 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0 - Adobe Systems Incorporated)
TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (x32 Version: 8.0.18051 - TeamViewer)
Trojan Killer (x32 Version: 2.1.8.5 - Gridinsoft LLC)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.5 (Version: 17.5.10562 - WinZip Computing, S.L. )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

22-01-2014 15:58:18 Windows Update
26-01-2014 02:15:22 Windows Update
26-01-2014 18:00:24 Windows-Sicherung
29-01-2014 14:45:37 Installed 7-Zip 9.20 (x64 edition)
29-01-2014 15:57:48 Windows Update
31-01-2014 21:04:46 OTL Restore Point - 31.01.2014 22:04:44
31-01-2014 21:44:27 Windows Update
01-02-2014 11:10:07 Malwarebytes Anti-Rootkit Restore Point
02-02-2014 18:00:25 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-04 14:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1175F187-0323-4F22-BD25-E399B7C98CAA} - \Plus-HD-2.2-firefoxinstaller No Task File
Task: {13291D0B-6730-4258-98AA-7D05F7054D4F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2F9846FF-299A-4474-923A-3CA0B1BDE922} - \Plus-HD-2.2-chromeinstaller No Task File
Task: {43935255-2F09-4554-AD5D-4A24614AD350} - System32\Tasks\{8E08711E-210A-4A42-AE17-34BA1A617506} => C:\Program Files (x86)\Cossacks 2 - Battle for Europe\Run\Data\engine.exe
Task: {464B1B18-27F7-4450-87AC-97A29F3A76DD} - System32\Tasks\{F9DA7F92-FA4B-4FCC-BBE4-076C7D95A724} => C:\Program Files (x86)\Cossacks 2 - Battle for Europe\Run\Data\engine.exe
Task: {51B6C71F-1862-4930-B166-0EEA377E2563} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {55067E8C-39D0-4A83-9137-213BBCB8B6E7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6396BC95-F1D0-484A-8D61-594FA849A88F} - \Plus-HD-2.2-enabler No Task File
Task: {84634A36-D0E7-4EF8-A388-67628706ABD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {AF320831-4448-4882-8145-32958052FE86} - System32\Tasks\{802CDEDC-BA01-4BE5-9002-4FB33CD961FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {BF25A8E2-F6A9-48FD-8DE5-322A9E4A40A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C26A7054-D041-466B-8012-F5258F0BE99E} - \Omiga Plus RunAsStdUser No Task File
Task: {CB73B844-F157-49F4-B48A-DD89A21536CC} - \Plus-HD-2.2-updater No Task File
Task: {CDD95EA4-C3B6-47E5-A747-76735ED45108} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {E56F70B3-D6EE-4169-813F-6EDC1ACA98E4} - \Plus-HD-2.2-codedownloader No Task File
Task: {E9228E51-360E-495F-87FF-8FD5691E340F} - \Desk 365 RunAsStdUser No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-09-20 02:30 - 2013-09-20 02:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-02-22 22:54 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-02-22 22:53 - 2012-01-20 04:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-28 12:33 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 12:33 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 12:33 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: TSSTcorp CDDVDW SH-216AB
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-04 06:52:05.293
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-04 06:52:05.257
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-12 11:35:30.944
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\GooDLike\Desktop\Neuer Ordner (3)\Injector.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-12 11:35:30.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\GooDLike\Desktop\Neuer Ordner (3)\Injector.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8158.89 MB
Available physical RAM: 6177.92 MB
Total Pagefile: 16315.97 MB
Available Pagefile: 14233.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:760.65 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1FE9121A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

cosinus 02.02.2014 23:33
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 18:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19