Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Dateien auf USB-Stick Verknüpfungen echte Dateien versteckt (https://www.trojaner-board.de/152097-dateien-usb-stick-verknuepfungen-echte-dateien-versteckt.html)

irgend 06.04.2014 15:38
Dateien auf USB-Stick Verknüpfungen echte Dateien versteckt
 
Hallo ich habe ein Problem beim einstecken eines USB stick sieht man nur die Verknüpfungen beim sichtbar machen sieht man die echten Dateien und eine Datei namens server.vbs
Was soll ich tun?

schrauber 06.04.2014 16:03
hi,


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


irgend 06.04.2014 16:37
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by User at 2014-04-06 17:35:37
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Bitdefender Antivirus (Disabled - Out of date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Disabled - Out of date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Disabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installed Programs ======================

ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0011-0000-0001-074957833700}) (Version: 11.0.460 - ABBYY)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
aMSN 0.98.9 (HKLM-x32\...\aMSN) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtMoney SE v7.41 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.41 - System SoftLab)
Assassin's Creed III - Complete Edition (HKLM-x32\...\{8B8E431A-A079-4D81-A353-D64BC01E209D}_is1) (Version: 1.05 - RAF)
Aurora Blu-ray Media Player (HKLM-x32\...\Aurora Blu-ray Media Player) (Version: 2.13.4.1435 - Aurora Software Inc.)
AutoIt v3.3.10.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.10.2 - AutoIt Team)
AVG Nation toolbar (HKLM-x32\...\AVG Nation toolbar) (Version: 17.0.1.12 - InfoSpace)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Batman: Arkham Origins (HKLM-x32\...\Batman: Arkham Origins_is1) (Version:  - Warner Bros. Interactive Entertainment)
Ben There, Dan That! (HKLM-x32\...\Steam App 37420) (Version:  - Zombie Cow Studios)
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.19.0.831 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 Ultimate Vault Hunter Edition (Game of the Year) 1.5.0 (HKLM-x32\...\Borderlands 2 Ultimate Vault Hunter Edition (Game of the Year) 1.5.0) (Version:  - )
Build and Shoot Launcher 1.2 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC)
calibre 64bit (HKLM\...\{7DAFBA8E-9BBB-4411-80EF-3AF43C80B017}) (Version: 1.11.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version:  - Microsoft)
Dishonored (HKLM-x32\...\{62E137ED-2C26-4E06-A245-5C8EBEDD979B}_is1) (Version: 1.4 - Bethesda Softworks)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
EG21 Vokabelkartei interaktiv 1 (HKLM-x32\...\{A036DB99-B62F-4110-8D87-9DF0D6DC4022}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
ETDWare PS/2-X64 10.7.6.2_WHQL (HKLM\...\Elantech) (Version: 10.7.6.2 - ELAN Microelectronic Corp.)
Exif-Viewer 2.51  (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
FaceFilter Studio 2 (HKLM-x32\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 2.0 - Reallusion)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.03 - Ubisoft)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.0.1 - Ellora Assets Corporation)
Fritz und Fertig 4 (HKLM-x32\...\Fritz und Fertig 4) (Version:  - )
G DATA Logox4 Speechengine (HKLM-x32\...\lgx4.lgx.server) (Version:  - G DATA Software AG)
Gatling Gears (HKLM-x32\...\{5782EF38-8F32-4B9C-9A86-12877A93D8FE}) (Version: 1.0.0.0 - Electronic Arts)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Goodbye Deponia (HKLM-x32\...\Deponia 3) (Version: 1.0 - Daedalic Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.57 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Gunpoint (HKLM-x32\...\Gunpoint_is1) (Version: 2.0.0.0 - )
Hitman Absolution (HKLM-x32\...\Hitman Absolution_is1) (Version:  - )
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kalenderchen 5 (HKLM-x32\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version:  - Daniel Manger)
Keseling Poster-Drucker 1.2 (HKLM-x32\...\Keseling Poster-Drucker 1.2_is1) (Version: 1.2 - Sebastian Keseling Software)
KeyLemon (HKLM\...\KeyLemon) (Version: 2.7.2 - KeyLemon Solutions S.A.)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Add-On Installer (HKLM-x32\...\{F7D1BEE1-8CD0-4156-AA60-653109B4ECD7}) (Version: 1.0.0 - [SAO] Peter)
Macro Recorder Lite 4.71.0 (HKLM-x32\...\{22C234D4-58DF-455D-B2C0-B1DE03602EAC}_is1) (Version: 4.71.0 - Jitbit Software)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{F30AE017-6791-43F1-8591-D31EDDDDFF1A}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Premium (HKLM-x32\...\MAGIX_{47E960B1-A285-4D31-87BA-4D2936FC8FF1}) (Version: 12.0.0.32 - MAGIX AG)
MAGIX Video deluxe 2013 Premium (Version: 12.0.0.32 - MAGIX AG) Hidden
Mass Effect 2 Deluxe Edition (HKLM-x32\...\{A36A5251-2379-429B-9785-EEF2A5F8DBCB}_is1) (Version: v1.02 - The Most Electrifying Man)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.2000 - Maxthon International Limited)
MegaTrainer eXperience V1.2.0.7 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Speech SDK 5.1 (HKLM-x32\...\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}) (Version: 5.1.4324.0 - Microsoft)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Might & Magic Heroes VI - Complete Edition (HKLM-x32\...\{43EDB795-D687-47F9-A899-721771521801}_is1) (Version: 2.1.0 - RAF)
Minecraft Editor 64 bits (online) (HKCU\...\b197b685fb88f2e2) (Version: 1.2.2.119 - Axialmedia)
MiPony 2.1.0 (HKLM-x32\...\MiPony) (Version: 2.1.0 - )
Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version:  - )
Moo0 Voice Recorder 1.43 (HKLM-x32\...\Moo0 VoiceRecorder) (Version:  - )
Moo0 YouTube Downloader 1.07 (HKLM-x32\...\Moo0 Utube-DL) (Version:  - )
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Mozilla Thunderbird 17.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0 (x86 de)) (Version: 17.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.44.8 - Black Tree Gaming)
Nidhogg incl. Update 1 (HKLM-x32\...\TmlkaG9nZ2luY2xVcGRhdGUx_is1) (Version: 1 - )
Nitro Pro 8 (HKLM\...\{A322415E-A955-4C91-A96C-F7F135490227}) (Version: 8.0.9.8 - Nitro)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2 - )
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
O&O DiskImage Professional (HKLM\...\{56F8EF3C-D9A0-4728-95D5-DC05A72931F5}) (Version: 7.81.6 - O&O Software GmbH)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
OSCAR Editor (x32 Version: 12.03.0004 - A4TECH) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.4.30523 - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\PAYDAY 2_is1) (Version:  - 505 Games)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.204.0 - Tracker Software Products Ltd)
phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2 PSG) (Version:  - Sony Online Entertainment)
Portal 2 - P2 Manager 2.1 (HKLM-x32\...\{81DF453B-830E-46B8-B13B-C83E21FE9E26}_is1) (Version: 2.1 - XDSoft© INC.)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Portrait Professional Studio 10.9 (HKLM-x32\...\PortraitProfessionalStudio10_is1) (Version: 10.9 - Anthropics Technology Ltd.)
Process Hacker 2.31 (r5355) (HKLM\...\Process_Hacker2_is1) (Version: 2.31.0.5355 - wj32)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quark Update (HKLM-x32\...\{82154114-943B-4A6F-9B20-073C9573E93E}) (Version: 1.0.0.2 - Ihr Firmenname)
QuarkXPress (HKLM-x32\...\{EACCA5D3-5E48-4181-B953-1842BA6FED32}) (Version: 10.0.1.0 - Quark Software Inc.)
QuickStores-Toolbar 1.1.0 (HKLM-x32\...\QuickStores-Toolbar_is1) (Version: 1.1.0 - AB-Tools.com) <==== ATTENTION
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealSpeak Solo fur Deutsch - Steffi (HKLM-x32\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Recorder (HKLM-x32\...\ST6UNST #1) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Reus (HKLM-x32\...\GOGPACKREUS_is1) (Version: 2.1.0.13 - GOG.com)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rogue Legacy version 1.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 1.0.9 - )
roomeon 3D-Planer (HKLM-x32\...\{40BF3500-3324-4648-ADED-234FF4F82C0F}) (Version: 1.5.0 - roomeon GmbH)
Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version:  - )
Scribblenauts Unmasked A DC Comics Adventure (HKLM-x32\...\Scribblenauts Unmasked A DC Comics Adventure_is1) (Version:  - )
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpeedCommander 14 (x64) (HKLM\...\SpeedCommander 14 (x64)) (Version: 14.30.6900 - SWE Sven Ritter)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
SPORE™ Galaktische Abenteuer (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKCU\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steamless Half-Life 2 Stand-Alone (HKLM-x32\...\Steamless Half-Life 2 Stand-Alone) (Version: 1.0 - Steamless)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Super Crate Box (HKLM-x32\...\Steam App 212800) (Version:  - )
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
Technitium MAC Address Changer v6.0.3 (HKLM-x32\...\TMACv6.0) (Version: 6.0.3 - Technitium)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\The Stanley Parable_is1) (Version:  - )
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Time Gentlemen, Please! (HKLM-x32\...\Steam App 37400) (Version:  - Size Five Games)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Tom Clancy's Splinter Cell Double Agent (HKLM-x32\...\{CAD1691A-FA24-4B95-9009-3257B8440ECC}) (Version: 1.00.0000 - Ubisoft)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Total War Rome II *GERMAN* (HKLM-x32\...\VG90YWxXYXJSb21lSUk=_is1) (Version: 1 - )
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unchecky v0.2.10 (HKLM-x32\...\Unchecky) (Version: 0.2.10 - RaMMicHaeL)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.10.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.6 - The Wireshark developer community, hxxp://www.wireshark.org)
X7 Oscar Editor (HKLM-x32\...\InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}) (Version: 12.03.0004 - A4TECH)
Yontoo 2.053 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.053 - Yontoo LLC) <==== ATTENTION
zlib_and_png_libs_64 (HKLM\...\{257DEB23-0843-4DB1-903E-80DF48C9116F}) (Version: 1.0.114 - Axialmedia)

==================== Restore Points  =========================

31-03-2014 12:39:06 Geplanter Prüfpunkt
05-04-2014 10:55:38 Installed Java 7 Update 51 (64-bit)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-06 17:09 - 00001927 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com

There are 3 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {035AFA01-9F14-4FDC-8FE4-355A0A9A526B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {12311BD0-5EC3-46E1-BED9-713B21EF7F68} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)
Task: {2DD5503A-6550-4586-83F4-DA6C1B539594} - System32\Tasks\Run RoboForm TaskBar Icon => E:\Program Files (x86)\Roboform\RoboTaskBarIcon.exe
Task: {2F7E19F0-ED78-4848-8C4F-FD1DD5795FCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {32F013A4-3935-4985-8C2F-1BED04F8D85E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)
Task: {4636029E-48F1-4794-802C-75A0B4AF55BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {4DE547B0-9F42-45E1-9B94-E723CB9923FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {5EAD7A16-8619-44CE-BED4-D7E8467D0B04} - System32\Tasks\Maxthon Update => E:\Program Files (x86)\Maxthon3\Bin\mxup.exe [2014-03-06] (Maxthon International ltd.)
Task: {8800ACC5-957F-4A02-891F-479E70218651} - System32\Tasks\{474D78B7-5077-4DF8-ABEE-308724856F07} => C:\Users\User\Downloads\Programs\ednase_patch_1_2.exe
Task: {8AB6501F-D65C-4C6A-9C48-FCC777C7F590} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {9A6FCDD9-9A80-481E-BFE2-072714146C9A} - System32\Tasks\RunAsStdUser Task => E:\Program Files (x86)\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe [2013-10-19] (Moo0) <==== ATTENTION
Task: {A0048DFC-509A-4617-8713-6979BDDB8624} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-05-23] ()
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {B8F7D718-4042-4ABB-A60A-0A74BB406087} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core1cec6a1cda361d1 => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)
Task: {C18F4154-739E-4BA2-B5B9-F0143E4A833B} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: {C51CA583-A671-4EAF-AFF0-FE9E549ED375} - System32\Tasks\GlaryOneClickOptimizer => C:\Program Files (x86)\Glary Utilities\oneclickoptimizer.exe
Task: {E152419B-D157-4414-9E20-C751658E43E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14] (Google Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {ECF66EF1-C193-474B-8356-F7B8F0941110} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMLJJMGMGMHMKMGMJMCNNMLJOJMJCNLMLMNJNMCNOJJJHMJMCNNMOJHMLMMMJMKMJJGMLMPMHMJNJICMIMCNHMCNLMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMHMFMFMIMHMJNHICMEKMICNJJCKJNBJCMKKMIKJNIJNKJCMJNNICMJNDJCMLJKJ"
Task: {FE81B36B-BABD-4B23-A066-9B6F1B493E5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA1cec6a1d04d7d2e => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GlaryOneClickOptimizer.job => C:\Program Files (x86)\Glary Utilities\oneclickoptimizer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core1cec6a1cda361d1.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA1cec6a1d04d7d2e.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-15 21:01 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-24 20:12 - 2013-01-24 20:12 - 00011264 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2013-05-02 13:30 - 2013-05-02 13:30 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00326448 _____ () E:\Program Files\OO Software\DiskImage\oodiagrs.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-09 17:35 - 2013-09-09 17:35 - 00344880 _____ () E:\Program Files\OO Software\DiskImage\oodishrs.dll
2012-01-10 13:12 - 2012-01-10 13:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-24 20:12 - 2013-01-24 20:12 - 00270336 _____ () C:\Program Files (x86)\No-IP\DUC40.exe
2013-09-30 18:31 - 2013-10-01 19:40 - 02403144 _____ () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
2014-01-15 19:06 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-24 08:34 - 2013-01-24 08:34 - 00067584 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-01 19:40 - 2013-10-01 19:40 - 00518472 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
2013-10-01 19:40 - 2013-10-01 19:40 - 00141128 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
2014-01-15 19:06 - 2013-12-09 12:37 - 00394808 _____ () c:\program files (x86)\avira\antivir desktop\sqlite3.dll
2013-11-27 15:33 - 2013-11-14 13:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-27 15:33 - 2013-11-14 13:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-27 15:33 - 2013-11-14 13:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-27 15:33 - 2013-11-14 13:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-27 15:32 - 2013-11-14 13:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:B606BA34

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AIPS => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: vToolbarUpdater17.0.12 => 2
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VolumeWheel 1.1.lnk => C:\Windows\pss\VolumeWheel 1.1.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
MSCONFIG\startupreg: Bitdefender-Geldbörse => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
MSCONFIG\startupreg: Bitdefender-Geldbörse-Agent => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
MSCONFIG\startupreg: Bitdefender-Geldbörse-Anwendungs-Agent => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DNS7reminder => "E:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IDMan => E:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MxDock => E:\Program Files (x86)\Maxthon3\Modules\MxDock\MxDock.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\PacSteamT\Steam.exe" -silent
MSCONFIG\startupreg: Windows update => C:\Program Files\Java\jre7\bin\javaw -jar "C:\Users\User\AppData\Local\Temp\Windows update7566047654574817940.jar"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Faulty Device Manager Devices =============

Name: ARIB7EBK IDE Controller
Description: ARIB7EBK IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: a6fhpwe1
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2014 04:54:20 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b64

Startzeit: 01cf5188ce478df2

Endzeit: 29

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: 52088e76-bd9b-11e3-ae7f-e81132a037ae

Error: (04/06/2014 02:07:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/06/2014 01:10:20 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14b8

Startzeit: 01cf5187b5861d34

Endzeit: 21

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: 079a807c-bd7c-11e3-ae7f-e81132a037ae

Error: (04/06/2014 01:02:29 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 470

Startzeit: 01cf518783b99cf3

Endzeit: 9

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: ee93c9ec-bd7a-11e3-ae7f-e81132a037ae

Error: (04/06/2014 09:17:06 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: TabHelper64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52e0f869
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fef0be7b32
ID des fehlerhaften Prozesses: 0xed4
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (04/05/2014 02:55:26 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 162c

Startzeit: 01cf50c8576cfc06

Endzeit: 27

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: 899cbfad-bcc1-11e3-815b-e81132a037ae

Error: (04/05/2014 02:12:38 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3d0

Startzeit: 01cf50c7dfff07f9

Endzeit: 25

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: 90168e47-bcbb-11e3-815b-e81132a037ae

Error: (04/05/2014 02:09:17 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 270

Startzeit: 01cf50c7b1a5e18e

Endzeit: 10

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: 177e6dbc-bcbb-11e3-815b-e81132a037ae

Error: (04/05/2014 02:08:00 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1648

Startzeit: 01cf50c76ae3f7c7

Endzeit: 11

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: eb099ec8-bcba-11e3-815b-e81132a037ae

Error: (04/05/2014 02:06:01 PM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.510.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ea0

Startzeit: 01cf50c7561ea3e0

Endzeit: 10

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: a3ffbc49-bcba-11e3-815b-e81132a037ae


System errors:
=============
Error: (04/06/2014 05:33:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (04/06/2014 05:33:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (04/06/2014 05:33:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (04/06/2014 05:33:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (04/06/2014 05:33:20 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/06/2014 05:33:20 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/06/2014 05:33:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (04/06/2014 05:33:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (04/06/2014 05:33:09 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/06/2014 05:10:54 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07


Microsoft Office Sessions:
=========================
Error: (04/06/2014 04:54:20 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.131b6401cf5188ce478df229C:\Program Files\Java\jre7\bin\javaw.exe52088e76-bd9b-11e3-ae7f-e81132a037ae

Error: (04/06/2014 02:07:49 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe

Error: (04/06/2014 01:10:20 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.1314b801cf5187b5861d3421C:\Program Files\Java\jre7\bin\javaw.exe079a807c-bd7c-11e3-ae7f-e81132a037ae

Error: (04/06/2014 01:02:29 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.1347001cf518783b99cf39C:\Program Files\Java\jre7\bin\javaw.exeee93c9ec-bd7a-11e3-ae7f-e81132a037ae

Error: (04/06/2014 09:17:06 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4TabHelper64.dll_unloaded0.0.0.052e0f869c0000005000007fef0be7b32ed401cf51681ee3d07fC:\Windows\explorer.exeTabHelper64.dll75299f6d-bd5b-11e3-8428-e81132a037ae

Error: (04/05/2014 02:55:26 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.13162c01cf50c8576cfc0627C:\Program Files\Java\jre7\bin\javaw.exe899cbfad-bcc1-11e3-815b-e81132a037ae

Error: (04/05/2014 02:12:38 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.133d001cf50c7dfff07f925C:\Program Files\Java\jre7\bin\javaw.exe90168e47-bcbb-11e3-815b-e81132a037ae

Error: (04/05/2014 02:09:17 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.1327001cf50c7b1a5e18e10C:\Program Files\Java\jre7\bin\javaw.exe177e6dbc-bcbb-11e3-815b-e81132a037ae

Error: (04/05/2014 02:08:00 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.13164801cf50c76ae3f7c711C:\Program Files\Java\jre7\bin\javaw.exeeb099ec8-bcba-11e3-815b-e81132a037ae

Error: (04/05/2014 02:06:01 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.131ea001cf50c7561ea3e010C:\Program Files\Java\jre7\bin\javaw.exea3ffbc49-bcba-11e3-815b-e81132a037ae


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8104.19 MB
Available physical RAM: 5413.29 MB
Total Pagefile: 16206.56 MB
Available Pagefile: 13269.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Volume) (Fixed) (Total:55.9 GB) (Free:2.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Speicher) (Fixed) (Total:875.01 GB) (Free:448.1 GB) NTFS
Drive f: (OSWA-Assistant) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive g: (KAMERA) (Removable) (Total:3.72 GB) (Free:0.82 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: DF3FD82B)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: C56D2EA2)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by User (administrator) on USER-PC on 06-04-2014 17:35:04
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) E:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Microsoft) E:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) E:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
() C:\Program Files (x86)\No-IP\DUC40.exe
(Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IDMan.exe
() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
(Apple Inc.) E:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2893096 2011-12-28] (ELAN Microelectronics Corp.)
HKLM\...\Run: [KeyLemon LemonScreen] - E:\Program Files\KeyLemon\KLLockEngine.exe [997664 2013-09-25] (KeyLemon)
HKLM\...\Run: [KeyLemon Updater] - E:\Program Files\KeyLemon\KLUpdater.exe [705824 2013-09-25] (KeyLemon)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [OODITRAY.EXE] - E:\Program Files\OO Software\DiskImage\ooditray.exe [4986672 2013-09-09] (O&O Software GmbH)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [server] - wscript.exe //B "C:\Users\User\AppData\Roaming\server.vbe"
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2403144 2013-10-01] ()
HKLM-x32\...\Run: [iTunesHelper] - E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Bonus.SSR.FR11] - E:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [933640 2012-01-19] (ABBYY.)
HKLM-x32\...\Run: [QuickTime Task] - E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [server] - wscript.exe //B "C:\Users\User\AppData\Roaming\server.vbe"
HKLM-x32\...\Run: [5636d0f7d8f921df6f59cd538762a2e0] - .. [0 2014-04-06] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [561672 2013-12-19] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001512 2013-12-19] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [612696 2013-12-19] (Bitdefender)
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [DAEMON Tools Lite] - E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [Spotify Web Helper] - C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-10] (Spotify Ltd)
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-25] (Google Inc.)
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-05-16] (Macrovision Corporation)
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [FlashPlugins] - wscript "C:\Users\User\AppData\Roaming\Adobe\Flash Player\Plugins\invis.vbs" "C:\Users\User\AppData\Roaming\Adobe\Flash Player\Plugins\bat.bat"
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [NoIPDUCv4] - C:\Program Files (x86)\No-IP\DUC40.exe [270336 2013-01-24] ()
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [server] - wscript.exe //B "C:\Users\User\AppData\Roaming\server.vbe"
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [5636d0f7d8f921df6f59cd538762a2e0] - .. [0 2014-04-06] ()
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Run: [IDMan] - E:\Program Files (x86)\Internet Download Manager\IDMan.exe [3829328 2014-03-28] (Tonec Inc.)
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4008590695-826721552-1435460310-1000\...\MountPoints2: {1bb1169f-eb97-11e1-b0a1-e81132a037ae} - F:\Autorun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe (www.sordum.net)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.vbe ()

==================== Internet (Whitelisted) ====================

ProxyServer: :80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD7C8EF5F67B4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {B1C8E3FE-E22C-4675-B78B-0F17B3FC870A} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=08b3b8ca000000000000e81132a037ae&r=388
SearchScopes: HKCU - {B1C8E3FE-E22C-4675-B78B-0F17B3FC870A} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=08b3b8ca000000000000e81132a037ae&r=388
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6OyLGVDvp1&i=26
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File
Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9bptpqp5.default
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - E:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - E:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - E:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - E:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: BalancedWorlds.com/WebLauncher - C:\Users\User\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9bptpqp5.default\Extensions\foxyproxy@eric.h.jung [2014-03-03]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9bptpqp5.default\Extensions\firebug@software.joehewitt.com.xpi [2014-01-07]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9bptpqp5.default\Extensions\firefox1@myibay.com.xpi [2014-01-20]
FF Extension: Web Developer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9bptpqp5.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-01-07]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - E:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF Extension: Freemake Video Downloader Plugin - E:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - E:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - E:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-10-08]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2014-03-28]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2014-03-28]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (HD for YouTube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-04-04]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-21]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-25]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-28]
CHR Extension: (Squishy Bird) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cncjipmfbkfmhabioodjbbjkkekabdnf [2014-04-04]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-05]
CHR Extension: (Timer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2014-04-04]
CHR Extension: (Gmail offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-04-04]
CHR Extension: (CHIP Online) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhjmdobefakhdbfdpnnopoaldabldbgd [2014-04-04]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-04]
CHR Extension: (IDM Integration Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-03-28]
CHR Extension: (Google Mail-Checker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-04-04]
CHR Extension: (YouTube Quality) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcilgimggemnogfigihdkmapdhhlbph [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Kamera) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmpffnppnlgkgmbgidhhjcglloeejpg [2014-04-04]
CHR Extension: (iChrome: your homepage, for chrome (beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghkljobbhapacbahlneolfclkniiami [2014-04-04]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-25]
CHR HKCU\...\Chrome\Extension: [fcmdklckfmchcdecgpliabafifhobhhm] - C:\Users\User\AppData\Local\CRE\fcmdklckfmchcdecgpliabafifhobhhm.crx [2012-12-07]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - E:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-07-25]
CHR HKLM-x32\...\Chrome\Extension: [fcmdklckfmchcdecgpliabafifhobhhm] - C:\Users\User\AppData\Local\CRE\fcmdklckfmchcdecgpliabafifhobhhm.crx [2012-12-07]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - E:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - E:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Nation toolbar\ChromeExt\17.0.1.12\avg.crx [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2013-10-01]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Professional.11.0; E:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
S4 AIPS; E:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-12-06] (Fork Ltd.)
R2 FreemakeVideoCapture; E:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-06-18] (Microsoft)
S4 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-29] (Nitro PDF Software)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] ()
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 OO DiskImage; E:\Program Files\OO Software\DiskImage\oodiag.exe [6258480 2013-09-09] (O&O Software GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-02] ()
S3 TunngleService; E:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [107624 2014-03-09] (RaMMicHaeL)
S4 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1733448 2013-10-01] (AVG Secure Search)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2012-10-02] ()
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-11] (DT Soft Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 Maplom; No ImagePath
S3 MaplomL; No ImagePath
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 NSNDIS5; C:\Windows\SysWOW64\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116936 2013-09-09] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41160 2013-09-09] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255688 2013-09-09] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44744 2013-09-09] (O&O Software GmbH)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-04-06] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-21] (Anchorfree Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
U3 a6fhpwe1; No ImagePath
U4 bdselfpr;
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 17:35 - 2014-04-06 17:35 - 00030724 _____ () C:\Users\User\Desktop\FRST.txt
2014-04-06 17:34 - 2014-04-06 17:35 - 00000000 ____D () C:\FRST
2014-04-06 17:34 - 2014-04-06 17:34 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-04-06 12:30 - 2014-04-06 12:30 - 00016896 ___SH () C:\Users\User\Thumbs.db
2014-04-06 11:37 - 2014-04-06 11:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Anthropics
2014-04-06 11:34 - 2014-04-06 11:34 - 00000941 _____ () C:\Users\User\Desktop\Portrait Professional Studio 10.lnk
2014-04-06 09:24 - 2014-04-06 09:24 - 00000867 _____ () C:\Users\User\Desktop\Starwhal.lnk
2014-04-05 21:49 - 2014-04-05 21:49 - 00000328 _____ () C:\Users\User\Downloads\video.xspf
2014-04-05 19:38 - 2014-04-05 19:38 - 00491520 _____ () C:\Users\User\AppData\Roaming\w.exe
2014-04-05 17:08 - 2014-04-06 09:24 - 00000000 ____D () C:\Users\User\Downloads\28345c1531dc8f7cc601522cf1c3a425
2014-04-05 17:04 - 2014-04-05 17:05 - 72857466 _____ () C:\Users\User\Downloads\28345c1531dc8f7cc601522cf1c3a425.rar
2014-04-05 13:12 - 2014-04-05 13:12 - 00818889 _____ () C:\Users\User\Downloads\OptiFine_1.7.4_HD_U_D1.jar
2014-04-05 12:59 - 2014-04-05 13:00 - 00000000 ____D () C:\Users\User\Desktop\Minecraft
2014-04-05 12:58 - 2014-04-05 12:58 - 00145076 _____ () C:\Users\User\Downloads\Minecraft.jar
2014-04-05 12:58 - 2014-04-05 12:58 - 00144748 _____ () C:\Users\User\Downloads\Minecraft 1.7.4.jar
2014-04-05 12:57 - 2014-04-05 12:57 - 00675988 _____ () C:\Users\User\Downloads\Minecraft.exe
2014-04-05 12:56 - 2014-04-06 16:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2014-04-05 12:56 - 2014-04-05 12:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-05 12:56 - 2014-04-05 12:56 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-05 12:56 - 2014-04-05 12:56 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-05 12:56 - 2014-04-05 12:56 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-05 12:55 - 2014-04-05 12:55 - 00139783 _____ () C:\Users\User\Downloads\MinecraftSP.jar
2014-04-04 20:23 - 2014-04-04 20:23 - 00002265 _____ () C:\Users\User\Desktop\Chrome App Launcher.lnk
2014-04-02 15:47 - 2014-04-06 11:49 - 00002605 _____ () C:\Users\User\Desktop\GoatGame-Win32-Shipping.exe - Verknüpfung.lnk
2014-03-30 19:25 - 2014-03-30 19:25 - 01218560 _____ () C:\Users\User\AppData\Roaming\x.exe
2014-03-30 18:52 - 2014-03-30 18:52 - 00002773 _____ () C:\Users\User\Downloads\51753.mid
2014-03-29 21:14 - 2014-03-30 18:40 - 00000000 ____D () C:\Users\User\AppData\Local\fabi.me
2014-03-28 22:32 - 2014-03-28 22:58 - 00053248 _____ () C:\Users\User\AppData\Roaming\done.exe
2014-03-28 22:17 - 2014-03-28 22:17 - 00199435 _____ () C:\Users\User\Downloads\Odin 1.3 (3).zip
2014-03-28 21:57 - 2014-03-28 21:57 - 00199435 _____ () C:\Users\User\Downloads\Odin 1.3.zip
2014-03-28 17:50 - 2014-03-28 21:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDM
2014-03-28 17:50 - 2014-03-28 17:50 - 00000694 _____ () C:\Users\User\Desktop\Internet Download Manager.lnk
2014-03-28 17:50 - 2014-03-28 17:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-03-26 16:03 - 2014-04-02 15:13 - 00580081 _____ () C:\Users\User\Music\Documents\Techx.sla.autosave
2014-03-23 21:03 - 2014-03-23 21:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tunngle
2014-03-23 21:03 - 2014-03-23 21:18 - 00000000 ____D () C:\ProgramData\Tunngle
2014-03-23 21:03 - 2014-03-23 21:03 - 00000708 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-03-23 21:03 - 2014-03-23 21:03 - 00000000 ____D () C:\Users\User\Music\Documents\Tunngle
2014-03-23 21:03 - 2009-09-16 08:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-03-22 22:40 - 2014-03-22 22:40 - 00000000 ____D () C:\ProgramData\DivX
2014-03-21 20:32 - 2014-03-21 20:32 - 00191488 _____ () C:\Users\User\AppData\Roaming\ok.Exe
2014-03-21 20:16 - 2014-03-28 22:59 - 00053248 _____ () C:\Users\User\AppData\Roaming\winlogon.exe
2014-03-21 19:02 - 2014-03-21 19:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 19:02 - 2014-03-21 19:02 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-03-20 20:39 - 2014-03-20 20:39 - 00013587 ___SH () C:\Users\User\AppData\Roaming\server.vbe
2014-03-20 14:20 - 2013-11-28 02:24 - 00175480 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-03-14 16:27 - 2014-03-14 16:27 - 00003272 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-03-14 16:27 - 2014-03-14 16:27 - 00001125 _____ () C:\Users\User\Desktop\Moo0 YouTube Downloader 1.07.lnk
2014-03-14 16:27 - 2014-03-14 16:27 - 00000878 _____ () C:\Users\User\Desktop\Moo0 Voice Recorder 1.43.lnk
2014-03-14 16:26 - 2014-03-14 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0
2014-03-14 16:26 - 2014-03-14 16:27 - 00000000 ____D () C:\Program Files (x86)\Moo0
2014-03-14 16:26 - 2014-03-14 16:26 - 00001183 _____ () C:\Users\User\Desktop\Moo0 Audio Converter 1.32.lnk
2014-03-14 16:24 - 2014-03-14 16:24 - 00001032 _____ () C:\Users\User\Desktop\WaveRec.ini
2014-03-14 14:53 - 2014-03-14 14:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Thunderbird
2014-03-13 21:35 - 2014-03-13 21:35 - 00000162 ____H () C:\Users\User\Music\Documents\~$anzösisch.odt
2014-03-13 21:34 - 2014-03-13 21:35 - 00007212 _____ () C:\Users\User\Music\Documents\Französisch.odt
2014-03-13 16:16 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 16:16 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 16:16 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 16:16 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:16 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:16 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 16:16 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:16 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:16 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:16 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:16 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 16:16 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 16:16 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 16:16 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 16:16 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:16 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 16:16 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 16:16 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 16:16 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:16 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 16:16 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:16 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:16 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:16 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:16 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:16 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:16 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 16:16 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:16 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:16 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:16 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:16 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:16 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:16 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:16 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:16 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:16 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:16 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:16 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 16:16 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 16:16 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 16:16 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 16:16 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 16:16 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 16:15 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 16:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 16:15 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 16:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 09:50 - 2014-03-09 09:50 - 00000700 _____ () C:\Users\User\Desktop\TIPP10.lnk
2014-03-08 19:10 - 2014-03-08 19:11 - 22892386 _____ () C:\Users\User\Downloads\torbrowser-install-3.5.2.1_en-US.exe

==================== One Month Modified Files and Folders =======

2021-02-01 19:35 - 2012-11-13 18:44 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F4A14E20-2BC2-4BA8-B404-B83210185E19}
2014-04-06 17:35 - 2014-04-06 17:35 - 00030724 _____ () C:\Users\User\Desktop\FRST.txt
2014-04-06 17:35 - 2014-04-06 17:34 - 00000000 ____D () C:\FRST
2014-04-06 17:34 - 2014-04-06 17:34 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-04-06 17:33 - 2013-05-23 16:08 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-04-06 17:32 - 2014-01-12 19:52 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-04-06 17:32 - 2013-10-11 18:49 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA1cec6a1d04d7d2e.job
2014-04-06 17:32 - 2012-12-02 21:14 - 00000324 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-04-06 17:09 - 2013-10-16 14:53 - 00061441 _____ () C:\Windows\setupact.log
2014-04-06 17:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 16:54 - 2012-12-23 21:07 - 01527164 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 16:54 - 2012-09-19 11:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\DMCache
2014-04-06 16:48 - 2012-07-25 21:33 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA.job
2014-04-06 16:39 - 2012-10-28 11:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 16:38 - 2009-07-14 06:45 - 00023840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 16:38 - 2009-07-14 06:45 - 00023840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 16:01 - 2014-04-05 12:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2014-04-06 14:31 - 2013-10-11 18:49 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core1cec6a1cda361d1.job
2014-04-06 13:03 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-06 13:03 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-06 13:03 - 2009-07-14 07:13 - 01620676 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 12:30 - 2014-04-06 12:30 - 00016896 ___SH () C:\Users\User\Thumbs.db
2014-04-06 12:08 - 2013-07-19 23:04 - 00000000 ____D () C:\Users\User\workspace
2014-04-06 11:49 - 2014-04-02 15:47 - 00002605 _____ () C:\Users\User\Desktop\GoatGame-Win32-Shipping.exe - Verknüpfung.lnk
2014-04-06 11:37 - 2014-04-06 11:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Anthropics
2014-04-06 11:34 - 2014-04-06 11:34 - 00000941 _____ () C:\Users\User\Desktop\Portrait Professional Studio 10.lnk
2014-04-06 11:21 - 2012-07-25 21:32 - 00000000 _____ () C:\sniffer.log
2014-04-06 09:24 - 2014-04-06 09:24 - 00000867 _____ () C:\Users\User\Desktop\Starwhal.lnk
2014-04-06 09:24 - 2014-04-05 17:08 - 00000000 ____D () C:\Users\User\Downloads\28345c1531dc8f7cc601522cf1c3a425
2014-04-05 21:49 - 2014-04-05 21:49 - 00000328 _____ () C:\Users\User\Downloads\video.xspf
2014-04-05 19:48 - 2012-07-25 21:33 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core.job
2014-04-05 19:38 - 2014-04-05 19:38 - 00491520 _____ () C:\Users\User\AppData\Roaming\w.exe
2014-04-05 17:05 - 2014-04-05 17:04 - 72857466 _____ () C:\Users\User\Downloads\28345c1531dc8f7cc601522cf1c3a425.rar
2014-04-05 13:12 - 2014-04-05 13:12 - 00818889 _____ () C:\Users\User\Downloads\OptiFine_1.7.4_HD_U_D1.jar
2014-04-05 13:00 - 2014-04-05 12:59 - 00000000 ____D () C:\Users\User\Desktop\Minecraft
2014-04-05 12:58 - 2014-04-05 12:58 - 00145076 _____ () C:\Users\User\Downloads\Minecraft.jar
2014-04-05 12:58 - 2014-04-05 12:58 - 00144748 _____ () C:\Users\User\Downloads\Minecraft 1.7.4.jar
2014-04-05 12:57 - 2014-04-05 12:57 - 00675988 _____ () C:\Users\User\Downloads\Minecraft.exe
2014-04-05 12:56 - 2014-04-05 12:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-05 12:56 - 2014-04-05 12:56 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-05 12:56 - 2014-04-05 12:56 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-05 12:56 - 2014-04-05 12:56 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-05 12:55 - 2014-04-05 12:55 - 00139783 _____ () C:\Users\User\Downloads\MinecraftSP.jar
2014-04-04 20:23 - 2014-04-04 20:23 - 00002265 _____ () C:\Users\User\Desktop\Chrome App Launcher.lnk
2014-04-03 14:26 - 2013-10-11 18:49 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA1cec6a1d04d7d2e
2014-04-03 14:26 - 2013-10-11 18:49 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core1cec6a1cda361d1
2014-04-02 15:47 - 2013-12-26 12:10 - 00000000 ____D () C:\Users\User\Music\Documents\my games
2014-04-02 15:29 - 2014-02-05 15:57 - 00580081 _____ () C:\Users\User\Music\Documents\Techx.sla
2014-04-02 15:13 - 2014-03-26 16:03 - 00580081 _____ () C:\Users\User\Music\Documents\Techx.sla.autosave
2014-04-01 15:15 - 2013-11-15 21:02 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-04-01 15:15 - 2013-11-15 21:02 - 00000000 ____D () C:\Windows\system32\NV
2014-04-01 15:15 - 2012-07-23 22:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-31 17:00 - 2012-12-06 20:53 - 00000414 _____ () C:\Windows\Tasks\GlaryOneClickOptimizer.job
2014-03-30 19:25 - 2014-03-30 19:25 - 01218560 _____ () C:\Users\User\AppData\Roaming\x.exe
2014-03-30 18:52 - 2014-03-30 18:52 - 00002773 _____ () C:\Users\User\Downloads\51753.mid
2014-03-30 18:40 - 2014-03-29 21:14 - 00000000 ____D () C:\Users\User\AppData\Local\fabi.me
2014-03-30 10:25 - 2014-01-17 19:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nidhogg
2014-03-29 10:02 - 2012-07-25 18:41 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-28 22:59 - 2014-03-21 20:16 - 00053248 _____ () C:\Users\User\AppData\Roaming\winlogon.exe
2014-03-28 22:58 - 2014-03-28 22:32 - 00053248 _____ () C:\Users\User\AppData\Roaming\done.exe
2014-03-28 22:17 - 2014-03-28 22:17 - 00199435 _____ () C:\Users\User\Downloads\Odin 1.3 (3).zip
2014-03-28 21:57 - 2014-03-28 21:57 - 00199435 _____ () C:\Users\User\Downloads\Odin 1.3.zip
2014-03-28 21:57 - 2014-03-28 17:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDM
2014-03-28 21:46 - 2013-10-23 09:17 - 00318908 _____ () C:\Windows\PFRO.log
2014-03-28 17:50 - 2014-03-28 17:50 - 00000694 _____ () C:\Users\User\Desktop\Internet Download Manager.lnk
2014-03-28 17:50 - 2014-03-28 17:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-03-23 21:18 - 2014-03-23 21:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tunngle
2014-03-23 21:18 - 2014-03-23 21:03 - 00000000 ____D () C:\ProgramData\Tunngle
2014-03-23 21:05 - 2012-07-23 22:17 - 00202768 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 21:05 - 2009-07-14 06:45 - 05356856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-23 21:03 - 2014-03-23 21:03 - 00000708 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-03-23 21:03 - 2014-03-23 21:03 - 00000000 ____D () C:\Users\User\Music\Documents\Tunngle
2014-03-23 14:10 - 2012-08-16 21:01 - 00000000 ____D () C:\Users\User\.VirtualBox
2014-03-23 14:10 - 2012-07-25 21:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-03-22 22:40 - 2014-03-22 22:40 - 00000000 ____D () C:\ProgramData\DivX
2014-03-22 10:58 - 2012-07-23 20:52 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 20:32 - 2014-03-21 20:32 - 00191488 _____ () C:\Users\User\AppData\Roaming\ok.Exe
2014-03-21 19:02 - 2014-03-21 19:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 19:02 - 2014-03-21 19:02 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-03-21 19:02 - 2012-07-25 21:44 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 20:39 - 2014-03-20 20:39 - 00013587 ___SH () C:\Users\User\AppData\Roaming\server.vbe
2014-03-20 19:49 - 2013-07-11 12:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-03-16 21:06 - 2012-07-25 22:13 - 00000000 ____D () C:\Users\User\AppData\Local\Paint.NET
2014-03-14 20:38 - 2014-02-18 20:05 - 00000000 ____D () C:\Users\User\Music\Documents\Witcher 2
2014-03-14 16:27 - 2014-03-14 16:27 - 00003272 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-03-14 16:27 - 2014-03-14 16:27 - 00001125 _____ () C:\Users\User\Desktop\Moo0 YouTube Downloader 1.07.lnk
2014-03-14 16:27 - 2014-03-14 16:27 - 00000878 _____ () C:\Users\User\Desktop\Moo0 Voice Recorder 1.43.lnk
2014-03-14 16:27 - 2014-03-14 16:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0
2014-03-14 16:27 - 2014-03-14 16:26 - 00000000 ____D () C:\Program Files (x86)\Moo0
2014-03-14 16:26 - 2014-03-14 16:26 - 00001183 _____ () C:\Users\User\Desktop\Moo0 Audio Converter 1.32.lnk
2014-03-14 16:24 - 2014-03-14 16:24 - 00001032 _____ () C:\Users\User\Desktop\WaveRec.ini
2014-03-14 15:16 - 2012-10-24 16:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 14:53 - 2014-03-14 14:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Thunderbird
2014-03-14 14:12 - 2013-07-10 20:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 14:12 - 2013-07-10 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:35 - 2014-03-13 21:35 - 00000162 ____H () C:\Users\User\Music\Documents\~$anzösisch.odt
2014-03-13 21:35 - 2014-03-13 21:34 - 00007212 _____ () C:\Users\User\Music\Documents\Französisch.odt
2014-03-10 21:12 - 2014-01-10 20:18 - 00000000 ____D () C:\Users\User\Music\Documents\AutomaticSolution Software
2014-03-10 19:44 - 2014-01-06 12:36 - 00000000 ____D () C:\Users\User\Music\Documents\SavedGames
2014-03-09 09:50 - 2014-03-09 09:50 - 00000700 _____ () C:\Users\User\Desktop\TIPP10.lnk
2014-03-08 19:11 - 2014-03-08 19:10 - 22892386 _____ () C:\Users\User\Downloads\torbrowser-install-3.5.2.1_en-US.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\259.exe
C:\Users\User\AppData\Local\Temp\7za.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Black W0rm v3.1.exe
C:\Users\User\AppData\Local\Temp\chrome.exe
C:\Users\User\AppData\Local\Temp\InstallHelper.dll
C:\Users\User\AppData\Local\Temp\sdanircmdc.exe
C:\Users\User\AppData\Local\Temp\sdapskill.exe
C:\Users\User\AppData\Local\Temp\server.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\Stub.exe
C:\Users\User\AppData\Local\Temp\ubi3E58.tmp.exe
C:\Users\User\AppData\Local\Temp\Uninstaller-2584.exe
C:\Users\User\AppData\Local\Temp\upnp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 14:32

==================== End Of Log ============================
--- --- ---

schrauber 07.04.2014 13:39
Sticks anklemmen und nicht mehr abklemmen.


Panda USB Vaccine - Download - Filepony
Das laufen lassen zum Absichern des Sticks.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

irgend 07.04.2014 16:37
Code:
ComboFix 14-04-06.01 - User 07.04.2014  17:24:30.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8104.5606 [GMT 2:00]
ausgeführt von:: e:\downloads\Allgemein\Programs\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Bitdefender Spyware-Schutz *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1381251859.bdinstall.bin
c:\programdata\1389804839.6916.bin
c:\programdata\1389804839.7036.bin
c:\programdata\1389804839.7040.bin
c:\users\User\AppData\Roaming\Adobe\Flash Player\Plugins\invis.vbs
c:\users\User\AppData\Roaming\Adobe\Flash Player\Plugins\libcurl.dll
c:\users\User\AppData\Roaming\Adobe\Flash Player\Plugins\pthreadGC2.dll
c:\users\User\AppData\Roaming\dclogs
c:\users\User\AppData\Roaming\dclogs\2012-09-15-7.dc
c:\users\User\AppData\Roaming\dclogs\2014-01-14-3.dc
c:\users\User\AppData\Roaming\dclogs\2014-01-15-4.dc
c:\users\User\AppData\Roaming\done.exe
c:\users\User\AppData\Roaming\Love
c:\users\User\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\User\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\User\AppData\Roaming\Love\not_tetris_2\options.txt
c:\users\User\AppData\Roaming\MacroRecorderSetup.exe
c:\users\User\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\User\AppData\Roaming\Microsoft\bass.dll
c:\users\User\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\User\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\User\AppData\Roaming\Microsoft\peaadje.dll
c:\users\User\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\User\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe
c:\users\User\AppData\Roaming\ok.Exe
c:\users\User\AppData\Roaming\w.exe
c:\users\User\AppData\Roaming\winlogon.exe
c:\users\User\AppData\Roaming\x.exe
c:\users\User\Music\Documents\~WRL0005.tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-07 bis 2014-04-07  ))))))))))))))))))))))))))))))
.
.
2014-04-06 18:14 . 2014-04-06 18:15        92784        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\nssdbm3.dll
2014-04-06 17:13 . 2014-04-07 13:29        --------        d-----w-        c:\users\User\AppData\Roaming\Awesomium
2014-04-06 15:34 . 2014-04-06 15:36        --------        d-----w-        C:\FRST
2014-04-06 09:37 . 2014-04-06 09:37        --------        d-----w-        c:\users\User\AppData\Roaming\Anthropics
2014-04-05 10:56 . 2014-04-06 14:01        --------        d-----w-        c:\users\User\AppData\Roaming\.minecraft
2014-04-05 10:56 . 2014-04-05 10:56        312744        ----a-w-        c:\windows\system32\javaws.exe
2014-04-05 10:56 . 2014-04-05 10:56        189352        ----a-w-        c:\windows\system32\javaw.exe
2014-04-05 10:56 . 2014-04-05 10:56        189352        ----a-w-        c:\windows\system32\java.exe
2014-04-05 10:56 . 2014-04-05 10:56        108968        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-03-29 19:14 . 2014-03-30 16:40        --------        d-----w-        c:\users\User\AppData\Local\fabi.me
2014-03-28 15:50 . 2014-03-28 19:57        --------        d-----w-        c:\users\User\AppData\Roaming\IDM
2014-03-23 19:03 . 2014-03-23 19:18        --------        d-----w-        c:\users\User\AppData\Roaming\Tunngle
2014-03-23 19:03 . 2014-03-23 19:18        --------        d-----w-        c:\programdata\Tunngle
2014-03-23 19:03 . 2009-09-16 06:02        31232        ----a-w-        c:\windows\system32\drivers\tap0901t.sys
2014-03-22 20:40 . 2014-03-22 20:40        --------        d-----w-        c:\programdata\DivX
2014-03-21 17:02 . 2014-03-21 17:02        --------        d-----w-        c:\users\User\AppData\Local\Skype
2014-03-21 17:02 . 2014-03-21 17:02        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-03-21 17:02 . 2014-03-21 17:02        --------        d-----r-        c:\program files (x86)\Skype
2014-03-20 18:39 . 2014-03-20 18:39        13587        --sha-w-        c:\users\User\AppData\Roaming\server.vbe
2014-03-20 18:39 . 2014-03-20 18:39        13587        --sha-w-        c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.vbe
2014-03-20 12:20 . 2013-11-28 00:24        175480        ----a-w-        c:\windows\system32\drivers\idmwfp.sys
2014-03-14 14:26 . 2014-03-14 14:27        --------        d-----w-        c:\program files (x86)\Moo0
2014-03-14 12:53 . 2014-03-14 12:53        --------        d-----w-        c:\users\User\AppData\Roaming\Thunderbird
2014-03-13 14:15 . 2014-02-04 02:32        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-03-13 14:15 . 2014-02-04 02:32        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-03-13 14:15 . 2014-02-04 02:04        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-03-13 14:15 . 2014-02-04 02:04        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-07 15:23 . 2014-01-12 17:52        29        ----a-w-        c:\windows\SysWow64\TempWmicBatchFile.bat
2014-01-15 13:58 . 2014-01-14 17:36        113440        ----a-w-        c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2014-01-10 18:25 . 2014-01-10 18:25        73216        ----a-w-        c:\windows\ST6UNST.EXE
2014-01-10 18:25 . 2014-01-10 18:25        249856        ------w-        c:\windows\Setup1.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5636d0f7d8f921df6f59cd538762a2e0"=".." [X]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-10 1168896]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"NoIPDUCv4"="c:\program files (x86)\No-IP\DUC40.exe" [2013-01-24 270336]
"IDMan"="e:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-03-28 3829328]
"server"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"5636d0f7d8f921df6f59cd538762a2e0"=".." [X]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"vProt"="c:\program files (x86)\AVG Nation toolbar\vprot.exe" [2013-10-01 2403144]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"Bonus.SSR.FR11"="e:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640]
"QuickTime Task"="e:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender-Geldbörse-Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-19 561672]
"Bitdefender-Geldbörse"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-12-19 1001512]
"Bitdefender-Geldbörse-Anwendungs-Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-12-19 612696]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
server.vbe [2014-3-20 13587]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2013-6-21 724992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe"
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MaplomL;MaplomL; [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;e:\program files (x86)\Tunngle\TnglCtrl.exe;e:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 AIPS;Arp Intelligent Protection Service;e:\program files (x86)\netcut\services\AIPS.exe;e:\program files (x86)\netcut\services\AIPS.exe [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
R4 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
R4 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
R4 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys;c:\windows\SYSNATIVE\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys;c:\windows\SYSNATIVE\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys;c:\windows\SYSNATIVE\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys;c:\windows\SYSNATIVE\DRIVERS\oodivdh.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;e:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe;e:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;e:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;e:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 OO DiskImage;OO DiskImage;e:\program files\OO Software\DiskImage\oodiag.exe;e:\program files\OO Software\DiskImage\oodiag.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Unchecky;Unchecky;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-27 13:32        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 12:39]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 14:47]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 14:47]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 19:33]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000Core1cec6a1cda361d1.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 19:33]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 19:33]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4008590695-826721552-1435460310-1000UA1cec6a1d04d7d2e.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 19:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-24 11895400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-02 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-02 417560]
"KeyLemon LemonScreen"="e:\program files\KeyLemon\KLLockEngine.exe" [2013-09-25 997664]
"KeyLemon Updater"="e:\program files\KeyLemon\KLUpdater.exe" [2013-09-25 705824]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"OODITRAY.EXE"="e:\program files\OO Software\DiskImage\ooditray.exe" [2013-09-09 4986672]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"server"="wscript.exe" [2013-10-12 168960]
"combofix"="c:\combofix\CF2619.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Download aller Links mit IDM - e:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - e:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9bptpqp5.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKCU-Run-FlashPlugins - wscript c:\users\User\AppData\Roaming\Adobe\Flash Player\Plugins\invis.vbs
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
  8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{336D0C35-8A85-403A-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,38,12,5b,0f,7e,
  37,b7,c4,54,05,c6,c4,26,82,97,9d,d4,93
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
  72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d2,a0,e4,e3,88,93,cd,01
.
[HKEY_USERS\S-1-5-21-4008590695-826721552-1435460310-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAhngSL6dJP02TYoyA9MMPaAAAAAACAAAAAAAQZgAAAAEAACAAAABXreZJyQfWzX3bQavv9K7/BAYEmMjALyrgaw+0Y+Ra7gAAAAAOgAAAAAIAACAAAADlyhbGTwDqWs/k5GI/bUdAYnppP1WxjL5BKRMT7ezg4xAAAAB1NadfZsiCkkawX3LQ03pUQAAAAHPJS7y60pEMxVPxGumLaK8RcbrkklsWb/bZKy+njgVoJlszPfngFSJ4IZIqhCa5CA+IqW9gMmNuoy9ZQdjBN5g="
.
[HKEY_USERS\S-1-5-21-4008590695-826721552-1435460310-1000_Classes\Wow6432Node\CLSID\{216ecffb-b0fc-46db-8845-e5678cc082ad}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014f
"Therad"=dword:00000013
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
  1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4008590695-826721552-1435460310-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):d0,f1,4d,75,3d,54,2c,53,b3,af,0b,af,54,c2,be,f7,73,c1,81,bf,b5,
  a5,eb,6f,ae,f7,30,13,68,10,50,d5,3e,3b,ec,44,18,9c,03,d8,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4008590695-826721552-1435460310-1000_Classes\Wow6432Node\CLSID\{789c8e90-8eef-4a7a-be99-1f7249a27b53}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000111
"Therad"=dword:0000000c
.
[HKEY_USERS\S-1-5-21-4008590695-826721552-1435460310-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,e6,f8,84,80,31,e3,33,be,29,65,e7,78,dd,bc,43,1f,9a,03,20,53,
  9d,50,da,28,4c,10,a9,a8,c6,da,7d,23,f5,f5,d4,7d,77,c1,dd,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="0C811B5CBAA73BDECF3B7F2D50CC9F2A32D1E996652698AC4F1C61F1A77DD6AED7804C4DB98E4C81E5F5E47F6ECBC724A31C8751D73EF0ECBAD7C931266DFB4C9E0B60FACB5C45199D51DA50038FA76E4858A87C94AAB61E1E3E74E9769C38A71F064CAD3AD577CF131A981944166338B8DC68E15D44860FB0CD01D80CDAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CA9C6AECB7A5D1407A2D97226D213B5556DC5D5D86D08EC1567EB234B3CE68A2BFB385EDDCACAA3C00EAF903A3A5AA10C291B7DAED8859691FA3A18CBB8441D948E82C41B1A53848A5CEAF0DA21934AABAD4AF7D85F68E688CC4B51CE2EB66F3904621FD55562FB126EE278EC036B6775971C950616145AA87005BFAA3512293F07FE19B1B95B7F97A3A0AD7AE2785CE31B175B48646D5F448A91041D3C2DE573D3C311315A267780EA70CC7199507E93FB0A0217895D5953D8DF714485E23747B86019BC9EAEC0D34B6144A1D11317479684F4CA14519F70A9A114A32611204D9B46F72141E32E415D4838428D5EE5E3585CD523693CFB5A604C28A2081B183C75AEA78ECF3A81184F3D816A9DD79A75432C79C2C214AE73F41B208C68E68CF1CF94D7992FA8774DDF9C291AAA28DDA7ED4FE630ACD06943F00B2011D9DFDCED4D356A3A14AB3A7AE686F030B1FC47CD04E6DBD308F15574F45F0343C1735C53A19576CD8AC2ECDBCDDECB740185E6DC40D8C87E09F60B56341DD69A5A1654EA15FBC4937070A25210CD5F8E3E773D6FF8CDD161B8679B5BF58F5B7331BDFE9F82F3D5B0F83E65643F3F890D5F8A42C211B44F93F3CC091B95C3078BA7640F025DCBDB2E2CB5B23802E3D8DFB07CDD3906BBCD8D6CB3C94F018D03887489A5C527183D766268FA1C90AF915ED18D6E58E3D90F30A5AD4A573E02ADEE20AEDCC2F8AF935C4C68A30238DAAAC0B781464A4DC8063D78D1E837E17A97AC09DB40F47FACAD91EB4E847C5BE04FA4A8A1ACDCF784DC5A12B8F7149817868E609ACE7CF96E0E319736EB47EC03DE0CC0BBD90330CDEE93F380403A20B7744B2EF97E1EBE996CB67BBE9A3CF845ED5B709DFCD0522B4CD4F0CAFA18CE840FF6490DB53FB3133380150BC5DE9AEE43DB7B9FB78052E43AF1B33D58BF88673610E0E9D06E5688FE56B74416D2050D5BBB789620F1B308B121B801FA69CB0D01F3F62CA05937E6245E8A1628E07BEEE30D55E2BFA493E65E7DCFC3F96F24E739E661716856F9E1A82687AF8EF6D82942C2CF6295409F9421041E37DFD0382F5B8FC9DC605AD671471D7D43CCA488148D397C7A130E19EC0F191D92AB303E5D1AF9AC94B4041ACF6E18900B5C9F8ECB10AB43949D7BD68A6F80190DD1D480AED995DCC38512A57E"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\BDSandBox\User\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
@="!shallow!"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Unchecky\bin\unchecky_bg.exe
e:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-07  17:33:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-07 15:33
.
Vor Suchlauf: 8.411.807.744 Bytes frei
Nach Suchlauf: 8.019.890.176 Bytes frei
.
- - End Of File - - EF0658920A76270C41B15D9D271BB785

schrauber 08.04.2014 11:19
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131