Hallo hier sind die geforderten Logs :
[CODE]
Combofix Logfile: Code:
ComboFix 14-04-30.01 - Dean 30.04.2014 21:29:42.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.2199 [GMT 2:00]
ausgeführt von:: c:\users\Dean\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-28 bis 2014-04-30 ))))))))))))))))))))))))))))))
.
.
2014-04-30 19:39 . 2014-04-30 19:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-30 19:39 . 2014-04-30 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-30 19:39 . 2014-04-30 19:39 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-04-30 14:51 . 2014-04-30 14:53 -------- d-----w- C:\FRST
2014-04-29 15:10 . 2014-04-30 19:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AACB9B-8019-41ED-A389-DD66A0E728EA}\offreg.dll
2014-04-29 13:40 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AACB9B-8019-41ED-A389-DD66A0E728EA}\mpengine.dll
2014-04-29 13:37 . 2014-04-29 13:37 -------- d-----w- c:\users\Dean\AppData\Roaming\eCyber
2014-04-29 13:36 . 2014-04-23 10:19 43520 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-04-29 13:36 . 2014-04-29 13:36 -------- d-----w- c:\windows\system32\log
2014-04-29 13:35 . 2014-04-30 19:18 -------- d-----w- c:\program files (x86)\iSafe
2014-04-29 13:35 . 2014-04-30 03:52 -------- d-----w- c:\users\Dean\AppData\Roaming\iSafe
2014-04-27 22:16 . 2014-04-27 22:16 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2014-04-27 14:04 . 2014-04-29 15:11 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-27 14:03 . 2014-04-27 14:03 -------- d-sh--w- c:\users\Dean\AppData\Local\EmieUserList
2014-04-27 14:03 . 2014-04-27 14:03 -------- d-sh--w- c:\users\Dean\AppData\Local\EmieSiteList
2014-04-27 11:13 . 2014-04-27 11:13 110080 ----a-r- c:\users\Dean\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-04-27 11:13 . 2014-04-27 11:13 110080 ----a-r- c:\users\Dean\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-04-27 11:13 . 2014-04-27 11:13 110080 ----a-r- c:\users\Dean\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-04-27 11:13 . 2014-04-27 11:13 -------- d-----w- C:\sh4ldr
2014-04-27 11:13 . 2014-04-27 11:13 -------- d-----w- c:\program files\Enigma Software Group
2014-04-27 11:12 . 2014-04-27 14:03 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-26 22:08 . 2014-04-28 13:28 -------- d-----w- c:\users\Dean\AppData\Local\WM
2014-04-26 22:07 . 2014-04-26 22:08 -------- d-----w- C:\wm
2014-04-24 02:56 . 2014-04-24 02:56 -------- d-----w- c:\users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 02:52 . 2014-04-24 09:50 -------- d-----w- c:\users\Dean\AppData\Roaming\Curse Client
2014-04-24 02:52 . 2014-04-24 02:52 -------- d-----w- c:\users\Dean\AppData\Roaming\Curse
2014-04-23 19:52 . 2014-04-23 19:55 -------- d-----w- c:\program files\Starsky & Hutch
2014-04-20 01:01 . 2014-03-06 08:53 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-04-09 19:45 . 2014-04-09 19:46 -------- d-----w- c:\users\Dean\AppData\Roaming\PowerCinema
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 21:50 . 2013-12-04 16:52 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-16 12:48 . 2014-03-16 12:48 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-03-04 09:17 . 2014-04-09 11:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-25 10:41 . 2014-03-15 23:03 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-25 10:41 . 2014-03-15 23:03 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-25 10:41 . 2014-03-15 23:03 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-07 01:23 . 2014-03-13 15:14 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 15:13 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 15:13 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 15:13 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 15:13 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-09-24 09:14 . 2013-09-29 19:16 179200 ----a-w- c:\program files\SpeedAutoClicker.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}]
2013-12-11 15:49 184400 ----a-w- c:\program files (x86)\Avira\Internet Explorer\avira32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Dean\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Curse.lnk - c:\users\Dean\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2014-4-23 8510216]
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\Lol REPLAY\LOLReplay\LOLRecorder.exe -minimize [2013-12-11 526848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" -autostart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 a2djavs;Audio 2 DJ WDM Audio;c:\windows\system32\Drivers\a2djavs.sys;c:\windows\SYSNATIVE\Drivers\a2djavs.sys [x]
R3 a2djusb_svc;Audio 2 DJ;c:\windows\system32\Drivers\a2djusb.sys;c:\windows\SYSNATIVE\Drivers\a2djusb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Dean\AppData\Local\Temp\GPU-Z.sys;c:\users\Dean\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys;c:\windows\SYSNATIVE\Drivers\kx1avs.sys [x]
R3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys;c:\windows\SYSNATIVE\Drivers\kx1usb.sys [x]
R3 kz1avs;Traktor Kontrol Z1 WDM Audio;c:\windows\system32\Drivers\kz1avs.sys;c:\windows\SYSNATIVE\Drivers\kz1avs.sys [x]
R3 kz1usb_svc;Traktor Kontrol Z1;c:\windows\system32\Drivers\kz1usb.sys;c:\windows\SYSNATIVE\Drivers\kz1usb.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\iSafe\iSafeKrnlKit.sys;c:\program files (x86)\iSafe\iSafeKrnlKit.sys [x]
S1 iSafeNetFilter;iSafeNetFilter;c:\program files (x86)\iSafe\iSafeNetFilter.sys;c:\program files (x86)\iSafe\iSafeNetFilter.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\spiele\HiRezGames\HiPatchService.exe;c:\spiele\HiRezGames\HiPatchService.exe [x]
S2 iSafeService;iSafeService;c:\program files (x86)\iSafe\iSafeSvc.exe;c:\program files (x86)\iSafe\iSafeSvc.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iSafeKrnl;iSafeKrnl;c:\program files (x86)\iSafe\iSafeKrnl.sys;c:\program files (x86)\iSafe\iSafeKrnl.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-27 03:46 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-28 08:16]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cec6ed68beab57.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 18:51]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 18:51]
.
2014-04-19 c:\windows\Tasks\Norton Security Scan for Dean.job
- c:\progra~2\NORTON~2\Engine\403~1.24\Nss.exe [2013-12-07 06:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{ED0072A7-71EF-4A23-8E92-3472A0896703}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: !HIDDEN! 1970-01-17 03:20; jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack; c:\users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Project 64_is1 - c:\program files (x86)\Project64 2.1\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{C029726A-CCBF-46D8-893A-E62105DB9803}_is1 - c:\program files (x86)\MotionInJoy\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-30 21:42:13
ComboFix-quarantined-files.txt 2014-04-30 19:42
ComboFix2.txt 2013-12-06 11:08
.
Vor Suchlauf: 27 Verzeichnis(se), 71.227.424.768 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 71.825.747.968 Bytes frei
.
- - End Of File - - E7C3ADCDA0F3230890FA4853FC93525B --- --- ---
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014 03
Ran by Dean (administrator) on DEAN-PC on 30-04-2014 21:45:07
Running from C:\Users\Dean\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Hi-Rez Studios) C:\Spiele\HiRezGames\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(LOL Replay) C:\Program Files\Lol REPLAY\LOLReplay\LOLRecorder.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Woodtale Technology Inc.) C:\Program Files (x86)\iSafe\dup.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files\Lol REPLAY\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Dean\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ED0072A7-71EF-4A23-8E92-3472A0896703}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default
FF Homepage: about:blank
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Dean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\amazon-icon@giga.de [2014-02-14]
FF Extension: Avira Savings Advisor - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\ciuvo-extension@avira.de [2014-03-16]
FF Extension: Extension_Protected - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack [2014-01-27]
FF Extension: Adblock Plus - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-24]
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
Chrome:
=======
CHR HomePage: about:blank
CHR StartupUrls: "about:blank"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Docs) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16]
CHR Extension: (Google Drive) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Google-Suche) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (AdBlock) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-28]
CHR Extension: (Crazy Rider) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgcmpnnailedfapmafbigfifabfamcl [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx [2013-12-11]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 HiPatchService; C:\Spiele\HiRezGames\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118056 2014-04-23] (Elex do Brasil Participações Ltda)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-24] ()
==================== Drivers (Whitelisted) ====================
S3 a2djavs; C:\Windows\System32\Drivers\a2djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a2djusb_svc; C:\Windows\System32\Drivers\a2djusb.sys [98664 2012-12-18] (Native Instruments GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [232960 2014-04-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [43520 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [66048 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48128 2014-04-23] (Elex do Brasil Participações Ltda)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-29] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPU-Z; \??\C:\Users\Dean\AppData\Local\Temp\GPU-Z.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-30 21:44 - 2014-04-30 21:44 - 00000000 ____D () C:\Users\Dean\Desktop\FRST-OlderVersion
2014-04-30 21:42 - 2014-04-30 21:42 - 00023033 _____ () C:\ComboFix.txt
2014-04-30 21:26 - 2014-04-30 21:27 - 05197895 ____R (Swearware) C:\Users\Dean\Desktop\ComboFix.exe
2014-04-30 16:52 - 2014-04-30 16:53 - 00040932 _____ () C:\Users\Dean\Desktop\Addition.txt
2014-04-30 16:51 - 2014-04-30 21:45 - 00019330 _____ () C:\Users\Dean\Desktop\FRST.txt
2014-04-30 16:51 - 2014-04-30 21:45 - 00000000 ____D () C:\FRST
2014-04-30 16:50 - 2014-04-30 21:44 - 02061824 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2014-04-30 16:49 - 2014-04-30 16:49 - 00000470 _____ () C:\Users\Dean\Downloads\defogger_disable.log
2014-04-30 16:49 - 2014-04-30 16:49 - 00000000 _____ () C:\Users\Dean\defogger_reenable
2014-04-30 16:46 - 2014-04-30 16:46 - 00050477 _____ () C:\Users\Dean\Downloads\Defogger.exe
2014-04-30 16:21 - 2014-04-30 16:21 - 03249776 _____ (Security Stronghold ) C:\Users\Dean\Downloads\CleverIEHooker.BHORemovalTool.exe
2014-04-29 15:37 - 2014-04-29 15:37 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\eCyber
2014-04-29 15:36 - 2014-04-29 15:36 - 00001748 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\Windows\system32\log
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-04-29 15:36 - 2014-04-23 12:19 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-29 15:35 - 2014-04-30 21:18 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-04-29 15:35 - 2014-04-30 05:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-04-29 15:33 - 2014-04-29 15:33 - 11825832 _____ (Elex do Brasil Participações Ltda) C:\Users\Dean\Downloads\yet_another_cleaner_sk.exe
2014-04-28 00:16 - 2014-04-28 00:16 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-04-27 16:04 - 2014-04-29 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieUserList
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieSiteList
2014-04-27 15:59 - 2014-04-27 16:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Dean\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-27 13:14 - 2014-04-27 13:14 - 00000000 _____ () C:\autoexec.bat
2014-04-27 13:13 - 2014-04-27 13:13 - 00002260 _____ () C:\Users\Dean\Desktop\SpyHunter.lnk
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\sh4ldr
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-04-27 16:03 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-27 13:12 - 2014-04-27 13:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dean\Downloads\SpyHunter-Installer.exe
2014-04-27 00:26 - 2014-04-29 20:52 - 623114966 _____ () C:\Windows\MEMORY.DMP
2014-04-27 00:08 - 2014-04-28 15:28 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-27 00:07 - 2014-04-27 00:08 - 00000000 ____D () C:\wm
2014-04-27 00:07 - 2014-04-27 00:07 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (2).exe
2014-04-27 00:06 - 2014-04-27 00:06 - 00101888 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (1).exe
2014-04-25 17:17 - 2014-04-25 17:29 - 00000000 ____D () C:\Users\Dean\Desktop\Silvester
2014-04-24 04:56 - 2014-04-24 04:56 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 04:53 - 2014-04-24 04:53 - 00001032 _____ () C:\Users\Dean\Desktop\Curse.lnk
2014-04-24 04:53 - 2014-04-24 04:53 - 00001018 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-24 04:52 - 2014-04-24 11:50 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Client
2014-04-24 04:52 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse
2014-04-24 04:51 - 2014-04-24 04:51 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup.exe
2014-04-23 21:55 - 2014-04-26 01:53 - 00001027 _____ () C:\Users\Dean\Desktop\Starsky & Hutch.lnk
2014-04-23 21:55 - 2014-04-23 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSP
2014-04-23 21:52 - 2014-04-23 21:55 - 00000000 ____D () C:\Program Files\Starsky & Hutch
2014-04-23 00:51 - 2014-04-23 00:51 - 43672901 _____ () C:\Users\Dean\Downloads\Why I Love League of legends But Hate Playing It.mp4
2014-04-21 22:57 - 2014-04-21 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-21 22:39 - 2014-04-21 22:40 - 57415752 _____ (ppy Pty. Ltd.) C:\Users\Dean\Downloads\osu!install.exe
2014-04-20 03:02 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-20 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-20 03:02 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-20 03:02 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-20 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-20 03:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-20 03:02 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-20 03:02 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-20 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-20 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-20 03:02 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-20 03:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-20 03:02 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-20 03:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-20 03:02 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-20 03:02 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-20 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-20 03:02 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-20 03:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-20 03:02 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-20 03:02 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-20 03:02 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-20 03:02 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-20 03:02 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-20 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-20 03:02 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-20 03:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-20 03:02 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-20 03:02 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-20 03:02 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-20 03:02 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-20 03:02 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-20 03:02 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-20 03:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-20 03:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-20 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-20 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-20 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-20 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-20 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-20 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-20 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-20 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-20 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-20 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-20 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-20 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-20 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 00:29 - 2014-04-20 00:29 - 00008587 _____ () C:\Users\Dean\Desktop\PTT-20140419-WA0060.m4a
2014-04-19 11:09 - 2014-04-19 11:09 - 34931533 _____ () C:\Users\Dean\Downloads\Siv HD - JUKE CITY (欺詐師合輯).mp4
2014-04-16 02:22 - 2014-04-18 12:49 - 00000000 ____D () C:\Users\Dean\Desktop\Journal
2014-04-10 15:03 - 2014-04-10 15:03 - 01263104 _____ () C:\Users\Dean\Downloads\kuh-k.avi
2014-04-09 21:45 - 2014-04-09 21:46 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\PowerCinema
2014-04-09 13:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:52 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
==================== One Month Modified Files and Folders =======
2014-04-30 21:45 - 2014-04-30 16:51 - 00019330 _____ () C:\Users\Dean\Desktop\FRST.txt
2014-04-30 21:45 - 2014-04-30 16:51 - 00000000 ____D () C:\FRST
2014-04-30 21:45 - 2013-07-18 20:48 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Skype
2014-04-30 21:44 - 2014-04-30 21:44 - 00000000 ____D () C:\Users\Dean\Desktop\FRST-OlderVersion
2014-04-30 21:44 - 2014-04-30 16:50 - 02061824 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2014-04-30 21:42 - 2014-04-30 21:42 - 00023033 _____ () C:\ComboFix.txt
2014-04-30 21:42 - 2013-12-04 14:49 - 00000000 ____D () C:\Qoobox
2014-04-30 21:39 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-30 21:30 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:30 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:27 - 2014-04-30 21:26 - 05197895 ____R (Swearware) C:\Users\Dean\Desktop\ComboFix.exe
2014-04-30 21:26 - 2013-07-10 20:37 - 01860258 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 21:22 - 2013-07-16 20:45 - 00000000 ____D () C:\ProgramData\clear.fi
2014-04-30 21:20 - 2013-12-06 17:21 - 00060318 _____ () C:\Windows\setupact.log
2014-04-30 21:19 - 2013-10-12 03:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec6ed68beab57.job
2014-04-30 21:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 21:18 - 2014-04-29 15:35 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-04-30 17:31 - 2013-07-16 20:58 - 00000000 ____D () C:\Users\Dean\AppData\Local\PMB Files
2014-04-30 16:53 - 2014-04-30 16:52 - 00040932 _____ () C:\Users\Dean\Desktop\Addition.txt
2014-04-30 16:49 - 2014-04-30 16:49 - 00000470 _____ () C:\Users\Dean\Downloads\defogger_disable.log
2014-04-30 16:49 - 2014-04-30 16:49 - 00000000 _____ () C:\Users\Dean\defogger_reenable
2014-04-30 16:49 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean
2014-04-30 16:46 - 2014-04-30 16:46 - 00050477 _____ () C:\Users\Dean\Downloads\Defogger.exe
2014-04-30 16:21 - 2014-04-30 16:21 - 03249776 _____ (Security Stronghold ) C:\Users\Dean\Downloads\CleverIEHooker.BHORemovalTool.exe
2014-04-30 16:20 - 2013-11-21 00:09 - 00000000 ____D () C:\Users\Gast
2014-04-30 05:52 - 2014-04-29 15:35 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-04-29 21:03 - 2013-08-04 18:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-29 20:52 - 2014-04-27 00:26 - 623114966 _____ () C:\Windows\MEMORY.DMP
2014-04-29 17:11 - 2014-04-27 16:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 15:41 - 2013-12-15 11:42 - 00826792 _____ () C:\Windows\PFRO.log
2014-04-29 15:37 - 2014-04-29 15:37 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\eCyber
2014-04-29 15:36 - 2014-04-29 15:36 - 00001748 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\Windows\system32\log
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-04-29 15:33 - 2014-04-29 15:33 - 11825832 _____ (Elex do Brasil Participações Ltda) C:\Users\Dean\Downloads\yet_another_cleaner_sk.exe
2014-04-28 18:06 - 2013-12-25 00:52 - 00000000 ____D () C:\Users\Dean\AppData\Local\CrashDumps
2014-04-28 15:28 - 2014-04-27 00:08 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-28 00:16 - 2014-04-28 00:16 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-04-27 16:04 - 2013-12-04 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieUserList
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieSiteList
2014-04-27 16:03 - 2014-04-27 13:12 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-27 16:00 - 2014-04-27 15:59 - 00613200 _____ (Chip Digital GmbH) C:\Users\Dean\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-27 13:14 - 2014-04-27 13:14 - 00000000 _____ () C:\autoexec.bat
2014-04-27 13:13 - 2014-04-27 13:13 - 00002260 _____ () C:\Users\Dean\Desktop\SpyHunter.lnk
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\sh4ldr
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-04-27 13:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dean\Downloads\SpyHunter-Installer.exe
2014-04-27 05:49 - 2013-07-16 20:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-27 00:08 - 2014-04-27 00:07 - 00000000 ____D () C:\wm
2014-04-27 00:07 - 2014-04-27 00:07 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (2).exe
2014-04-27 00:06 - 2014-04-27 00:06 - 00101888 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (1).exe
2014-04-26 19:13 - 2013-07-16 20:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-26 01:53 - 2014-04-23 21:55 - 00001027 _____ () C:\Users\Dean\Desktop\Starsky & Hutch.lnk
2014-04-25 17:29 - 2014-04-25 17:17 - 00000000 ____D () C:\Users\Dean\Desktop\Silvester
2014-04-24 16:48 - 2013-11-23 22:09 - 00000000 ____D () C:\Users\Dean\AppData\Local\Akamai
2014-04-24 13:07 - 2013-09-29 20:28 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-24 11:50 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Client
2014-04-24 04:56 - 2014-04-24 04:56 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 04:53 - 2014-04-24 04:53 - 00001032 _____ () C:\Users\Dean\Desktop\Curse.lnk
2014-04-24 04:53 - 2014-04-24 04:53 - 00001018 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-24 04:53 - 2013-07-16 20:43 - 00000000 ___RD () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 04:52 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse
2014-04-24 04:51 - 2014-04-24 04:51 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup.exe
2014-04-23 21:55 - 2014-04-23 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSP
2014-04-23 21:55 - 2014-04-23 21:52 - 00000000 ____D () C:\Program Files\Starsky & Hutch
2014-04-23 12:19 - 2014-04-29 15:36 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-23 00:51 - 2014-04-23 00:51 - 43672901 _____ () C:\Users\Dean\Downloads\Why I Love League of legends But Hate Playing It.mp4
2014-04-21 22:57 - 2014-04-21 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-21 22:57 - 2013-11-02 01:59 - 00000000 ____D () C:\Spiele
2014-04-21 22:40 - 2014-04-21 22:39 - 57415752 _____ (ppy Pty. Ltd.) C:\Users\Dean\Downloads\osu!install.exe
2014-04-20 04:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 03:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 00:29 - 2014-04-20 00:29 - 00008587 _____ () C:\Users\Dean\Desktop\PTT-20140419-WA0060.m4a
2014-04-19 23:12 - 2013-12-07 16:30 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Dean.job
2014-04-19 19:11 - 2013-08-05 20:31 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\TS3Client
2014-04-19 11:09 - 2014-04-19 11:09 - 34931533 _____ () C:\Users\Dean\Downloads\Siv HD - JUKE CITY (欺詐師合輯).mp4
2014-04-18 12:49 - 2014-04-16 02:22 - 00000000 ____D () C:\Users\Dean\Desktop\Journal
2014-04-14 21:13 - 2014-01-27 20:42 - 00000000 ____D () C:\Users\Dean\Documents\GTA San Andreas User Files
2014-04-10 15:03 - 2014-04-10 15:03 - 01263104 _____ () C:\Users\Dean\Downloads\kuh-k.avi
2014-04-09 23:53 - 2013-12-04 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:50 - 2013-12-04 18:52 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 21:46 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\PowerCinema
2014-04-09 21:46 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean\AppData\Local\PowerCinema
2014-04-09 13:43 - 2013-12-07 16:30 - 00000000 ____D () C:\ProgramData\Norton
2014-04-08 15:59 - 2013-07-11 06:30 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 15:59 - 2013-07-11 06:30 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 15:59 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-30 02:01
==================== End Of Log ============================ --- --- ---
Mfg Dean |