Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bitcoin Virus, wincpu.exe stellt sich immer wieder her : Benutzer/appdata/local/temp/64 (https://www.trojaner-board.de/153268-bitcoin-virus-wincpu-exe-stellt-immer-her-benutzer-appdata-local-temp-64-a.html)

Dean19 30.04.2014 15:32
Bitcoin Virus, wincpu.exe stellt sich immer wieder her : Benutzer/appdata/local/temp/64
 
Also hallo erstmal :)

Wie ihr im Titel bereits seht hab ich mir nen Bitcoinminer virus eingefangen, zumindest laut Antivir. Irgendwas will auf ,,appdata/local/temp/64/wincpu" zugreifen.

In diesem Ordner hab ich dann auch schon die wincpu.exe gefunden die ja meine ich ein typischer Virus ist. Ich versuche die exe also zu löschen und mein Antivir sagt mir das etwas auf meinen Papierkorb zugreifen will. Das lass ich natürlich nicht zu, lösche die wincpu aus dem Papierkorb und der Virus ist deaktiviert glaube ich.

Beim Systemstart ist es aber wieder beim Alten. Die Virusmeldung ploppt auf und der Virus ist zurück im Ordner. Bei genaueren Infos einfach nachfragen ich hab auch schon das ein oder andere Virus oder Malwareprogramm benutzt.



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014 01
Ran by Dean (administrator) on DEAN-PC on 30-04-2014 16:51:59
Running from C:\Users\Dean\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Hi-Rez Studios) C:\Spiele\HiRezGames\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Akamai Technologies, Inc.) C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe
() C:\Users\Dean\AppData\Local\Temp\wm.exe
(LOL Replay) C:\Program Files\Lol REPLAY\LOLReplay\LOLRecorder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Curse, Inc) C:\Users\Dean\AppData\Roaming\Curse Client\Bin\Curse.exe
(Akamai Technologies, Inc.) C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Run: [wm] => C:\Users\Dean\AppData\Local\Temp\wm.exe [5890048 2014-04-28] () <===== ATTENTION
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files\Lol REPLAY\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Dean\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ED0072A7-71EF-4A23-8E92-3472A0896703}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default
FF Homepage: about:blank
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Dean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\amazon-icon@giga.de [2014-02-14]
FF Extension: Avira Savings Advisor - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\ciuvo-extension@avira.de [2014-03-16]
FF Extension: Extension_Protected - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack [2014-01-27]
FF Extension: Adblock Plus - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-24]
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi

Chrome:
=======
CHR HomePage: about:blank
CHR StartupUrls: "about:blank"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Docs) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16]
CHR Extension: (Google Drive) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Google-Suche) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (AdBlock) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-28]
CHR Extension: (Crazy Rider) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgcmpnnailedfapmafbigfifabfamcl [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx [2013-12-11]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 HiPatchService; C:\Spiele\HiRezGames\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118056 2014-04-23] (Elex do Brasil Participações Ltda)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-24] ()

==================== Drivers (Whitelisted) ====================

S3 a2djavs; C:\Windows\System32\Drivers\a2djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a2djusb_svc; C:\Windows\System32\Drivers\a2djusb.sys [98664 2012-12-18] (Native Instruments GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [232960 2014-04-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [43520 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [66048 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48128 2014-04-23] (Elex do Brasil Participações Ltda)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-29] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPU-Z; \??\C:\Users\Dean\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-30 16:51 - 2014-04-30 16:52 - 00020208 _____ () C:\Users\Dean\Desktop\FRST.txt
2014-04-30 16:51 - 2014-04-30 16:51 - 00000000 ____D () C:\FRST
2014-04-30 16:50 - 2014-04-30 16:50 - 02060800 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2014-04-30 16:49 - 2014-04-30 16:49 - 00000470 _____ () C:\Users\Dean\Downloads\defogger_disable.log
2014-04-30 16:49 - 2014-04-30 16:49 - 00000000 _____ () C:\Users\Dean\defogger_reenable
2014-04-30 16:46 - 2014-04-30 16:46 - 00050477 _____ () C:\Users\Dean\Downloads\Defogger.exe
2014-04-30 16:21 - 2014-04-30 16:21 - 03249776 _____ (Security Stronghold ) C:\Users\Dean\Downloads\CleverIEHooker.BHORemovalTool.exe
2014-04-29 15:37 - 2014-04-29 15:37 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\eCyber
2014-04-29 15:36 - 2014-04-29 15:36 - 00001748 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\Windows\system32\log
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-04-29 15:36 - 2014-04-23 12:19 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-29 15:35 - 2014-04-30 16:10 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-04-29 15:35 - 2014-04-30 05:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-04-29 15:33 - 2014-04-29 15:33 - 11825832 _____ (Elex do Brasil Participações Ltda) C:\Users\Dean\Downloads\yet_another_cleaner_sk.exe
2014-04-28 00:16 - 2014-04-28 00:16 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-04-27 16:04 - 2014-04-29 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieUserList
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieSiteList
2014-04-27 15:59 - 2014-04-27 16:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Dean\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-27 13:14 - 2014-04-27 13:14 - 00000000 _____ () C:\autoexec.bat
2014-04-27 13:13 - 2014-04-27 13:13 - 00002260 _____ () C:\Users\Dean\Desktop\SpyHunter.lnk
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\sh4ldr
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-04-27 16:03 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-27 13:12 - 2014-04-27 13:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dean\Downloads\SpyHunter-Installer.exe
2014-04-27 00:26 - 2014-04-29 20:52 - 623114966 _____ () C:\Windows\MEMORY.DMP
2014-04-27 00:08 - 2014-04-28 15:28 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-27 00:07 - 2014-04-27 00:08 - 00000000 ____D () C:\wm
2014-04-27 00:07 - 2014-04-27 00:07 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (2).exe
2014-04-27 00:06 - 2014-04-27 00:06 - 00101888 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (1).exe
2014-04-25 17:17 - 2014-04-25 17:29 - 00000000 ____D () C:\Users\Dean\Desktop\Silvester
2014-04-24 04:56 - 2014-04-24 04:56 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 04:53 - 2014-04-24 04:53 - 00001032 _____ () C:\Users\Dean\Desktop\Curse.lnk
2014-04-24 04:53 - 2014-04-24 04:53 - 00001018 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-24 04:52 - 2014-04-24 11:50 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Client
2014-04-24 04:52 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse
2014-04-24 04:51 - 2014-04-24 04:51 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup.exe
2014-04-23 21:55 - 2014-04-26 01:53 - 00001027 _____ () C:\Users\Dean\Desktop\Starsky & Hutch.lnk
2014-04-23 21:55 - 2014-04-23 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSP
2014-04-23 21:52 - 2014-04-23 21:55 - 00000000 ____D () C:\Program Files\Starsky & Hutch
2014-04-23 00:51 - 2014-04-23 00:51 - 43672901 _____ () C:\Users\Dean\Downloads\Why I Love League of legends But Hate Playing It.mp4
2014-04-21 22:57 - 2014-04-21 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-21 22:39 - 2014-04-21 22:40 - 57415752 _____ (ppy Pty. Ltd.) C:\Users\Dean\Downloads\osu!install.exe
2014-04-20 03:02 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-20 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-20 03:02 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-20 03:02 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-20 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-20 03:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-20 03:02 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-20 03:02 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-20 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-20 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-20 03:02 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-20 03:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-20 03:02 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-20 03:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-20 03:02 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-20 03:02 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-20 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-20 03:02 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-20 03:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-20 03:02 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-20 03:02 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-20 03:02 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-20 03:02 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-20 03:02 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-20 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-20 03:02 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-20 03:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-20 03:02 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-20 03:02 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-20 03:02 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-20 03:02 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-20 03:02 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-20 03:02 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-20 03:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-20 03:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-20 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-20 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-20 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-20 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-20 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-20 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-20 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-20 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-20 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-20 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-20 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-20 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-20 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 00:29 - 2014-04-20 00:29 - 00008587 _____ () C:\Users\Dean\Desktop\PTT-20140419-WA0060.m4a
2014-04-19 11:09 - 2014-04-19 11:09 - 34931533 _____ () C:\Users\Dean\Downloads\Siv HD - JUKE CITY (欺詐師合輯).mp4
2014-04-16 02:22 - 2014-04-18 12:49 - 00000000 ____D () C:\Users\Dean\Desktop\Journal
2014-04-10 15:03 - 2014-04-10 15:03 - 01263104 _____ () C:\Users\Dean\Downloads\kuh-k.avi
2014-04-09 21:45 - 2014-04-09 21:46 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\PowerCinema
2014-04-09 13:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:52 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-04-30 16:52 - 2014-04-30 16:51 - 00020208 _____ () C:\Users\Dean\Desktop\FRST.txt
2014-04-30 16:51 - 2014-04-30 16:51 - 00000000 ____D () C:\FRST
2014-04-30 16:51 - 2013-07-18 20:48 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Skype
2014-04-30 16:50 - 2014-04-30 16:50 - 02060800 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2014-04-30 16:49 - 2014-04-30 16:49 - 00000470 _____ () C:\Users\Dean\Downloads\defogger_disable.log
2014-04-30 16:49 - 2014-04-30 16:49 - 00000000 _____ () C:\Users\Dean\defogger_reenable
2014-04-30 16:49 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean
2014-04-30 16:46 - 2014-04-30 16:46 - 00050477 _____ () C:\Users\Dean\Downloads\Defogger.exe
2014-04-30 16:33 - 2013-07-10 20:37 - 01852213 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 16:21 - 2014-04-30 16:21 - 03249776 _____ (Security Stronghold ) C:\Users\Dean\Downloads\CleverIEHooker.BHORemovalTool.exe
2014-04-30 16:21 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 16:21 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 16:20 - 2013-11-21 00:09 - 00000000 ____D () C:\Users\Gast
2014-04-30 16:13 - 2013-07-16 20:45 - 00000000 ____D () C:\ProgramData\clear.fi
2014-04-30 16:11 - 2013-12-06 17:21 - 00060094 _____ () C:\Windows\setupact.log
2014-04-30 16:11 - 2013-10-12 03:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec6ed68beab57.job
2014-04-30 16:10 - 2014-04-29 15:35 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-04-30 16:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 05:52 - 2014-04-29 15:35 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-04-29 22:27 - 2013-07-16 20:58 - 00000000 ____D () C:\Users\Dean\AppData\Local\PMB Files
2014-04-29 21:03 - 2013-08-04 18:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-29 20:52 - 2014-04-27 00:26 - 623114966 _____ () C:\Windows\MEMORY.DMP
2014-04-29 17:11 - 2014-04-27 16:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 15:41 - 2013-12-15 11:42 - 00826792 _____ () C:\Windows\PFRO.log
2014-04-29 15:37 - 2014-04-29 15:37 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\eCyber
2014-04-29 15:36 - 2014-04-29 15:36 - 00001748 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\Windows\system32\log
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-04-29 15:33 - 2014-04-29 15:33 - 11825832 _____ (Elex do Brasil Participações Ltda) C:\Users\Dean\Downloads\yet_another_cleaner_sk.exe
2014-04-28 18:06 - 2013-12-25 00:52 - 00000000 ____D () C:\Users\Dean\AppData\Local\CrashDumps
2014-04-28 15:28 - 2014-04-27 00:08 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-28 00:16 - 2014-04-28 00:16 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-04-27 16:04 - 2013-12-04 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieUserList
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieSiteList
2014-04-27 16:03 - 2014-04-27 13:12 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-27 16:00 - 2014-04-27 15:59 - 00613200 _____ (Chip Digital GmbH) C:\Users\Dean\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-27 13:14 - 2014-04-27 13:14 - 00000000 _____ () C:\autoexec.bat
2014-04-27 13:13 - 2014-04-27 13:13 - 00002260 _____ () C:\Users\Dean\Desktop\SpyHunter.lnk
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\sh4ldr
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-04-27 13:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dean\Downloads\SpyHunter-Installer.exe
2014-04-27 05:49 - 2013-07-16 20:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-27 00:08 - 2014-04-27 00:07 - 00000000 ____D () C:\wm
2014-04-27 00:07 - 2014-04-27 00:07 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (2).exe
2014-04-27 00:06 - 2014-04-27 00:06 - 00101888 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (1).exe
2014-04-26 19:13 - 2013-07-16 20:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-26 01:53 - 2014-04-23 21:55 - 00001027 _____ () C:\Users\Dean\Desktop\Starsky & Hutch.lnk
2014-04-25 17:29 - 2014-04-25 17:17 - 00000000 ____D () C:\Users\Dean\Desktop\Silvester
2014-04-24 16:48 - 2013-11-23 22:09 - 00000000 ____D () C:\Users\Dean\AppData\Local\Akamai
2014-04-24 13:07 - 2013-09-29 20:28 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-24 11:50 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Client
2014-04-24 04:56 - 2014-04-24 04:56 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 04:53 - 2014-04-24 04:53 - 00001032 _____ () C:\Users\Dean\Desktop\Curse.lnk
2014-04-24 04:53 - 2014-04-24 04:53 - 00001018 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-24 04:53 - 2013-07-16 20:43 - 00000000 ___RD () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 04:52 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse
2014-04-24 04:51 - 2014-04-24 04:51 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup.exe
2014-04-23 21:55 - 2014-04-23 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSP
2014-04-23 21:55 - 2014-04-23 21:52 - 00000000 ____D () C:\Program Files\Starsky & Hutch
2014-04-23 12:19 - 2014-04-29 15:36 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-23 00:51 - 2014-04-23 00:51 - 43672901 _____ () C:\Users\Dean\Downloads\Why I Love League of legends But Hate Playing It.mp4
2014-04-21 22:57 - 2014-04-21 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-21 22:57 - 2013-11-02 01:59 - 00000000 ____D () C:\Spiele
2014-04-21 22:40 - 2014-04-21 22:39 - 57415752 _____ (ppy Pty. Ltd.) C:\Users\Dean\Downloads\osu!install.exe
2014-04-20 04:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 03:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 00:29 - 2014-04-20 00:29 - 00008587 _____ () C:\Users\Dean\Desktop\PTT-20140419-WA0060.m4a
2014-04-19 23:12 - 2013-12-07 16:30 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Dean.job
2014-04-19 19:11 - 2013-08-05 20:31 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\TS3Client
2014-04-19 11:09 - 2014-04-19 11:09 - 34931533 _____ () C:\Users\Dean\Downloads\Siv HD - JUKE CITY (欺詐師合輯).mp4
2014-04-18 12:49 - 2014-04-16 02:22 - 00000000 ____D () C:\Users\Dean\Desktop\Journal
2014-04-14 21:13 - 2014-01-27 20:42 - 00000000 ____D () C:\Users\Dean\Documents\GTA San Andreas User Files
2014-04-10 15:03 - 2014-04-10 15:03 - 01263104 _____ () C:\Users\Dean\Downloads\kuh-k.avi
2014-04-09 23:53 - 2013-12-04 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:50 - 2013-12-04 18:52 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 21:46 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\PowerCinema
2014-04-09 21:46 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean\AppData\Local\PowerCinema
2014-04-09 13:43 - 2013-12-07 16:30 - 00000000 ____D () C:\ProgramData\Norton
2014-04-08 15:59 - 2013-07-11 06:30 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 15:59 - 2013-07-11 06:30 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 15:59 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Dean\AppData\Local\Temp\wm.exe


Some content of TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Dean\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Dean\AppData\Local\Temp\avgnt.exe
C:\Users\Dean\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Dean\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Dean\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Dean\AppData\Local\Temp\Quarantine.exe
C:\Users\Dean\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Dean\AppData\Local\Temp\sdapskill.exe
C:\Users\Dean\AppData\Local\Temp\sdaspwn.exe
C:\Users\Dean\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Dean\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Dean\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Dean\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Dean\AppData\Local\Temp\sfamcc00003.dll
C:\Users\Dean\AppData\Local\Temp\sfareca00002.dll
C:\Users\Dean\AppData\Local\Temp\sfareca00003.dll
C:\Users\Dean\AppData\Local\Temp\SHSetup.exe
C:\Users\Dean\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dean\AppData\Local\Temp\wm.exe
C:\Users\Dean\AppData\Local\Temp\wmupdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-30 02:01

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2014 01
Ran by Dean at 2014-04-30 16:52:37
Running from C:\Users\Dean\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0519.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Cobra 11 - Nitro (HKLM-x32\...\InstallShield_{29F0D899-9614-4EB3-92A8-C9117FE9E405}) (Version: 1.0.0 - Synetic)
Cobra 11 - Nitro (x32 Version: 1.0.0 - Synetic) Hidden
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DS3 Tool 1.0005 Windows (HKLM-x32\...\{C029726A-CCBF-46D8-893A-E62105DB9803}_is1) (Version: 1.0005 - MotionInJoy.)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.19.1219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.3.0 - Greenfoot Team)
Hamachi 1.0.1.5 (HKLM-x32\...\Hamachi) (Version:  - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version:  - Free Lunch Design)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.5.2 - www.leaguereplays.com)
LuPO 1.0.2.45 (HKLM-x32\...\LuPO_is1) (Version:  - Ministerium für Schule, Wissenschaft und Forschung NRW)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 24.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 2 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments)
Native Instruments Controller Editor (Version: 1.6.2.1863 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Service Center (Version: 2.5.2.1549 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.7.337 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.7.337 - Native Instruments) Hidden
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 (HKLM-x32\...\Native Instruments Traktor Kontrol X1) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.24 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.10.5 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.12 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Serious Sam 2 (HKLM-x32\...\SeriousSam2) (Version:  - )
SHIELD Streaming (Version: 1.6.75 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Starsky & Hutch (HKLM-x32\...\{A12BBE50-840D-4BD0-89D8-585F7C6AA7B4}_is1) (Version: 1.0 - US - ACTION, s.r.o.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sumotori Full Version (HKLM-x32\...\Sumotori Full Version) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XSplit (HKLM-x32\...\{DAA18A0D-A57C-4611-B135-46EA06990E7D}) (Version: 1.2.1303.0101 - SplitMediaLabs)
Yet Another Cleaner! (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

25-04-2014 09:53:26 Windows Update
27-04-2014 11:12:53 Installed SpyHunter
27-04-2014 14:01:58 Removed SpyHunter
27-04-2014 18:54:18 Removed SpyHunter
29-04-2014 13:37:00 Windows Update
29-04-2014 19:06:51 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0608EFD1-EF84-47AF-B572-6843584F5878} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {0880F1FA-8075-411C-8BC0-EDC94042D9DA} - System32\Tasks\{B98E199F-1C8E-424F-A6D6-205DC0DAC43E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsMain
Task: {16A68260-8E26-48C0-AD14-9B6CF8F1BD95} - System32\Tasks\Norton Security Scan for Dean => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.24\Nss.exe [2013-08-19] (Symantec Corporation)
Task: {4215FDED-2212-4D70-8899-9A8BB6177550} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {519730AC-27C6-4D50-8F5C-61DC1B3EF17C} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {51C7CC0C-2D7F-4054-8614-C0527C3F8BA5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {63C8ACF0-0AFB-4E69-8220-4E1C1F457526} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe
Task: {7A4064E8-69A0-4054-99A3-D184F6E1D916} - System32\Tasks\GoogleUpdateTaskMachineCore1cec6ed68beab57 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16] (Google Inc.)
Task: {8458B208-CD5B-42A3-97B2-D86B6EBA5002} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {8AD0BB1C-D30D-4735-B7F2-7EE295DF29B3} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {922B235E-90DB-4AF1-B9C7-F0AAEA919DF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16] (Google Inc.)
Task: {9E04C019-BB7F-469C-A740-67915D89C0F3} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe
Task: {A27A0BFC-4074-40C9-B343-D128BAC3D5D0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {A44B7815-246C-4634-B7E4-CD00DAE1C336} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {D4C1C0BB-D4C2-4CBC-B8F9-911B1E958F20} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {ECD0DA4D-D90D-4A40-89D5-BF3AAC8711DF} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {F7135EA5-B978-402C-92B3-6CB485BB5766} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)
Task: {FC42D534-5F39-448D-A525-41291A0919F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec6ed68beab57.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Dean.job => C:\PROGRA~2\NORTON~2\Engine\403~1.24\Nss.exe

==================== Loaded Modules (whitelisted) =============

2013-12-15 12:27 - 2013-11-11 17:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-11-24 11:33 - 2013-11-24 11:57 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-04-28 15:27 - 2014-04-28 15:28 - 05890048 _____ () C:\Users\Dean\AppData\Local\Temp\wm.exe
2014-04-29 15:36 - 2014-04-23 12:19 - 00065704 _____ () C:\Program Files (x86)\iSafe\zlib1.dll
2014-04-29 15:36 - 2014-04-23 12:17 - 00092328 _____ () C:\Program Files (x86)\iSafe\curlpp.dll
2014-04-29 15:36 - 2014-04-21 10:22 - 00176976 _____ () C:\Program Files (x86)\iSafe\tws\unrar.dll
2014-04-29 15:36 - 2014-04-21 10:22 - 00068432 _____ () C:\Program Files (x86)\iSafe\tws\zlib1.dll
2014-04-29 15:36 - 2014-04-21 10:22 - 00087744 _____ () C:\Program Files (x86)\iSafe\tws\unacev2.dll
2014-03-16 01:03 - 2014-02-25 12:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-29 15:36 - 2014-04-23 12:19 - 00185000 _____ () C:\Program Files (x86)\iSafe\libpng.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-12-11 06:22 - 2013-12-11 06:22 - 00378368 _____ () C:\Program Files\Lol REPLAY\LOLReplay\LOLUtils.dll
2013-12-13 08:12 - 2013-12-13 08:12 - 00307712 _____ () C:\Users\Dean\AppData\Roaming\Curse Client\Bin\opus.dll
2014-03-10 13:55 - 2014-03-10 13:55 - 00343040 _____ () C:\Users\Dean\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2014-04-27 05:49 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-27 05:49 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-27 05:49 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-27 05:49 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-27 05:49 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-27 05:49 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-27 05:49 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TurboBoost => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2014 04:12:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 04:04:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 04:02:15 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/30/2014 03:49:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 08:55:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 04:57:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 04:54:18 PM) (Source: iSafeService) (User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063

Error: (04/29/2014 04:54:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 04:49:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 04:19:49 PM) (Source: iSafeService) (User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063


System errors:
=============
Error: (04/30/2014 03:54:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/30/2014 05:55:01 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/29/2014 09:01:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/29/2014 08:53:36 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa800bea94e0, 0xfffff8800fe1a2bc, 0xffffffffc000009a, 0x0000000000000004)C:\Windows\MEMORY.DMP042914-43758-01

Error: (04/29/2014 08:53:17 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎29.‎04.‎2014 um 20:51:06 unerwartet heruntergefahren.

Error: (04/29/2014 04:53:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/29/2014 04:53:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/29/2014 04:53:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/29/2014 04:53:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/29/2014 04:53:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/30/2014 04:12:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 04:04:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 04:02:15 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/30/2014 03:49:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 08:55:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 04:57:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 04:54:18 PM) (Source: iSafeService)(User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063

Error: (04/29/2014 04:54:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 04:49:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 04:19:49 PM) (Source: iSafeService)(User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063


==================== Memory info ===========================

Percentage of memory in use: 70%
Total physical RAM: 3947.86 MB
Available physical RAM: 1184.32 MB
Total Pagefile: 11989.9 MB
Available Pagefile: 8757.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:222.73 GB) (Free:67.33 GB) NTFS
Drive d: (DATA) (Fixed) (Total:223.4 GB) (Free:98.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B9142EAD)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---


Mfg,
Dean

sunjojo 30.04.2014 19:17
Hallo Dean19, :hallo:

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:
Regeln zum Ablauf der Bereinigung
  • Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
  • Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
    • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
  • Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).
  • Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.
  • Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
    • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.
Hinweis
  • Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus. :)



Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • Combofix.txt
  • FRST.txt

Dean19 30.04.2014 20:46
Hallo hier sind die geforderten Logs :

[CODE]
Combofix Logfile:
Code:
ComboFix 14-04-30.01 - Dean 30.04.2014  21:29:42.3.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3948.2199 [GMT 2:00]
ausgeführt von:: c:\users\Dean\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-28 bis 2014-04-30  ))))))))))))))))))))))))))))))
.
.
2014-04-30 19:39 . 2014-04-30 19:39        --------        d-----w-        c:\users\Public\AppData\Local\temp
2014-04-30 19:39 . 2014-04-30 19:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-30 19:39 . 2014-04-30 19:39        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2014-04-30 14:51 . 2014-04-30 14:53        --------        d-----w-        C:\FRST
2014-04-29 15:10 . 2014-04-30 19:30        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AACB9B-8019-41ED-A389-DD66A0E728EA}\offreg.dll
2014-04-29 13:40 . 2014-04-17 03:31        10651704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AACB9B-8019-41ED-A389-DD66A0E728EA}\mpengine.dll
2014-04-29 13:37 . 2014-04-29 13:37        --------        d-----w-        c:\users\Dean\AppData\Roaming\eCyber
2014-04-29 13:36 . 2014-04-23 10:19        43520        ----a-w-        c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-04-29 13:36 . 2014-04-29 13:36        --------        d-----w-        c:\windows\system32\log
2014-04-29 13:35 . 2014-04-30 19:18        --------        d-----w-        c:\program files (x86)\iSafe
2014-04-29 13:35 . 2014-04-30 03:52        --------        d-----w-        c:\users\Dean\AppData\Roaming\iSafe
2014-04-27 22:16 . 2014-04-27 22:16        --------        d-----w-        c:\windows\system32\%LOCALAPPDATA%
2014-04-27 14:04 . 2014-04-29 15:11        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-27 14:03 . 2014-04-27 14:03        --------        d-sh--w-        c:\users\Dean\AppData\Local\EmieUserList
2014-04-27 14:03 . 2014-04-27 14:03        --------        d-sh--w-        c:\users\Dean\AppData\Local\EmieSiteList
2014-04-27 11:13 . 2014-04-27 11:13        110080        ----a-r-        c:\users\Dean\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-04-27 11:13 . 2014-04-27 11:13        110080        ----a-r-        c:\users\Dean\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-04-27 11:13 . 2014-04-27 11:13        110080        ----a-r-        c:\users\Dean\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-04-27 11:13 . 2014-04-27 11:13        --------        d-----w-        C:\sh4ldr
2014-04-27 11:13 . 2014-04-27 11:13        --------        d-----w-        c:\program files\Enigma Software Group
2014-04-27 11:12 . 2014-04-27 14:03        --------        d-----w-        c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-26 22:08 . 2014-04-28 13:28        --------        d-----w-        c:\users\Dean\AppData\Local\WM
2014-04-26 22:07 . 2014-04-26 22:08        --------        d-----w-        C:\wm
2014-04-24 02:56 . 2014-04-24 02:56        --------        d-----w-        c:\users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 02:52 . 2014-04-24 09:50        --------        d-----w-        c:\users\Dean\AppData\Roaming\Curse Client
2014-04-24 02:52 . 2014-04-24 02:52        --------        d-----w-        c:\users\Dean\AppData\Roaming\Curse
2014-04-23 19:52 . 2014-04-23 19:55        --------        d-----w-        c:\program files\Starsky & Hutch
2014-04-20 01:01 . 2014-03-06 08:53        2767360        ----a-w-        c:\windows\system32\iertutil.dll
2014-04-09 19:45 . 2014-04-09 19:46        --------        d-----w-        c:\users\Dean\AppData\Roaming\PowerCinema
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 21:50 . 2013-12-04 16:52        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-16 12:48 . 2014-03-16 12:48        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-03-04 09:17 . 2014-04-09 11:52        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-02-25 10:41 . 2014-03-15 23:03        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2014-02-25 10:41 . 2014-03-15 23:03        131576        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-02-25 10:41 . 2014-03-15 23:03        108440        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-02-07 01:23 . 2014-03-13 15:14        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 15:13        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 15:13        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 15:13        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 15:13        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2013-09-24 09:14 . 2013-09-29 19:16        179200        ----a-w-        c:\program files\SpeedAutoClicker.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}]
2013-12-11 15:49        184400        ----a-w-        c:\program files (x86)\Avira\Internet Explorer\avira32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Dean\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Curse.lnk - c:\users\Dean\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2014-4-23 8510216]
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\Lol REPLAY\LOLReplay\LOLRecorder.exe -minimize [2013-12-11 526848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" -autostart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 a2djavs;Audio 2 DJ WDM Audio;c:\windows\system32\Drivers\a2djavs.sys;c:\windows\SYSNATIVE\Drivers\a2djavs.sys [x]
R3 a2djusb_svc;Audio 2 DJ;c:\windows\system32\Drivers\a2djusb.sys;c:\windows\SYSNATIVE\Drivers\a2djusb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Dean\AppData\Local\Temp\GPU-Z.sys;c:\users\Dean\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys;c:\windows\SYSNATIVE\Drivers\kx1avs.sys [x]
R3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys;c:\windows\SYSNATIVE\Drivers\kx1usb.sys [x]
R3 kz1avs;Traktor Kontrol Z1 WDM Audio;c:\windows\system32\Drivers\kz1avs.sys;c:\windows\SYSNATIVE\Drivers\kz1avs.sys [x]
R3 kz1usb_svc;Traktor Kontrol Z1;c:\windows\system32\Drivers\kz1usb.sys;c:\windows\SYSNATIVE\Drivers\kz1usb.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\iSafe\iSafeKrnlKit.sys;c:\program files (x86)\iSafe\iSafeKrnlKit.sys [x]
S1 iSafeNetFilter;iSafeNetFilter;c:\program files (x86)\iSafe\iSafeNetFilter.sys;c:\program files (x86)\iSafe\iSafeNetFilter.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\spiele\HiRezGames\HiPatchService.exe;c:\spiele\HiRezGames\HiPatchService.exe [x]
S2 iSafeService;iSafeService;c:\program files (x86)\iSafe\iSafeSvc.exe;c:\program files (x86)\iSafe\iSafeSvc.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iSafeKrnl;iSafeKrnl;c:\program files (x86)\iSafe\iSafeKrnl.sys;c:\program files (x86)\iSafe\iSafeKrnl.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-27 03:46        1078088        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-28 08:16]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cec6ed68beab57.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 18:51]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 18:51]
.
2014-04-19 c:\windows\Tasks\Norton Security Scan for Dean.job
- c:\progra~2\NORTON~2\Engine\403~1.24\Nss.exe [2013-12-07 06:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{ED0072A7-71EF-4A23-8E92-3472A0896703}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: !HIDDEN! 1970-01-17 03:20; jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack; c:\users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Project 64_is1 - c:\program files (x86)\Project64 2.1\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{C029726A-CCBF-46D8-893A-E62105DB9803}_is1 - c:\program files (x86)\MotionInJoy\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-30  21:42:13
ComboFix-quarantined-files.txt  2014-04-30 19:42
ComboFix2.txt  2013-12-06 11:08
.
Vor Suchlauf: 27 Verzeichnis(se), 71.227.424.768 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 71.825.747.968 Bytes frei
.
- - End Of File - - E7C3ADCDA0F3230890FA4853FC93525B
--- --- ---



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014 03
Ran by Dean (administrator) on DEAN-PC on 30-04-2014 21:45:07
Running from C:\Users\Dean\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Hi-Rez Studios) C:\Spiele\HiRezGames\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(LOL Replay) C:\Program Files\Lol REPLAY\LOLReplay\LOLRecorder.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Woodtale Technology Inc.) C:\Program Files (x86)\iSafe\dup.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files\Lol REPLAY\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Dean\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ED0072A7-71EF-4A23-8E92-3472A0896703}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default
FF Homepage: about:blank
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Dean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\amazon-icon@giga.de [2014-02-14]
FF Extension: Avira Savings Advisor - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\ciuvo-extension@avira.de [2014-03-16]
FF Extension: Extension_Protected - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack [2014-01-27]
FF Extension: Adblock Plus - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-24]
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi

Chrome:
=======
CHR HomePage: about:blank
CHR StartupUrls: "about:blank"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Docs) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16]
CHR Extension: (Google Drive) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Google-Suche) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (AdBlock) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-28]
CHR Extension: (Crazy Rider) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgcmpnnailedfapmafbigfifabfamcl [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx [2013-12-11]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 HiPatchService; C:\Spiele\HiRezGames\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118056 2014-04-23] (Elex do Brasil Participações Ltda)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-24] ()

==================== Drivers (Whitelisted) ====================

S3 a2djavs; C:\Windows\System32\Drivers\a2djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a2djusb_svc; C:\Windows\System32\Drivers\a2djusb.sys [98664 2012-12-18] (Native Instruments GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [232960 2014-04-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [43520 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [66048 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48128 2014-04-23] (Elex do Brasil Participações Ltda)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-29] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPU-Z; \??\C:\Users\Dean\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-30 21:44 - 2014-04-30 21:44 - 00000000 ____D () C:\Users\Dean\Desktop\FRST-OlderVersion
2014-04-30 21:42 - 2014-04-30 21:42 - 00023033 _____ () C:\ComboFix.txt
2014-04-30 21:26 - 2014-04-30 21:27 - 05197895 ____R (Swearware) C:\Users\Dean\Desktop\ComboFix.exe
2014-04-30 16:52 - 2014-04-30 16:53 - 00040932 _____ () C:\Users\Dean\Desktop\Addition.txt
2014-04-30 16:51 - 2014-04-30 21:45 - 00019330 _____ () C:\Users\Dean\Desktop\FRST.txt
2014-04-30 16:51 - 2014-04-30 21:45 - 00000000 ____D () C:\FRST
2014-04-30 16:50 - 2014-04-30 21:44 - 02061824 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2014-04-30 16:49 - 2014-04-30 16:49 - 00000470 _____ () C:\Users\Dean\Downloads\defogger_disable.log
2014-04-30 16:49 - 2014-04-30 16:49 - 00000000 _____ () C:\Users\Dean\defogger_reenable
2014-04-30 16:46 - 2014-04-30 16:46 - 00050477 _____ () C:\Users\Dean\Downloads\Defogger.exe
2014-04-30 16:21 - 2014-04-30 16:21 - 03249776 _____ (Security Stronghold ) C:\Users\Dean\Downloads\CleverIEHooker.BHORemovalTool.exe
2014-04-29 15:37 - 2014-04-29 15:37 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\eCyber
2014-04-29 15:36 - 2014-04-29 15:36 - 00001748 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\Windows\system32\log
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-04-29 15:36 - 2014-04-23 12:19 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-29 15:35 - 2014-04-30 21:18 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-04-29 15:35 - 2014-04-30 05:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-04-29 15:33 - 2014-04-29 15:33 - 11825832 _____ (Elex do Brasil Participações Ltda) C:\Users\Dean\Downloads\yet_another_cleaner_sk.exe
2014-04-28 00:16 - 2014-04-28 00:16 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-04-27 16:04 - 2014-04-29 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieUserList
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieSiteList
2014-04-27 15:59 - 2014-04-27 16:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Dean\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-27 13:14 - 2014-04-27 13:14 - 00000000 _____ () C:\autoexec.bat
2014-04-27 13:13 - 2014-04-27 13:13 - 00002260 _____ () C:\Users\Dean\Desktop\SpyHunter.lnk
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\sh4ldr
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-04-27 16:03 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-27 13:12 - 2014-04-27 13:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dean\Downloads\SpyHunter-Installer.exe
2014-04-27 00:26 - 2014-04-29 20:52 - 623114966 _____ () C:\Windows\MEMORY.DMP
2014-04-27 00:08 - 2014-04-28 15:28 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-27 00:07 - 2014-04-27 00:08 - 00000000 ____D () C:\wm
2014-04-27 00:07 - 2014-04-27 00:07 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (2).exe
2014-04-27 00:06 - 2014-04-27 00:06 - 00101888 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (1).exe
2014-04-25 17:17 - 2014-04-25 17:29 - 00000000 ____D () C:\Users\Dean\Desktop\Silvester
2014-04-24 04:56 - 2014-04-24 04:56 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 04:53 - 2014-04-24 04:53 - 00001032 _____ () C:\Users\Dean\Desktop\Curse.lnk
2014-04-24 04:53 - 2014-04-24 04:53 - 00001018 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-24 04:52 - 2014-04-24 11:50 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Client
2014-04-24 04:52 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse
2014-04-24 04:51 - 2014-04-24 04:51 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup.exe
2014-04-23 21:55 - 2014-04-26 01:53 - 00001027 _____ () C:\Users\Dean\Desktop\Starsky & Hutch.lnk
2014-04-23 21:55 - 2014-04-23 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSP
2014-04-23 21:52 - 2014-04-23 21:55 - 00000000 ____D () C:\Program Files\Starsky & Hutch
2014-04-23 00:51 - 2014-04-23 00:51 - 43672901 _____ () C:\Users\Dean\Downloads\Why I Love League of legends But Hate Playing It.mp4
2014-04-21 22:57 - 2014-04-21 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-21 22:39 - 2014-04-21 22:40 - 57415752 _____ (ppy Pty. Ltd.) C:\Users\Dean\Downloads\osu!install.exe
2014-04-20 03:02 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-20 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-20 03:02 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-20 03:02 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-20 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-20 03:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-20 03:02 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-20 03:02 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-20 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-20 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-20 03:02 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-20 03:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-20 03:02 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-20 03:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-20 03:02 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-20 03:02 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-20 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-20 03:02 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-20 03:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-20 03:02 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-20 03:02 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-20 03:02 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-20 03:02 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-20 03:02 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-20 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-20 03:02 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-20 03:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-20 03:02 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-20 03:02 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-20 03:02 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-20 03:02 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-20 03:02 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-20 03:02 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-20 03:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-20 03:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-20 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-20 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-20 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-20 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-20 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-20 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-20 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-20 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-20 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-20 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-20 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-20 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-20 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 00:29 - 2014-04-20 00:29 - 00008587 _____ () C:\Users\Dean\Desktop\PTT-20140419-WA0060.m4a
2014-04-19 11:09 - 2014-04-19 11:09 - 34931533 _____ () C:\Users\Dean\Downloads\Siv HD - JUKE CITY (欺詐師合輯).mp4
2014-04-16 02:22 - 2014-04-18 12:49 - 00000000 ____D () C:\Users\Dean\Desktop\Journal
2014-04-10 15:03 - 2014-04-10 15:03 - 01263104 _____ () C:\Users\Dean\Downloads\kuh-k.avi
2014-04-09 21:45 - 2014-04-09 21:46 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\PowerCinema
2014-04-09 13:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:52 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-04-30 21:45 - 2014-04-30 16:51 - 00019330 _____ () C:\Users\Dean\Desktop\FRST.txt
2014-04-30 21:45 - 2014-04-30 16:51 - 00000000 ____D () C:\FRST
2014-04-30 21:45 - 2013-07-18 20:48 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Skype
2014-04-30 21:44 - 2014-04-30 21:44 - 00000000 ____D () C:\Users\Dean\Desktop\FRST-OlderVersion
2014-04-30 21:44 - 2014-04-30 16:50 - 02061824 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2014-04-30 21:42 - 2014-04-30 21:42 - 00023033 _____ () C:\ComboFix.txt
2014-04-30 21:42 - 2013-12-04 14:49 - 00000000 ____D () C:\Qoobox
2014-04-30 21:39 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-30 21:30 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:30 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:27 - 2014-04-30 21:26 - 05197895 ____R (Swearware) C:\Users\Dean\Desktop\ComboFix.exe
2014-04-30 21:26 - 2013-07-10 20:37 - 01860258 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 21:22 - 2013-07-16 20:45 - 00000000 ____D () C:\ProgramData\clear.fi
2014-04-30 21:20 - 2013-12-06 17:21 - 00060318 _____ () C:\Windows\setupact.log
2014-04-30 21:19 - 2013-10-12 03:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec6ed68beab57.job
2014-04-30 21:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 21:18 - 2014-04-29 15:35 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-04-30 17:31 - 2013-07-16 20:58 - 00000000 ____D () C:\Users\Dean\AppData\Local\PMB Files
2014-04-30 16:53 - 2014-04-30 16:52 - 00040932 _____ () C:\Users\Dean\Desktop\Addition.txt
2014-04-30 16:49 - 2014-04-30 16:49 - 00000470 _____ () C:\Users\Dean\Downloads\defogger_disable.log
2014-04-30 16:49 - 2014-04-30 16:49 - 00000000 _____ () C:\Users\Dean\defogger_reenable
2014-04-30 16:49 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean
2014-04-30 16:46 - 2014-04-30 16:46 - 00050477 _____ () C:\Users\Dean\Downloads\Defogger.exe
2014-04-30 16:21 - 2014-04-30 16:21 - 03249776 _____ (Security Stronghold ) C:\Users\Dean\Downloads\CleverIEHooker.BHORemovalTool.exe
2014-04-30 16:20 - 2013-11-21 00:09 - 00000000 ____D () C:\Users\Gast
2014-04-30 05:52 - 2014-04-29 15:35 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-04-29 21:03 - 2013-08-04 18:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-29 20:52 - 2014-04-27 00:26 - 623114966 _____ () C:\Windows\MEMORY.DMP
2014-04-29 17:11 - 2014-04-27 16:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 15:41 - 2013-12-15 11:42 - 00826792 _____ () C:\Windows\PFRO.log
2014-04-29 15:37 - 2014-04-29 15:37 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\eCyber
2014-04-29 15:36 - 2014-04-29 15:36 - 00001748 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\Windows\system32\log
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-04-29 15:33 - 2014-04-29 15:33 - 11825832 _____ (Elex do Brasil Participações Ltda) C:\Users\Dean\Downloads\yet_another_cleaner_sk.exe
2014-04-28 18:06 - 2013-12-25 00:52 - 00000000 ____D () C:\Users\Dean\AppData\Local\CrashDumps
2014-04-28 15:28 - 2014-04-27 00:08 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-28 00:16 - 2014-04-28 00:16 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-04-27 16:04 - 2013-12-04 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieUserList
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieSiteList
2014-04-27 16:03 - 2014-04-27 13:12 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-27 16:00 - 2014-04-27 15:59 - 00613200 _____ (Chip Digital GmbH) C:\Users\Dean\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-27 13:14 - 2014-04-27 13:14 - 00000000 _____ () C:\autoexec.bat
2014-04-27 13:13 - 2014-04-27 13:13 - 00002260 _____ () C:\Users\Dean\Desktop\SpyHunter.lnk
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\sh4ldr
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-04-27 13:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dean\Downloads\SpyHunter-Installer.exe
2014-04-27 05:49 - 2013-07-16 20:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-27 00:08 - 2014-04-27 00:07 - 00000000 ____D () C:\wm
2014-04-27 00:07 - 2014-04-27 00:07 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (2).exe
2014-04-27 00:06 - 2014-04-27 00:06 - 00101888 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (1).exe
2014-04-26 19:13 - 2013-07-16 20:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-26 01:53 - 2014-04-23 21:55 - 00001027 _____ () C:\Users\Dean\Desktop\Starsky & Hutch.lnk
2014-04-25 17:29 - 2014-04-25 17:17 - 00000000 ____D () C:\Users\Dean\Desktop\Silvester
2014-04-24 16:48 - 2013-11-23 22:09 - 00000000 ____D () C:\Users\Dean\AppData\Local\Akamai
2014-04-24 13:07 - 2013-09-29 20:28 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-24 11:50 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Client
2014-04-24 04:56 - 2014-04-24 04:56 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 04:53 - 2014-04-24 04:53 - 00001032 _____ () C:\Users\Dean\Desktop\Curse.lnk
2014-04-24 04:53 - 2014-04-24 04:53 - 00001018 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-24 04:53 - 2013-07-16 20:43 - 00000000 ___RD () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 04:52 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse
2014-04-24 04:51 - 2014-04-24 04:51 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup.exe
2014-04-23 21:55 - 2014-04-23 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSP
2014-04-23 21:55 - 2014-04-23 21:52 - 00000000 ____D () C:\Program Files\Starsky & Hutch
2014-04-23 12:19 - 2014-04-29 15:36 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-23 00:51 - 2014-04-23 00:51 - 43672901 _____ () C:\Users\Dean\Downloads\Why I Love League of legends But Hate Playing It.mp4
2014-04-21 22:57 - 2014-04-21 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-21 22:57 - 2013-11-02 01:59 - 00000000 ____D () C:\Spiele
2014-04-21 22:40 - 2014-04-21 22:39 - 57415752 _____ (ppy Pty. Ltd.) C:\Users\Dean\Downloads\osu!install.exe
2014-04-20 04:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 03:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 00:29 - 2014-04-20 00:29 - 00008587 _____ () C:\Users\Dean\Desktop\PTT-20140419-WA0060.m4a
2014-04-19 23:12 - 2013-12-07 16:30 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Dean.job
2014-04-19 19:11 - 2013-08-05 20:31 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\TS3Client
2014-04-19 11:09 - 2014-04-19 11:09 - 34931533 _____ () C:\Users\Dean\Downloads\Siv HD - JUKE CITY (欺詐師合輯).mp4
2014-04-18 12:49 - 2014-04-16 02:22 - 00000000 ____D () C:\Users\Dean\Desktop\Journal
2014-04-14 21:13 - 2014-01-27 20:42 - 00000000 ____D () C:\Users\Dean\Documents\GTA San Andreas User Files
2014-04-10 15:03 - 2014-04-10 15:03 - 01263104 _____ () C:\Users\Dean\Downloads\kuh-k.avi
2014-04-09 23:53 - 2013-12-04 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:50 - 2013-12-04 18:52 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 21:46 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\PowerCinema
2014-04-09 21:46 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean\AppData\Local\PowerCinema
2014-04-09 13:43 - 2013-12-07 16:30 - 00000000 ____D () C:\ProgramData\Norton
2014-04-08 15:59 - 2013-07-11 06:30 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 15:59 - 2013-07-11 06:30 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 15:59 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-30 02:01

==================== End Of Log ============================
--- --- ---


Mfg Dean

sunjojo 01.05.2014 12:34
Ok, dann gehts so weiter:



Schritt 1
Bitte deinstalliere folgende Programme:
  • Avira Savings Advisor
Gehe dafür auf:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Software
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)
und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8).

Schritt 2
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
FF Homepage: about:blank
FF NewTab: about:blank
FF Extension: Extension_Protected - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack [2014-01-27]
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx [2013-12-11]
C:\Program Files (x86)\WebSparkle

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 5
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Wenn du "SpyHunter" und "Yet Another Cleaner!" installiert hast, empfehle ich diese zu deinstallieren (wenn du die Programme nicht kennst, auf jeden Fall deinstallieren).

Meckert Avira noch rum wegen des "Bitcoinminer virus"? Gibt es sonst noch Probleme mit dem Rechner?



Poste folgende Logfiles in deiner nächsten Antwort:
  • Fixlog.txt
  • Mbam.txt
  • Log.txt
  • FRST.txt

Dean19 05.05.2014 22:02
So bin endlich fertig ich hoffe nicht zu spät oder so. Ich habe ein paar Anläufe mit Eset gebraucht weil ich teilweise zu früh vom PC musste und so Sachen.

Antivir spuckt keine Fehlermeldung mehr aus Eset hat aber anscheinend noch was gefunden.
Im Log ist aber garnichts mehr drinne obwohl der Haken bei Viruse löschen (oder so) weg war mein ich :eek:

Waren wohl dateien die einfach im Ordner C:/wm waren der ganze Ordner scheint der Virus zu sein oder so.

Hier alle Logs :

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by Dean at 2014-05-03 12:03:07 Run:1
Running from C:\Users\Dean\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
FF Homepage: about:blank
FF NewTab: about:blank
FF Extension: Extension_Protected - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack [2014-01-27]
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx [2013-12-11]
C:\Program Files (x86)\WebSparkle
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
===================================
Permissions for "HKCU\Software\Microsoft\Internet Explorer\Main":

Owner: BUILTIN\Administrators

DACL(AI):

BUILTIN\Administrators        ALLOW        FULL        (NI)
CREATOR OWNER        ALLOW        0x1f003f        (CI-IO)
Dean-PC\Dean        ALLOW        FULL        (OI-CI-I)
NT AUTHORITY\SYSTEM        ALLOW        FULL        (OI-CI-I)
BUILTIN\Administrators        ALLOW        FULL        (OI-CI-I)
NT AUTHORITY\RESTRICTED        ALLOW        READ        (OI-CI-I)

===================================
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
===================================
Permissions for "HKLM\Software\\Microsoft\Internet Explorer\Main":

Owner: BUILTIN\Administrators

DACL(AI):

BUILTIN\Users        ALLOW        READ        (I)
BUILTIN\Users        ALLOW        READ        (CI-I-OI)
BUILTIN\Administrators        ALLOW        FULL        (I)
BUILTIN\Administrators        ALLOW        FULL        (CI-I-OI)
NT AUTHORITY\SYSTEM        ALLOW        FULL        (I)
NT AUTHORITY\SYSTEM        ALLOW        FULL        (CI-I-OI)
CREATOR OWNER        ALLOW        FULL        (CI-I-OI)

===================================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
===================================
Permissions for "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main":

Owner: BUILTIN\Administrators

DACL(AI):

BUILTIN\Users        ALLOW        READ        (I)
BUILTIN\Users        ALLOW        READ        (CI-I-OI)
BUILTIN\Administrators        ALLOW        FULL        (I)
BUILTIN\Administrators        ALLOW        FULL        (CI-I-OI)
NT AUTHORITY\SYSTEM        ALLOW        FULL        (I)
NT AUTHORITY\SYSTEM        ALLOW        FULL        (CI-I-OI)
CREATOR OWNER        ALLOW        FULL        (CI-I-OI)

===================================
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key deleted successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found.
Firefox homepage deleted successfully.
Firefox newtab deleted successfully.
C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{ba5b6935-63e1-431c-8fc6-7504512d2b94} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ikgojpdbiniccokkgadmdheobjfdbbcg => Key deleted successfully.
"C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx" => File/Directory not found.
"C:\Program Files (x86)\WebSparkle" => File/Directory not found.

==== End of Fixlog ====
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 03.05.2014
Suchlauf-Zeit: 12:58:04
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.03.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Dean

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315732
Verstrichene Zeit: 47 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014 02
Ran by Dean (administrator) on DEAN-PC on 05-05-2014 22:53:10
Running from C:\Users\Dean\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hi-Rez Studios) C:\Spiele\HiRezGames\HiPatchService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Akamai Technologies, Inc.) C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(LOL Replay) C:\Program Files\Lol REPLAY\LOLReplay\LOLRecorder.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.206\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dean\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3139532724-3068834718-2236675085-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files\Lol REPLAY\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Dean\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ED0072A7-71EF-4A23-8E92-3472A0896703}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default
FF Homepage: about:blank
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Dean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\amazon-icon@giga.de [2014-02-14]
FF Extension: Adblock Plus - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\7o35zbsx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-24]

Chrome:
=======
CHR HomePage: about:blank
CHR StartupUrls: "about:blank"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Docs) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16]
CHR Extension: (Google Drive) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Google-Suche) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (AdBlock) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-28]
CHR Extension: (Crazy Rider) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgcmpnnailedfapmafbigfifabfamcl [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HiPatchService; C:\Spiele\HiRezGames\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-24] ()

==================== Drivers (Whitelisted) ====================

S3 a2djavs; C:\Windows\System32\Drivers\a2djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a2djusb_svc; C:\Windows\System32\Drivers\a2djusb.sys [98664 2012-12-18] (Native Instruments GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GPU-Z; \??\C:\Users\Dean\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-05 22:53 - 2014-05-05 22:53 - 00018776 _____ () C:\Users\Dean\Desktop\FRST.txt
2014-05-04 03:01 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 03:01 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 03:01 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 03:00 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 13:35 - 2014-05-03 13:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-03 13:34 - 2014-05-03 13:34 - 02347384 _____ (ESET) C:\Users\Dean\Downloads\esetsmartinstaller_deu.exe
2014-05-03 13:25 - 2014-05-03 13:25 - 00001142 _____ () C:\Users\Dean\Desktop\mbam.txt
2014-05-03 12:06 - 2014-05-03 12:06 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 12:06 - 2014-05-03 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 12:05 - 2014-05-03 12:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 12:05 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-03 12:05 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-03 12:05 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-03 12:04 - 2014-05-03 12:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Dean\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-03 12:02 - 2014-05-05 22:53 - 00000000 ____D () C:\Users\Dean\Desktop\FRST-OlderVersion
2014-05-03 11:56 - 2014-05-03 11:56 - 07094224 _____ (Blizzard Entertainment) C:\Users\Dean\Downloads\Hearthstone-Setup-deDE.exe
2014-05-03 11:55 - 2014-05-03 11:56 - 07094224 _____ (Blizzard Entertainment) C:\Users\Dean\Downloads\Hearthstone-Setup-enUS.exe
2014-05-01 18:34 - 2014-05-02 15:25 - 00000019 _____ () C:\Windows\popcinfo.dat
2014-05-01 18:24 - 2014-05-01 18:25 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Security System 2
2014-05-01 18:24 - 2014-05-01 18:24 - 01062288 _____ () C:\Users\Dean\Downloads\Insaniquarium-Deluxe-lnstall.exe
2014-05-01 18:24 - 2014-05-01 18:24 - 01062288 _____ () C:\Users\Dean\Downloads\Insaniquarium-Deluxe-lnstall (1).exe
2014-05-01 18:24 - 2014-05-01 18:24 - 00000000 ____D () C:\Users\Dean\Downloads\Insaniquarium-Deluxe
2014-05-01 18:23 - 2014-05-01 18:23 - 00237568 _____ (Big Fish Games) C:\Users\Dean\Downloads\insaniquarium_s1_l1_gF93T1L1_d2297007217.exe
2014-05-01 18:21 - 2014-05-01 18:21 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-05-01 18:20 - 2014-05-01 18:20 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-01 18:17 - 2014-05-02 14:37 - 00002464 ____N () C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2014-05-01 18:17 - 2014-05-01 18:21 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-01 18:17 - 2014-05-01 18:19 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\WildTangent
2014-05-01 18:16 - 2014-05-01 18:17 - 01024272 _____ (WildTangent) C:\Users\Dean\Downloads\Setup-insaniquariumdeluxe-wildgames!d449a64f09ca429d85267265ec490059.exe
2014-04-30 21:42 - 2014-04-30 21:42 - 00023033 _____ () C:\ComboFix.txt
2014-04-30 21:26 - 2014-04-30 21:27 - 05197895 ____R (Swearware) C:\Users\Dean\Desktop\ComboFix.exe
2014-04-30 16:51 - 2014-05-05 22:53 - 00000000 ____D () C:\FRST
2014-04-30 16:50 - 2014-05-05 22:53 - 02063872 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2014-04-30 16:49 - 2014-04-30 16:49 - 00000470 _____ () C:\Users\Dean\Downloads\defogger_disable.log
2014-04-30 16:49 - 2014-04-30 16:49 - 00000000 _____ () C:\Users\Dean\defogger_reenable
2014-04-30 16:46 - 2014-04-30 16:46 - 00050477 _____ () C:\Users\Dean\Downloads\Defogger.exe
2014-04-30 16:21 - 2014-04-30 16:21 - 03249776 _____ (Security Stronghold ) C:\Users\Dean\Downloads\CleverIEHooker.BHORemovalTool.exe
2014-04-29 15:37 - 2014-04-29 15:37 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\eCyber
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\Windows\system32\log
2014-04-29 15:36 - 2014-04-23 12:19 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-29 15:35 - 2014-05-04 12:53 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-04-29 15:33 - 2014-04-29 15:33 - 11825832 _____ (Elex do Brasil Participações Ltda) C:\Users\Dean\Downloads\yet_another_cleaner_sk.exe
2014-04-28 00:16 - 2014-04-28 00:16 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-04-27 16:04 - 2014-05-05 16:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieUserList
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieSiteList
2014-04-27 15:59 - 2014-04-27 16:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Dean\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-27 13:14 - 2014-04-27 13:14 - 00000000 _____ () C:\autoexec.bat
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-05-03 12:07 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-27 13:12 - 2014-04-27 13:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dean\Downloads\SpyHunter-Installer.exe
2014-04-27 00:26 - 2014-05-03 14:47 - 540901509 _____ () C:\Windows\MEMORY.DMP
2014-04-27 00:08 - 2014-04-28 15:28 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-27 00:07 - 2014-04-27 00:08 - 00000000 ____D () C:\wm
2014-04-27 00:07 - 2014-04-27 00:07 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (2).exe
2014-04-27 00:06 - 2014-04-27 00:06 - 00101888 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (1).exe
2014-04-24 04:56 - 2014-04-24 04:56 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 04:53 - 2014-04-24 04:53 - 00001032 _____ () C:\Users\Dean\Desktop\Curse.lnk
2014-04-24 04:53 - 2014-04-24 04:53 - 00001018 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-24 04:52 - 2014-04-24 11:50 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Client
2014-04-24 04:52 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse
2014-04-24 04:51 - 2014-04-24 04:51 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup.exe
2014-04-23 21:55 - 2014-04-26 01:53 - 00001027 _____ () C:\Users\Dean\Desktop\Starsky & Hutch.lnk
2014-04-23 21:55 - 2014-04-23 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSP
2014-04-23 21:52 - 2014-04-23 21:55 - 00000000 ____D () C:\Program Files\Starsky & Hutch
2014-04-23 00:51 - 2014-04-23 00:51 - 43672901 _____ () C:\Users\Dean\Downloads\Why I Love League of legends But Hate Playing It.mp4
2014-04-21 22:57 - 2014-04-21 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-21 22:39 - 2014-04-21 22:40 - 57415752 _____ (ppy Pty. Ltd.) C:\Users\Dean\Downloads\osu!install.exe
2014-04-20 03:02 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-20 03:02 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-20 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-20 03:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-20 03:02 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-20 03:02 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-20 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-20 03:02 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-20 03:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-20 03:02 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-20 03:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-20 03:02 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-20 03:02 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-20 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-20 03:02 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-20 03:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-20 03:02 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-20 03:02 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-20 03:02 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-20 03:02 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-20 03:02 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-20 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-20 03:02 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-20 03:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-20 03:02 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-20 03:02 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-20 03:02 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-20 03:02 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-20 03:02 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-20 03:02 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-20 03:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-20 03:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-20 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-20 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-20 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-20 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-20 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-20 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-20 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-20 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-20 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-20 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-20 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-20 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 11:09 - 2014-04-19 11:09 - 34931533 _____ () C:\Users\Dean\Downloads\Siv HD - JUKE CITY (欺詐師合輯).mp4
2014-04-16 02:22 - 2014-04-18 12:49 - 00000000 ____D () C:\Users\Dean\Desktop\Journal
2014-04-10 15:03 - 2014-04-10 15:03 - 01263104 _____ () C:\Users\Dean\Downloads\kuh-k.avi
2014-04-09 21:45 - 2014-04-09 21:46 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\PowerCinema
2014-04-09 13:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:52 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-05 22:54 - 2014-05-05 22:53 - 00018776 _____ () C:\Users\Dean\Desktop\FRST.txt
2014-05-05 22:54 - 2013-07-18 20:48 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Skype
2014-05-05 22:53 - 2014-05-03 12:02 - 00000000 ____D () C:\Users\Dean\Desktop\FRST-OlderVersion
2014-05-05 22:53 - 2014-04-30 16:51 - 00000000 ____D () C:\FRST
2014-05-05 22:53 - 2014-04-30 16:50 - 02063872 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2014-05-05 21:29 - 2013-12-25 00:52 - 00000000 ____D () C:\Users\Dean\AppData\Local\CrashDumps
2014-05-05 20:16 - 2013-07-10 20:37 - 01053489 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 19:59 - 2013-12-06 17:21 - 00062222 _____ () C:\Windows\setupact.log
2014-05-05 18:01 - 2013-07-16 20:58 - 00000000 ____D () C:\Users\Dean\AppData\Local\PMB Files
2014-05-05 16:01 - 2014-04-27 16:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 15:31 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 15:31 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 15:26 - 2013-07-16 20:45 - 00000000 ____D () C:\ProgramData\clear.fi
2014-05-05 15:25 - 2013-10-12 03:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec6ed68beab57.job
2014-05-05 15:21 - 2013-12-15 11:42 - 00827642 _____ () C:\Windows\PFRO.log
2014-05-05 15:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-04 12:53 - 2014-04-29 15:35 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-05-04 02:41 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean\AppData\Local\VirtualStore
2014-05-03 14:57 - 2013-08-04 18:03 - 00000000 ____D () C:\Windows\Minidump
2014-05-03 14:47 - 2014-04-27 00:26 - 540901509 _____ () C:\Windows\MEMORY.DMP
2014-05-03 13:35 - 2014-05-03 13:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-03 13:34 - 2014-05-03 13:34 - 02347384 _____ (ESET) C:\Users\Dean\Downloads\esetsmartinstaller_deu.exe
2014-05-03 13:25 - 2014-05-03 13:25 - 00001142 _____ () C:\Users\Dean\Desktop\mbam.txt
2014-05-03 12:07 - 2014-04-27 13:12 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-03 12:06 - 2014-05-03 12:06 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 12:06 - 2014-05-03 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 12:05 - 2014-05-03 12:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 12:04 - 2014-05-03 12:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Dean\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-03 11:56 - 2014-05-03 11:56 - 07094224 _____ (Blizzard Entertainment) C:\Users\Dean\Downloads\Hearthstone-Setup-deDE.exe
2014-05-03 11:56 - 2014-05-03 11:55 - 07094224 _____ (Blizzard Entertainment) C:\Users\Dean\Downloads\Hearthstone-Setup-enUS.exe
2014-05-02 15:25 - 2014-05-01 18:34 - 00000019 _____ () C:\Windows\popcinfo.dat
2014-05-02 14:37 - 2014-05-01 18:17 - 00002464 ____N () C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2014-05-02 14:37 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-02 00:13 - 2014-03-16 01:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-01 18:25 - 2014-05-01 18:24 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Security System 2
2014-05-01 18:24 - 2014-05-01 18:24 - 01062288 _____ () C:\Users\Dean\Downloads\Insaniquarium-Deluxe-lnstall.exe
2014-05-01 18:24 - 2014-05-01 18:24 - 01062288 _____ () C:\Users\Dean\Downloads\Insaniquarium-Deluxe-lnstall (1).exe
2014-05-01 18:24 - 2014-05-01 18:24 - 00000000 ____D () C:\Users\Dean\Downloads\Insaniquarium-Deluxe
2014-05-01 18:24 - 2012-07-03 15:25 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-01 18:23 - 2014-05-01 18:23 - 00237568 _____ (Big Fish Games) C:\Users\Dean\Downloads\insaniquarium_s1_l1_gF93T1L1_d2297007217.exe
2014-05-01 18:21 - 2014-05-01 18:21 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-05-01 18:21 - 2014-05-01 18:17 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-01 18:20 - 2014-05-01 18:20 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-01 18:19 - 2014-05-01 18:17 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\WildTangent
2014-05-01 18:17 - 2014-05-01 18:16 - 01024272 _____ (WildTangent) C:\Users\Dean\Downloads\Setup-insaniquariumdeluxe-wildgames!d449a64f09ca429d85267265ec490059.exe
2014-05-01 09:49 - 2013-12-07 16:30 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Dean.job
2014-04-30 21:42 - 2014-04-30 21:42 - 00023033 _____ () C:\ComboFix.txt
2014-04-30 21:42 - 2013-12-04 14:49 - 00000000 ____D () C:\Qoobox
2014-04-30 21:39 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-30 21:27 - 2014-04-30 21:26 - 05197895 ____R (Swearware) C:\Users\Dean\Desktop\ComboFix.exe
2014-04-30 16:49 - 2014-04-30 16:49 - 00000470 _____ () C:\Users\Dean\Downloads\defogger_disable.log
2014-04-30 16:49 - 2014-04-30 16:49 - 00000000 _____ () C:\Users\Dean\defogger_reenable
2014-04-30 16:49 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean
2014-04-30 16:46 - 2014-04-30 16:46 - 00050477 _____ () C:\Users\Dean\Downloads\Defogger.exe
2014-04-30 16:21 - 2014-04-30 16:21 - 03249776 _____ (Security Stronghold ) C:\Users\Dean\Downloads\CleverIEHooker.BHORemovalTool.exe
2014-04-30 16:20 - 2013-11-21 00:09 - 00000000 ____D () C:\Users\Gast
2014-04-29 16:01 - 2014-05-04 03:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-04 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 15:37 - 2014-04-29 15:37 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\eCyber
2014-04-29 15:36 - 2014-04-29 15:36 - 00000000 ____D () C:\Windows\system32\log
2014-04-29 15:33 - 2014-04-29 15:33 - 11825832 _____ (Elex do Brasil Participações Ltda) C:\Users\Dean\Downloads\yet_another_cleaner_sk.exe
2014-04-29 14:48 - 2014-05-04 03:01 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-04 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 15:28 - 2014-04-27 00:08 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-28 00:16 - 2014-04-28 00:16 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-04-27 16:04 - 2013-12-04 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieUserList
2014-04-27 16:03 - 2014-04-27 16:03 - 00000000 __SHD () C:\Users\Dean\AppData\Local\EmieSiteList
2014-04-27 16:00 - 2014-04-27 15:59 - 00613200 _____ (Chip Digital GmbH) C:\Users\Dean\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-27 13:14 - 2014-04-27 13:14 - 00000000 _____ () C:\autoexec.bat
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-04-27 13:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dean\Downloads\SpyHunter-Installer.exe
2014-04-27 05:49 - 2013-07-16 20:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-27 00:08 - 2014-04-27 00:07 - 00000000 ____D () C:\wm
2014-04-27 00:07 - 2014-04-27 00:07 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (2).exe
2014-04-27 00:06 - 2014-04-27 00:06 - 00101888 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup (1).exe
2014-04-26 19:13 - 2013-07-16 20:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-26 01:53 - 2014-04-23 21:55 - 00001027 _____ () C:\Users\Dean\Desktop\Starsky & Hutch.lnk
2014-04-24 16:48 - 2013-11-23 22:09 - 00000000 ____D () C:\Users\Dean\AppData\Local\Akamai
2014-04-24 13:07 - 2013-09-29 20:28 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-24 11:50 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Client
2014-04-24 04:56 - 2014-04-24 04:56 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse Advertising
2014-04-24 04:53 - 2014-04-24 04:53 - 00001032 _____ () C:\Users\Dean\Desktop\Curse.lnk
2014-04-24 04:53 - 2014-04-24 04:53 - 00001018 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-24 04:53 - 2013-07-16 20:43 - 00000000 ___RD () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 04:52 - 2014-04-24 04:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Curse
2014-04-24 04:51 - 2014-04-24 04:51 - 37439696 _____ (Curse) C:\Users\Dean\Downloads\CurseClientSetup.exe
2014-04-23 21:55 - 2014-04-23 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSP
2014-04-23 21:55 - 2014-04-23 21:52 - 00000000 ____D () C:\Program Files\Starsky & Hutch
2014-04-23 12:19 - 2014-04-29 15:36 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-23 00:51 - 2014-04-23 00:51 - 43672901 _____ () C:\Users\Dean\Downloads\Why I Love League of legends But Hate Playing It.mp4
2014-04-21 22:57 - 2014-04-21 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-21 22:57 - 2013-11-02 01:59 - 00000000 ____D () C:\Spiele
2014-04-21 22:40 - 2014-04-21 22:39 - 57415752 _____ (ppy Pty. Ltd.) C:\Users\Dean\Downloads\osu!install.exe
2014-04-20 04:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 03:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 19:11 - 2013-08-05 20:31 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\TS3Client
2014-04-19 11:09 - 2014-04-19 11:09 - 34931533 _____ () C:\Users\Dean\Downloads\Siv HD - JUKE CITY (欺詐師合輯).mp4
2014-04-18 12:49 - 2014-04-16 02:22 - 00000000 ____D () C:\Users\Dean\Desktop\Journal
2014-04-14 21:13 - 2014-01-27 20:42 - 00000000 ____D () C:\Users\Dean\Documents\GTA San Andreas User Files
2014-04-10 15:03 - 2014-04-10 15:03 - 01263104 _____ () C:\Users\Dean\Downloads\kuh-k.avi
2014-04-09 23:53 - 2013-12-04 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:50 - 2013-12-04 18:52 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 21:46 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\PowerCinema
2014-04-09 21:46 - 2013-07-16 20:42 - 00000000 ____D () C:\Users\Dean\AppData\Local\PowerCinema
2014-04-09 13:43 - 2013-12-07 16:30 - 00000000 ____D () C:\ProgramData\Norton
2014-04-08 15:59 - 2013-07-11 06:30 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 15:59 - 2013-07-11 06:30 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 15:59 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Dean\AppData\Local\Temp\avgnt.exe
C:\Users\Dean\AppData\Local\Temp\foxy_security_games.exe
C:\Users\Dean\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Dean\AppData\Local\Temp\sdapskill.exe
C:\Users\Dean\AppData\Local\Temp\sdaspwn.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-30 02:01

==================== End Of Log ============================
--- --- ---

sunjojo 06.05.2014 16:30
Hi,

der Ordner taucht noch im Logfile auf. Ich bräuchte nochmal das vollständige ESET Logfile mit der Meldung :).

Dean19 06.05.2014 16:37
Hey,

ich hab das vollständige Logfile doch geschrieben, oder was genau meinst du ? :S

Code:
ESETSmartInstaller@High as downloader log:
all ok

sunjojo 06.05.2014 17:20
Zitat:
Antivir spuckt keine Fehlermeldung mehr aus Eset hat aber anscheinend noch was gefunden.
Im Log ist aber garnichts mehr drinne obwohl der Haken bei Viruse löschen (oder so) weg war mein ich

Waren wohl dateien die einfach im Ordner C:/wm waren der ganze Ordner scheint der Virus zu sein oder so.
Du sagst hier, dass ESET angeblich etwas gefunden hat undzwar im Ordner "C:\wm". Der Ordner ist auch im Logfile zu finden, aber ich bräuchte das Logfile von ESET, in welchem diese Meldung drin steht (die hast du dir ja nicht ausgedacht). Guck nochmal unter "C:\Programme\Eset\EsetOnlineScanner" nach und poste mir alles, was in diesem Logfile steht (was du mir gepostet hast, ist kein vollständiges Logfile) :).

Dean19 06.05.2014 21:25
Hi ,
also ich hab die Anzeige der Viruse nur in ESET gesehen und keinem Logfile entnommen :(
Das ist definitiv das komplette Log das sich im Ordner befindet. Ich hab wahrscheinlich irgendwas falsch gemacht.
Es gibt auch kein anderes Log oder so in diesem Ordner :confused:

Notfalls muss ich es halt nochmal 6 Stunden laufen lassen. :S

sunjojo 07.05.2014 18:13
Hi,

Zitat:
also ich hab die Anzeige der Viruse nur in ESET gesehen und keinem Logfile entnommen
Ok, dann lösche ich dir Ordner noch. Wenn du keine weiteren Probleme mehr hast, sind wir fertig :).



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-04-29 15:35 - 2014-05-04 12:53 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\iSafe
2014-04-27 00:08 - 2014-04-28 15:28 - 00000000 ____D () C:\Users\Dean\AppData\Local\WM
2014-04-27 00:07 - 2014-04-27 00:08 - 00000000 ____D () C:\wm
2014-04-27 13:13 - 2014-04-27 13:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-27 13:12 - 2014-05-03 12:07 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Updates
Java Version 7 Update 55
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 55 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.

Adobe Reader Version XI (11.0.06)
Adobe Flash Player Version 13.0.0.206
  • Deinstalliere bitte deine aktuelle(n) Version(en) des Adobe Flash Players.
  • Lade dir die neuste Version hier herunter: Adobe - Adobe Flash Player installieren
  • Entferne den Hacken für das optionale Angebot "McAfee Security Scan Plus".

Mozilla Firefox 29.0
  • Update deinen Firefox Browser. Gehe dafür auf das Menü (rechts oben) -> das Hilfe Symbol (unten) -> über Firefox.

Cleanup
Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps).
Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> Software
Windows Vista/7: Start --> Systemsteuerung --> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) --> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



In deinen Logfiles sehe ich im Moment keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst :).




Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen

Welcher Antivirenscanner ist der beste?
  • Die Antwort auf die Frage ist im Grunde einfach: keiner. Es gibt keinen Antivirenscanner, der immer alle Schädlinge sofort erkennt und dich 100%ig schützt. Alles vom Menschen geschaffene ist fehlerhaft und es ist ratsam, sich nur begrenzt darauf zu verlassen. Das heißt nicht, dass die Verwendung eines Antivirenprogramms keinen Sinn macht, aber es sollte als zusätzliche Hilfe angesehen werden. Die Hauptverantwortung liegt bei dir und deinem Verhalten im Internet selbst.
  • Benutze nur einen Antivirenscanner/Hintergrundwächter, niemals zwei oder mehrere. Diese könnten sich gegenseitig blockieren und dir mehr schaden, als helfen. Achte darauf, dass immer die neuesten Updates heruntergeladen werden. Ein veralteter Antivirenscanner ist nutzlos!
  • Außerdem kannst du dein Betriebssystem mit On-Demand Sannern überprüfen. Solche Scanner laufen nicht permanent im Hintergrund, sondern scannen nur "auf Knopfdruck" dein System. Damit holst du dir eine zweite Meinung ein. Gute On-Demand Scanner, die auch wir zur Kontrolle benutzen, sind Malwarebytes Anti Malware und der ESET Online Scanner.
    • Malwarebytes Anti-Malware (Anleitung zur Verwendung) ist eines der besten und zuverlässigsten Programme in der Malwareentfernung. Scanne dein System einmal pro Woche oder einmal in zwei Wochen.
    • Der ESET Online Scanner (Anleitnung zur Verwendung) ist kostenlos und scannt dein System und deine Dateien sehr gründlich. Deswegen kann der Scan bei vielen Dateien mehrere Stunden dauern. Scanne dein System nach deinem eigenem Ermessen. Falls schädliche Dateien gefunden werden, handle nicht eigenmächtig!
Aber Updates muss ich immer installieren, oder?
  • Die Aktualität von Software ist sehr wichtig und unbedingt notwendig. Veraltete Programme stellen Schwachstellen dar, die sich Angreifer gerne zur Nutze machen. Daher ist es wichtig, immer die neueste Version der jeweiligen Software installiert zu haben. Dies fängt beim Betriebssystem an. Du solltest das neueste Service Pack installiert und automatische Updates eingeschaltet haben.
    Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
    Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Häufig werden Sicherheitslücken von älteren Java Versionen, dem Flash-Player und PDF-Reader ausgenutzt. Du kannst hier überprüfen, ob diese häufig missbrauchte Software aktuell ist: PluginCheck
Ok, muss ich auf etwas achten, wenn ich im Internet surfe?
  • Mit dem richtigen Verhalten im Internet fängt der Schutz vor Infektionen an. Es gibt inzwischen viele virtuelle Betrugsversuche oder Tricks zum Täuschen, sowie im echten Leben. Um sich dort zu schützen, hast du bestimmte Angewohnheiten. Diese können auf das Surfverhalten übertragen werden. Zur Verdeutlichung stelle ich dir einen kleinen Vergleich zum Leben her:

    Verhalten im LebenVerhalten im Internet
    Du überprüfst vorher die Läden, in denen du einkaufst.Klicke nicht auf alle Seiten/Werbungen/PopUps, weil diese bunt sind oder tolle Preise versprechen.
    Du achtest auf die Qualität, wenn du Produkte kaufst.Lade dir Programme nur von original Herstellerseiten herunter und nicht von Softonic oder ähnlichem. Diese birgen häufig die Gefahr, sich zusätzlich Adware herunterzuladen.
    Du öffnest keine Briefe oder Pakete ohne zu gucken, von wem diese sind.Öffne nur Anhänge von Emails, wenn der Absender bekannt ist. Überprüfe, ob zum Beispiel eine Rechnung im Anhang wirklich von der Firma versendet wurde. Häufig werden gefälschte Emails mit schädlichem Anhang verschickt!

    Handle mit Bedacht und überlege zuerst, bevor du etwas anklickst, herunterlädst oder öffnest!
  • Vermeide das Besuchen von pornographischen, Pokerspiel oder weiteren dubiosen Webseiten. Diese birgen ein besonders großes Infektionsrisiko.
Welche Programme sollte ich nicht verwenden?
  • Wenn du neue Software installierst, besteht häufig die Auswahl, eine weitere Toolbar (oder ähnliches) zu installieren. Entferne generell den Haken bei optionalen Zusatzprogrammen. Diese verlangsamen in der Regel deinen Browser und können ein erhöhtes Infektionsrisiko bedeuten.
  • Registry Cleaner versprechen meist einen großen Performancegewinn, wenn verwaiste Einträge in der Regsitry entfernt werden. Dieser angebliche Gewinn ist kaum bis gar nicht bemerkbar. Außerdem wird häufig verschwiegen, dass falsche Änderungen der Registry zu schwerwiegenden Folgen führen können. Deswegen sollte so wenig wie möglich an der Registry verändert werden. Zerstörst du die Registry, zerstörst du Windows!
  • Filesharing oder Peer-to-Peer Programme ermöglichen es, Dateien mit anderen Nutzern auszutauschen. Es ist möglich, dass du dir eine infizierte Datei herunterlädst (auch versteckt in angeblich legalen Versionen von bekannten Programmen). Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht oder gar nicht benutzt werden.
    • Lade dir vor allem keine Cracks (illegale Version einer Software) herunter. Das ist rechtlich nicht erlaubt und du kannst dafür bestraft werden. Außerdem ist bei solcher Software das Infektionsrisiko am höchsten, da Cracks sehr häufig versteckte Malware enthalten.
Gibt es noch weitere Tipps, um mich zu schützen?
  • Achte auf die Endung von Dateien, die dir zugesendet wurden. Häufig versuchen Malwareschreiber mit Tricks wie Rechnung.pdf.exe dich zu täuschen. Wenn die Dateiendung ausgeblendet wird, bleibt Rechnung.pdf übrig, was den Anschein einer normalen PDF-Datei macht. Lass dir daher bekannte Dateiendung anzeigen (Anleitung: http://www.trojaner-board.de/59624-a...-sichtbar.html)
  • Surfe mit einem Konto mit eingeschränkten Rechten. Durch Administratorrechte kann Malware ohne Probleme zahlreiche Änderungen am System vornehmen, zum Beispiel Sicherheitseinstellungen verändern oder auf Systemdateien zugreifen.
  • Verwende nicht immer das gleiche Passwort. Falls dein Passwort durch entsprechende Malware herausgefunden wird, könnte auf alle Konten von dir zugegriffen werden.
  • Lege in regelmäßigen Abständen Backups (Was sind Backups?) von deinem System an. Dadurch ist ein Datenverlust durch Malware oder Hardwareschäden verkraftbar und es ist vergleichsweise einfach, den Rechner auf den Stand des letzten Backups zu bringen. Damit du deine Daten nicht manuell sichern musst, gibt es Backup-Programme wie Paragon Backup & Recovery.
  • Deaktiviere das Autorun-Feature von Windows. Dies ermöglicht, dass zum Beispiel CDs, DVDs oder Programme auf USB-Sticks alleine starten. Häufig nutzen Malwareschreiber genau diese Funktion aus. In solchen Fällen befindet sich Malware auf dem USB-Stick und wird automatisch beim Anschließen an den Computer ausgeführt. Um das zu verhinden, deaktiviere die Autorun-Funktion: http://www.trojaner-board.de/83238-a...sschalten.html.
Wenn dich das Thema Computersicherheit interessiert und du noch mehr Tipps und Tricks zum Schutz deines Rechners haben willst, ist der Emsisoft Blog genau richtig für dich ;).


Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden :).

Ich wünsche dir eine schöne und malwarefreie Zeit :daumenhoc.

Dean19 07.05.2014 19:59
Danke für alles und, dass es so Foren gibt :daumenhoc
Hab das Cleanup und alles durch. :)

Mfg,
Dean ;)

sunjojo 07.05.2014 20:03
Hallo Dean19,

schön, dass wir dir helfen konnten :abklatsch:.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine private Nachricht.

Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19