Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Addware (Intelitxt ähnlich) (https://www.trojaner-board.de/153397-addware-intelitxt-aehnlich.html)

TypMitHaaren 03.05.2014 20:16
Addware (Intelitxt ähnlich)
 
Hallo,
Ich habe das Problem, dass ich in einem Text auf einer Seite mehrere blaue, unterstrichene Links (Werbung) habe (Schlüsselwörter soweit ich es beurteilen kann, häufig etwas mit Software zu tun, Mail und ähnliche Begriffe aber auch). Desweiteren öffnen sich Fenster wenn ich auf einen Link, einen leeren Fleck oder auch anderen Stellen (YouTube Video) klicke.
Logs von FRST, defogger, und Gmer stehen bereit.

Danke schon mal im Voraus. :bussi:

schrauber 04.05.2014 06:27
hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

TypMitHaaren 04.05.2014 10:05
Jupp nur passen die nicht alle in einen Post und wenn ich selbst antworte wirds als in Arbeit angesehn. ;-)

Gruß

schrauber 04.05.2014 11:03
Das Ding ist doch in Arbeit da ich es übernommen habe ;)

Also Logfiles aufteilen und mehrere Posts nutzen.

TypMitHaaren 04.05.2014 18:18
Naja ich meinte das ich es nicht mit rein gepostet habe direkt. :D
defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:29 on 03/05/2014 (Niclas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

FRST:
-=E.O.F=-

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Niclas (administrator) on PURPLE-PC on 03-05-2014 20:30:47
Running from D:\Users\Niclas\Downloads\FRST
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Nero AG) D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\RrFilter\RrFilterService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
() C:\Program Files\002\yewimmxqbs64.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() D:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\UMonit.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
() D:\Program Files (x86)\puush\puush.exe
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(LOL Replay) D:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(Dropbox, Inc.) C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Aeria Games & Entertainment) D:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Elaborate Bytes AG) D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Lenovo, Japan, Ltd. ) C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe
() C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedEvents.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [Wippien] => D:\Program Files\Wippien\Wippien.exe [3022632 2011-08-19] ()
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => D:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [uTorrent] => C:\Users\Niclas\AppData\Roaming\uTorrent\uTorrent.exe [902736 2013-10-28] (BitTorrent Inc.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [MoodEditor.exe] => D:\Program Files (x86)\Pamela RichMood Editor\MoodEditor.exe [1025024 2013-08-17] (Scendix Software-Vertriebsges. mbH)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Niclas\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 593f4c133c4647d39d03057438dc1a9f-753923bc94f738da406656e912a26fccb404e6d9 --CMPID 0913b
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Desura] => D:\Program Files (x86)\Desura\desura.exe [2529096 2014-01-05] (Desura Pty Ltd)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [puush] => D:\Program Files (x86)\puush\puush.exe [567880 2014-04-13] ()
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {068b5e74-fc89-11e2-bea4-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {29722606-ef7a-11e2-be8c-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {a43a989f-d8c8-11e2-be75-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> D:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> D:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: 80.87.240.49:8087
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {2E32E504-A3EA-4DB4-9876-2DCD2D89B98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {2E32E504-A3EA-4DB4-9876-2DCD2D89B98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - D:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - D:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\WINDOWS\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Niclas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default\searchplugins\privitize.xml
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - D:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - D:\Program Files (x86)\Fiddler2\FiddlerHook [2014-01-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "sync_promo"
CHR StartupUrls: "startup_urls_migration_time": "13034373880206099"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - D:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-31]
CHR Extension: (Google Drive) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-31]
CHR Extension: (YouTube) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-31]
CHR Extension: (Battlefield Heroes) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-02-22]
CHR Extension: (Google-Suche) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-31]
CHR Extension: (Live HTTP Headers) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2014-01-18]
CHR Extension: (Google Wallet) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitize.crx [2013-08-31]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-11-15] (BitRaider, LLC)
R2 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2227536 2014-04-15] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 HTCMonitorService; d:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
R3 Lenovo.RapidDrive.Advanced.Svc; C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [218112 2012-08-15] (Lenovo, Japan, Ltd. )
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo)
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4868640 2013-08-25] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RrFilterService64; c:\Program Files\RrFilter\RrFilterService64.exe [171008 2014-03-06] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 yewimmxqbs64; C:\Program Files\002\yewimmxqbs64.exe [706560 2014-05-03] ()
S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-11-16] (BitRaider)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-02-28] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 sclbl; D:\AeriaGames\ScarletBlade\avital\scarbt64.sys [86352 2013-12-13] ()
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-04-12] (Oracle Corporation)
R3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S2 X5XSEx_Pr148; \??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [X]
S3 X6va011; \??\C:\WINDOWS\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\WINDOWS\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\WINDOWS\SysWOW64\Drivers\X6va013 [X]
S3 X6va014; \??\C:\WINDOWS\SysWOW64\Drivers\X6va014 [X]
S3 X6va015; \??\C:\WINDOWS\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-05-03 20:08 - 2014-05-03 20:30 - 00000000 ____D () C:\FRST
2014-05-03 18:10 - 2014-05-03 18:10 - 00000000 ____H () C:\ProgramData\cm-lock
2014-05-03 18:04 - 2014-05-03 18:12 - 00000000 ____D () C:\Program Files\RrFilter
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files\rrsavings
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-03 18:02 - 2014-05-03 18:10 - 00001365 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-03 18:02 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files\002
2014-05-03 18:02 - 2014-05-03 18:02 - 00001212 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\Users\Niclas\AppData\Local\cache
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-05-03 18:02 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-04-30 16:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-04-30 16:13 - 2014-05-03 18:08 - 00000000 ____D () C:\AdwCleaner
2014-04-28 15:22 - 2014-04-28 15:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 15:51 - 2014-04-21 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-04-19 10:01 - 2014-04-19 10:01 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-04-19 10:00 - 2014-04-19 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-04-16 15:43 - 2014-04-16 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-15 08:29 - 2014-04-18 21:57 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Teeworlds
2014-04-13 23:39 - 2014-04-13 23:39 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\puush
2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TERA
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
2014-04-10 23:30 - 2014-04-10 23:30 - 00000674 _____ () C:\Users\Public\Desktop\RFOnline1.0.lnk
2014-04-10 23:30 - 2014-04-10 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFOnline1.0
2014-04-10 22:35 - 2014-04-10 22:35 - 00000358 _____ () C:\console.log
2014-04-10 22:35 - 2014-04-10 22:35 - 00000000 ____D () C:\Users\Niclas\RFO
2014-04-09 21:01 - 2014-04-09 21:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Carbon
2014-04-09 16:43 - 2014-04-09 17:39 - 00000000 ____D () C:\Users\Niclas\AppData\Local\UberLauncher
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMNC
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Uber_Entertainment
2014-04-08 19:01 - 2014-04-09 12:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dwarfs
2014-04-08 16:32 - 2014-04-08 16:32 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\SpringLobby
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring

==================== One Month Modified Files and Folders =======

2014-05-03 20:30 - 2014-05-03 20:08 - 00000000 ____D () C:\FRST
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-05-03 20:29 - 2013-08-25 19:11 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Skype
2014-05-03 20:29 - 2013-06-17 16:53 - 00000000 ____D () C:\Users\Niclas
2014-05-03 20:24 - 2013-06-21 18:41 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5658A565-CBA7-45CE-A1A3-2BE0A5C61F68}
2014-05-03 20:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-03 19:56 - 2013-08-31 21:31 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 19:50 - 2013-06-20 18:53 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-03 19:42 - 2013-09-14 14:54 - 00000000 ____D () C:\Users\Niclas\AppData\Local\LogMeIn Hamachi
2014-05-03 19:19 - 2014-03-10 20:19 - 00003134 _____ () C:\WINDOWS\Tasks\FLV Player Addon-chromeinstaller.job
2014-05-03 19:19 - 2014-03-10 20:19 - 00002356 _____ () C:\WINDOWS\Tasks\FLV Player Addon-firefoxinstaller.job
2014-05-03 19:19 - 2014-03-10 20:19 - 00001528 _____ () C:\WINDOWS\Tasks\FLV Player Addon-codedownloader.job
2014-05-03 19:19 - 2014-03-10 20:19 - 00001408 _____ () C:\WINDOWS\Tasks\FLV Player Addon-enabler.job
2014-05-03 18:39 - 2013-06-17 17:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3192851615-808154685-2172071588-1001
2014-05-03 18:16 - 2013-01-08 16:54 - 00761898 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-03 18:16 - 2013-01-08 16:54 - 00160028 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-03 18:16 - 2013-01-08 08:04 - 00000000 ____D () C:\Program Files (x86)\SugarSync
2014-05-03 18:16 - 2012-07-26 09:28 - 01772590 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-03 18:13 - 2013-08-21 10:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-03 18:12 - 2014-05-03 18:04 - 00000000 ____D () C:\Program Files\RrFilter
2014-05-03 18:10 - 2014-05-03 18:10 - 00000000 ____H () C:\ProgramData\cm-lock
2014-05-03 18:10 - 2014-05-03 18:02 - 00001365 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-03 18:10 - 2013-08-31 21:31 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 18:10 - 2013-08-04 10:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-05-03 18:10 - 2013-08-03 22:49 - 00000000 ____D () C:\Users\Niclas\AppData\Local\HTC MediaHub
2014-05-03 18:10 - 2012-08-01 17:51 - 00032202 _____ () C:\WINDOWS\PFRO.log
2014-05-03 18:10 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-03 18:09 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-03 18:08 - 2014-04-30 16:13 - 00000000 ____D () C:\AdwCleaner
2014-05-03 18:08 - 2013-06-17 16:54 - 00000000 ___RD () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files\rrsavings
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-03 18:03 - 2014-05-03 18:02 - 00000000 ____D () C:\Program Files\002
2014-05-03 18:02 - 2014-05-03 18:02 - 00001212 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\Users\Niclas\AppData\Local\cache
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-05-03 17:12 - 2013-06-20 14:53 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\.minecraft
2014-05-03 16:41 - 2013-06-19 16:03 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Akamai
2014-05-03 14:08 - 2013-09-04 19:22 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Paint.NET
2014-05-03 11:00 - 2013-06-17 19:25 - 00000000 ____D () C:\Users\Niclas\AppData\Local\PMB Files
2014-05-03 11:00 - 2013-06-17 19:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-30 16:15 - 2014-03-10 20:20 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-04-28 19:50 - 2013-06-20 18:53 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-04-28 15:22 - 2014-04-28 15:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-28 15:22 - 2013-09-28 15:53 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-04-27 10:57 - 2013-08-31 21:32 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-26 20:04 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-25 11:35 - 2014-03-31 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-25 11:15 - 2013-06-22 12:02 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TS3Client
2014-04-22 15:57 - 2013-01-08 08:04 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-21 15:51 - 2014-04-21 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-04-19 10:01 - 2014-04-19 10:01 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-04-19 10:00 - 2014-04-19 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-04-18 21:57 - 2014-04-15 08:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Teeworlds
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-04-16 15:43 - 2014-04-16 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-14 09:18 - 2013-07-19 22:34 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Deployment
2014-04-13 23:39 - 2014-04-13 23:39 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\puush
2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TERA
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
2014-04-10 23:30 - 2014-04-10 23:30 - 00000674 _____ () C:\Users\Public\Desktop\RFOnline1.0.lnk
2014-04-10 23:30 - 2014-04-10 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFOnline1.0
2014-04-10 22:35 - 2014-04-10 22:35 - 00000358 _____ () C:\console.log
2014-04-10 22:35 - 2014-04-10 22:35 - 00000000 ____D () C:\Users\Niclas\RFO
2014-04-09 21:01 - 2014-04-09 21:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Carbon
2014-04-09 20:59 - 2013-06-19 18:52 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Awesomium
2014-04-09 17:39 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\UberLauncher
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMNC
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Uber_Entertainment
2014-04-09 12:25 - 2014-04-08 19:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dwarfs
2014-04-08 18:57 - 2013-07-24 11:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-08 16:32 - 2014-04-08 16:32 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\SpringLobby
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 15:28 - 2014-01-20 16:41 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\HpUpdate
2014-04-04 17:23 - 2014-02-26 21:21 - 00001594 _____ () C:\WINDOWS\setupact.log
2014-04-03 21:41 - 2013-09-06 20:17 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Audacity
2014-04-03 20:10 - 2013-01-08 08:06 - 01136540 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-03 18:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Niclas\AppData\Local\Temp\032939rr.exe
C:\Users\Niclas\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Niclas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Niclas\AppData\Local\Temp\bdfilters.dll
C:\Users\Niclas\AppData\Local\Temp\borlndlm.dll
C:\Users\Niclas\AppData\Local\Temp\DownloadManager.exe
C:\Users\Niclas\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Niclas\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Niclas\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Niclas\AppData\Local\Temp\i4jdel0.exe
C:\Users\Niclas\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\Niclas\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\Niclas\AppData\Local\Temp\NGMDll.dll
C:\Users\Niclas\AppData\Local\Temp\NGMResource.dll
C:\Users\Niclas\AppData\Local\Temp\NGMSetup.exe
C:\Users\Niclas\AppData\Local\Temp\Quarantine.exe
C:\Users\Niclas\AppData\Local\Temp\rad5D9E3.tmp_update.exe
C:\Users\Niclas\AppData\Local\Temp\ubertmp.exe
C:\Users\Niclas\AppData\Local\Temp\unicows.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-27 12:07

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Niclas at 2014-05-03 20:08:35
Running from D:\Users\Niclas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

 toolbar  (HKLM-x32\...\privitize) (Version: 1.8.21.6 - Industriya) <==== ATTENTION
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
8BitMMO (HKLM-x32\...\Steam App 250420) (Version:  - Archive Entertainment)
A Story About My Uncle (HKLM\...\UDK-f6b9a0a7-92d9-4a40-90ce-7f89bdae95b9) (Version:  - Epic Games, Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Conan: Unchained - EU version (HKLM-x32\...\Steam App 217750) (Version:  - Funcom)
Age of Wushu (HKLM-x32\...\{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}) (Version: 0.0.1.065 - Snail Games USA)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AlterLight 0 (HKLM-x32\...\AlterLight_0) (Version: 0 - The Game Assembly)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Archeblade (HKLM-x32\...\Steam App 207230) (Version:  - CodeBrush Games)
Ashampoo Music Studio 2013 v.4.1.2 (HKLM-x32\...\{91B33C97-0D61-2DA9-07F6-0EF54C520FE3}_is1) (Version: 4.1.2 - Ashampoo GmbH & Co. KG)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Aurora World (HKLM-x32\...\Aurora World_is1) (Version:  - www.theAuroraWorld.com)
Authorizer 2.5.1 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.5.1 - Propellerhead Software AB)
Authorizer Ignition Key Support (Version: 1.0.5.0 - Propellerhead Software AB) Hidden
AutoHotkey 1.1.11.00 (HKLM\...\AutoHotkey) (Version: 1.1.11.00 - Lexikos)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle for Wesnoth 1.11.7 (HKLM-x32\...\Battle for Wesnoth 1.11.7) (Version: 1.11.7 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.4 - BitRaider, LLC)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version:  - Stunlock Studios)
BlueVoda Website Builder 11.4G (HKLM-x32\...\BlueVoda_Website_Builder_1.0) (Version:  - )
C9 (HKLM-x32\...\Steam App 212390) (Version:  - Cloud 9 Studio)
CABAL Online (NA - Global) (HKCU\...\CabalOnline(NA - Global)) (Version:  - )
CABAL Online Europe (Europe) (HKLM-x32\...\CABAL Online (Europe)_is1) (Version:  - )
CABAL Online Patch 652 (HKLM-x32\...\CABAL Online Patch 652_is1) (Version:  - )
Cain & Abel 4.9.46 (HKLM-x32\...\Cain & Abel 4.9.46) (Version:  - )
Cannons Lasers Rockets (HKLM-x32\...\Steam App 265770) (Version:  - Net Games Laboratory)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
City of Steam: Arkadia (HKLM-x32\...\Steam App 266070) (Version:  - Mechanist Games)
CosmicBreak_eng (HKLM-x32\...\CosmicBreak_eng) (Version:  - )
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live PSG) (Version:  - Sony Online Entertainment)
DC Universe Online PSG (HKCU\...\soe-DC Universe Online PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
DEET Defender (HKLM\...\UDK-2ffafc82-eb9d-4945-adf2-631806ecc2d2) (Version:  - Epic Games, Inc.)
Demon's Gear Version 1.0 (HKLM-x32\...\{51A18CBB-3966-4423-AA65-CBB925CA03E0}_is1) (Version: 1.0 - Guilty Souls)
Der Herr der Ringe® - Die Eroberung™ (HKLM-x32\...\{628C3D50-F524-4C49-A958-672CE7953756}) (Version: 1.0.0.1 - Electronic Arts)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Desura: DataJack (HKLM-x32\...\Desura_108971910234144) (Version: Full - RSHAW)
Desura: Mortal Online (HKLM-x32\...\Desura_83146271883296) (Version: Free to Play - Star Vault AB)
Dethroned! (HKLM-x32\...\Steam App 269390) (Version:  - Treehouse Ltd)
DIE GEHEIMNISSE DER SPIDERWICKS (HKLM-x32\...\{DFA723CE-22B4-4E6B-92CF-176256ECF2DE}) (Version: 1.00.0000 - Sierra Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Dungeon Party (HKLM-x32\...\Steam App 215870) (Version:  - Cyanide Studio)
Dungeonland (HKLM-x32\...\Steam App 218130) (Version:  - Critical Studio)
Dwarfs F2P (HKLM-x32\...\Steam App 213650) (Version:  - Power of 2)
Eclipse Origins Runtime Files (HKCU\...\Eclipse Origins Runtime Files) (Version:  - )
EdenEternal-DE (HKLM-x32\...\EdenEternal-DE) (Version:  - )
Edimax Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0195 - Edimax Technology Co.)
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics)
Elsword_DE (HKLM-x32\...\Elsword_DE_is1) (Version:  - )
Evolution RTS (HKLM-x32\...\Steam App 291150) (Version:  - Frozen Yak Entertainment)
Fallen Earth (HKLM-x32\...\Steam App 113420) (Version:  - Reloaded Productions)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.5.9 - Telerik)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)
Flyff (HKLM-x32\...\{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1) (Version: Flyff - Gala Networks Europe Limited)
Forge (HKLM-x32\...\Steam App 223390) (Version:  - Dark Vale Games)
Free System Utilities (HKLM-x32\...\{a0f67e33-80b3-444d-989e-62c49b7b4792}) (Version: 1.1.0.141 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.141 - Covus Freemium GmbH) Hidden
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Free YouTube to MP3 Converter version 3.12.3.610 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.3.610 - DVDVideoSoft Ltd.)
Freeciv 2.4.0 (GTK+ client) (HKLM-x32\...\Freeciv-2.4.0-gtk2) (Version:  - )
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Galaxy Wars (HKCU\...\8ef8d8ab73c12fdc) (Version: 1.0.0.23 - Double Jungle)
Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge)
Geany 1.23.1 (HKLM-x32\...\Geany) (Version: 1.23.1 - The Geany developer team)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)
Ghost Recon Online (EU) (HKCU\...\d8be6c3f847d7d92) (Version: 1.33.8542.1 - Ubisoft)
GlassFish Server Open Source Edition 4.0 (HKLM\...\nbi-glassfish-mod-4.0.0.89.0) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version:  - Monolith Productions, Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hacknet (HKLM-x32\...\{4E0F622C-C5F1-4959-902D-BD2C1009A4CB}) (Version: 1.0.3.0 - Team Fractal Alligator)
Hawken (HKCU\...\Hawken) (Version:  - Meteor Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HeroesGo (HKCU\...\HeroesGo) (Version:  - )
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.45.0 - HTC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Jabbin 3.0 (HKLM-x32\...\Jabbin) (Version: 3.0 - Jabbin)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
LibreOffice 4.2.0.4 (HKLM-x32\...\{E043231F-34F2-4AF5-9400-0961CC15AAAE}) (Version: 4.2.0.4 - The Document Foundation)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
LMMS 0.4.14 (HKLM-x32\...\LMMS) (Version: 0.4.14 - LMMS Developers)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.7 - www.leaguereplays.com)
MarkdownPad 2 (HKLM-x32\...\MarkdownPad 2 2.3.0.25835) (Version: 2.3.0.25835 - Apricity Software LLC)
MarkdownPad 2 (x32 Version: 2.3.0.25835 - Apricity Software LLC) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Mi Producto (HKLM-x32\...\Mi Producto) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MicroVolts (HKLM-x32\...\Steam App 109400) (Version:  - NQ Games)
Mozilla Firefox 22.0 (x86 de) (HKCU\...\Mozilla Firefox 22.0 (x86 de)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.6 - Mozilla)
Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nmap 6.40 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA Grafiktreiber 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pamela RME 2.0 (HKLM-x32\...\MoodEditor) (Version: 2.0 - Scendix Software-Vertriebsges. mbH)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Panzar (HKLM-x32\...\Steam App 240320) (Version:  - Troxit Service)
Paragon Partition Manager™ 12 Professional Demo (HKLM-x32\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.6.31580 - Grinding Gear Games)
Perpetuum (HKLM-x32\...\Perpetuum) (Version:  - )
Perspective 1.0 (HKLM-x32\...\Perspective) (Version: 1.0 - Widdershins)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6)
PHYSICUBE (HKLM-x32\...\PHYSICUBE) (Version:  - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)
Prime World version 9.8.6 (HKLM-x32\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.8.6 - Nival)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 2.6 (64-bit) (HKLM\...\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E9}) (Version: 2.6.150 - Python Software Foundation)
Python 3.3.3 (64-bit) (HKLM\...\{e9d90870-ab19-32a8-aa93-f8348ba21d05}) (Version: 3.3.3150 - Python Software Foundation)
RaiderZ (HKLM-x32\...\RaiderZ) (Version:  - Perfect World Entertainment)
RapidDrive Advanced Version 2.00.0815 (HKLM-x32\...\{F8F9F1AC-5CB0-4DBB-87FA-1A6BC4EA02E5}_is1) (Version: 2.00.0815 - LENOVO, Inc.)
Realm Crafter Demo (HKLM-x32\...\Realm Crafter Demo) (Version: 1.24.3 - Solstar Games)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)
RFOnline1.0 Uninstall (HKLM-x32\...\RFOnline1.0) (Version:  - OnNet EU)
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
Scarlet Blade (HKLM-x32\...\Scarlet Blade) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar (HKLM-x32\...\{B2A302E7-8FA4-4585-AB7F-12C4DEBC0D32}) (Version: 11.44.63.16736 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKCU\...\{8764b8f1-aa4f-4121-af2b-a11394a55484}) (Version: 11.44.63.16736 - ReSoft Ltd.) <==== ATTENTION
Sky CABAL Online (HKLM-x32\...\Sky CABAL Online) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2069.0 - Hi-Rez Studios)
Spring 96.0 (HKLM-x32\...\Spring) (Version: 96.0 - Spring team)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - Star Gem Inc.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tag - IGF Professional 2008 (HKLM-x32\...\{1446A30C-6DAF-461E-96B1-31C554870082}_is1) (Version:  - DigiPen Institute of Technology)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Plan (HKLM-x32\...\Steam App 250600) (Version:  - Krillbite Studio)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Development Kit: 2013-07 (HKLM\...\UDK-f1efd744-6b11-4dbe-89cd-79df17532b4c) (Version:  - Epic Games, Inc.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Vindictus EU (HKLM-x32\...\Vindictus EU) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
WinHTTrack Website Copier 3.47-21 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.8 (HKLM-x32\...\winscp3_is1) (Version: 5.1.8 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version:  - )
Wireshark 1.10.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.6 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Padman 1.5 (HKLM-x32\...\World of Padman 1.5) (Version: 1.5 - Padworld Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F56C433-2243-4B08-B0B4-292DD3CB4DB8} - \Advanced System Protector No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2283D83A-0D95-4A39-B842-7AEEF96EF2BC} - System32\Tasks\FLV Player Addon-chromeinstaller => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-chromeinstaller.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {40DB2E3D-6F19-411B-9BE5-658C8B6CD946} - System32\Tasks\{B9EEE3F8-433A-428C-9D08-A7659D8B584B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.7.0.123/de/abandoninstall?page=tsProgressBar
Task: {44FA991A-5393-4B12-8FDB-EA59F579D14E} - System32\Tasks\{CAEE17C4-D58A-40C0-AFA8-32BE85C8B924} => Chrome.exe hxxp://ui.skype.com/ui/0/5.7.0.123/de/abandoninstall?page=tsProgressBar
Task: {505BEE49-200C-4AB7-BDF2-6DBF22B2F7F4} - System32\Tasks\FLV Player Addon-enabler => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-enabler.exe <==== ATTENTION
Task: {803FCEDD-4F07-4458-B0B9-54C0E34853A0} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {93531D38-BBE0-434D-9307-E777F40CD2DB} - System32\Tasks\FLV Player Addon-firefoxinstaller => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-firefoxinstaller.exe
Task: {9F4B9F80-E132-4F6C-AD99-4FA94AC039B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.)
Task: {A4A4B77E-AB47-4DE8-A8C2-EB0E37A0064A} - System32\Tasks\FLV Player Addon-codedownloader => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-codedownloader.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BA625361-1C6E-4C15-9C69-E5B4D2C9D1F1} - System32\Tasks\{CA0302C0-4C42-4BEB-9D1A-F9D566739961} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C98317F8-6159-49DA-8B52-F6BC06F0D8C3} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {CD6F31F9-7C8E-4E80-949E-2452FEAD93C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.)
Task: {D183C2C3-7E70-4CCD-B155-4538E1806706} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {D48EEC69-45B1-4078-AAEA-8D2A04B51E51} - System32\Tasks\{AA012D1E-BCF5-44B0-BBAA-51731A135E1D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {D52FD684-D56B-4E54-95F6-D9D81AAD6E46} - System32\Tasks\StartRapidDriveAdvancedServiceTask => net
Task: {E38AE981-9A23-49E3-A7DF-AF4923ABF9A3} - \Software Updater No Task File <==== ATTENTION
Task: {EB152564-46ED-497E-9450-4CB0893B42D4} - System32\Tasks\{D70D5D4B-2FFB-4F01-91FD-0E251E4DC044} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F08391DA-9788-4E6D-A92E-045A1E89D856} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FLV Player Addon-chromeinstaller.job => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-chromeinstaller.exe
Task: C:\WINDOWS\Tasks\FLV Player Addon-codedownloader.job => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-codedownloader.exe
Task: C:\WINDOWS\Tasks\FLV Player Addon-enabler.job => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FLV Player Addon-firefoxinstaller.job => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-firefoxinstaller.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-01-08 08:00 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-07-20 00:07 - 2014-02-22 14:53 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-03-06 15:52 - 2014-03-06 15:52 - 00171008 _____ () c:\Program Files\RrFilter\RrFilterService64.exe
2014-03-04 13:25 - 2014-03-04 13:25 - 00110080 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 13:25 - 2014-03-04 13:25 - 00317952 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2014-05-03 18:03 - 2014-05-03 18:03 - 00706560 _____ () C:\Program Files\002\yewimmxqbs64.exe
2013-08-01 18:33 - 2013-08-01 18:33 - 00169312 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-01-08 08:00 - 2012-07-24 13:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe
2012-01-10 14:41 - 2014-04-13 23:39 - 00567880 _____ () D:\Program Files (x86)\puush\puush.exe
2013-06-18 16:53 - 2013-06-18 16:55 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-08 08:00 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2013-01-08 08:04 - 2012-02-17 15:47 - 00809472 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedEvents.exe
2013-01-08 08:04 - 2012-07-23 17:58 - 00397824 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedCommon.dll
2013-01-08 08:04 - 2012-02-17 15:47 - 00040960 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\de\LenovoRapidDriveAdvancedCommon.resources.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00030056 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 18:32 - 2013-08-01 18:32 - 00607376 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 18:33 - 2013-08-01 18:33 - 00044392 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 18:33 - 2013-08-01 18:33 - 00036216 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 18:33 - 2013-08-01 18:33 - 00080248 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 18:38 - 2013-08-01 18:38 - 00223592 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-01-09 19:22 - 2014-04-22 00:55 - 00340480 _____ () D:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-23 09:59 - 2014-04-22 00:55 - 00471552 _____ () D:\Program Files (x86)\Steam\libavutil-53.dll
2013-07-01 08:20 - 2014-04-01 00:09 - 00754688 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2013-07-09 17:56 - 2014-04-24 00:01 - 01092288 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-09 13:45 - 2014-03-03 21:15 - 20626624 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () D:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () D:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () D:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-21 12:38 - 2014-03-21 12:38 - 00378880 _____ () D:\Program Files (x86)\LOLReplay\LOLUtils.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2013-01-08 08:00 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Niclas\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2013-01-08 08:04 - 2012-08-15 15:07 - 00220672 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\SSDetectPartition.dll
2013-01-08 07:59 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 06:03:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.9200.16384, Zeitstempel: 0x5010a60b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000de1b
ID des fehlerhaften Prozesses: 0x1f50
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3
Vollständiger Name des fehlerhaften Pakets: MsiExec.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsiExec.exe5

Error: (05/03/2014 04:41:35 PM) (Source: MsiInstaller) (User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (05/03/2014 04:41:16 PM) (Source: MsiInstaller) (User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (05/03/2014 00:40:05 PM) (Source: MsiInstaller) (User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (05/03/2014 00:38:46 PM) (Source: MsiInstaller) (User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.


System errors:
=============
Error: (05/03/2014 08:08:09 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/03/2014 06:10:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "X5XSEx_Pr148" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (05/03/2014 06:10:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "vToolbarUpdater18.1.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/03/2014 06:10:11 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (05/03/2014 06:09:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (05/03/2014 06:09:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/03/2014 06:09:04 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/03/2014 06:05:05 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/03/2014 06:04:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/03/2014 06:03:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (05/03/2014 06:03:19 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.9200.163845010a60bKERNELBASE.dll6.2.9200.1645150988950c00000050000de1b1f5001cf66e933427bd7c:\Windows\syswow64\MsiExec.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll712f05cc-d2dc-11e3-bfce-d43d7e38f36c

Error: (05/03/2014 04:41:35 PM) (Source: MsiInstaller)(User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/03/2014 04:41:16 PM) (Source: MsiInstaller)(User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/03/2014 00:40:05 PM) (Source: MsiInstaller)(User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/03/2014 00:38:46 PM) (Source: MsiInstaller)(User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 16344.3 MB
Available physical RAM: 11729.32 MB
Total Pagefile: 18648.3 MB
Available Pagefile: 13389.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:57.78 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Lenovo) (Fixed) (Total:925.77 GB) (Free:302.09 GB) NTFS
Drive e: () (Fixed) (Total:451.4 GB) (Free:451.17 GB) NTFS
Drive f: () (Fixed) (Total:451.4 GB) (Free:448.83 GB) NTFS
Drive g: (DVDVolume) (CDROM) (Total:7.61 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 60 GB) (Disk ID: 3AF92328)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 3AF92329)

Partition: GPT Partition Type.

==================== End Of Log ============================
Gmer:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-03 20:35:48
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000049 SAMSUNG_MZMPC064HBDR-000L1 rev.CXM13L1Q 59,63GB
Running: be2v0g2f.exe; Driver: C:\Users\Niclas\AppData\Local\Temp\uwryapoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                000007fe37291532 4 bytes [29, 37, FE, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                000007fe3729153a 4 bytes [29, 37, FE, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                              000007fe3729165a 4 bytes [29, 37, FE, 07]
.text    C:\WINDOWS\system32\nvvsvc.exe[1656] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                                                                                          000007fe37291532 4 bytes [29, 37, FE, 07]
.text    C:\WINDOWS\system32\nvvsvc.exe[1656] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                                                                                          000007fe3729153a 4 bytes [29, 37, FE, 07]
.text    C:\WINDOWS\system32\nvvsvc.exe[1656] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                                                                                        000007fe3729165a 4 bytes [29, 37, FE, 07]
.text    C:\WINDOWS\system32\nvvsvc.exe[1656] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                000007fe3d0e177a 4 bytes [0E, 3D, FE, 07]
.text    C:\WINDOWS\system32\nvvsvc.exe[1656] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                000007fe3d0e1782 4 bytes [0E, 3D, FE, 07]
.text    C:\WINDOWS\System32\spoolsv.exe[1412] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                              000007fe3d0e177a 4 bytes [0E, 3D, FE, 07]
.text    C:\WINDOWS\System32\spoolsv.exe[1412] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                              000007fe3d0e1782 4 bytes [0E, 3D, FE, 07]
.text    C:\WINDOWS\Explorer.EXE[2316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                000007fe37291532 4 bytes [29, 37, FE, 07]
.text    C:\WINDOWS\Explorer.EXE[2316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                000007fe3729153a 4 bytes [29, 37, FE, 07]
.text    C:\WINDOWS\Explorer.EXE[2316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                              000007fe3729165a 4 bytes [29, 37, FE, 07]
.text    c:\Program Files\RrFilter\RrFilterService64.exe[3132] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                              000007fe3d0e177a 4 bytes [0E, 3D, FE, 07]
.text    c:\Program Files\RrFilter\RrFilterService64.exe[3132] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                              000007fe3d0e1782 4 bytes [0E, 3D, FE, 07]
.text    C:\WINDOWS\system32\svchost.exe[3260] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                              000007fe3d0e177a 4 bytes [0E, 3D, FE, 07]
.text    C:\WINDOWS\system32\svchost.exe[3260] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                              000007fe3d0e1782 4 bytes [0E, 3D, FE, 07]
.text    C:\Program Files\002\yewimmxqbs64.exe[3344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                        000007fe3d0e177a 4 bytes [0E, 3D, FE, 07]
.text    C:\Program Files\002\yewimmxqbs64.exe[3344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                        000007fe3d0e1782 4 bytes [0E, 3D, FE, 07]
.text    D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3676] C:\WINDOWS\system32\PsApi.dll!GetProcessImageFileNameA + 306                                                                          000007fe3d0e177a 4 bytes [0E, 3D, FE, 07]
.text    D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3676] C:\WINDOWS\system32\PsApi.dll!GetProcessImageFileNameA + 314                                                                          000007fe3d0e1782 4 bytes [0E, 3D, FE, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                        000007fe37291532 4 bytes [29, 37, FE, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                        000007fe3729153a 4 bytes [29, 37, FE, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                      000007fe3729165a 4 bytes [29, 37, FE, 07]
.text    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4220] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                      000007fe3d0e177a 4 bytes [0E, 3D, FE, 07]
.text    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4220] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                      000007fe3d0e1782 4 bytes [0E, 3D, FE, 07]
.text    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4220] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                000007fe37291532 4 bytes [29, 37, FE, 07]
.text    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4220] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                000007fe3729153a 4 bytes [29, 37, FE, 07]
.text    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4220] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                              000007fe3729165a 4 bytes [29, 37, FE, 07]
.text    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[6060] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                      000007fe3d0e177a 4 bytes [0E, 3D, FE, 07]
.text    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[6060] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                      000007fe3d0e1782 4 bytes [0E, 3D, FE, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [1112:4772]                                                                                                                                                        fffff9600091a5e8
---- Processes - GMER 2.1 ----

Library  C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2316]                                                                                0000000180000000
Process  C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe [5416] (FILE NOT FOUND)                                  0000000000400000
Library  C:\Users\Niclas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe [5416](2014-01-03 00:45:04)                          0000000003c10000
Library  C:\Users\Niclas\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe [5416](2013-10-18 23:55:02)                                000000005d7b0000
Library  C:\Users\Niclas\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe [5416] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)  000000005cbb0000

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
Und passt sogar alles o_O
Naja danke fürs mir annehmen ;)

Gruß

Ah jetzt fängt der an unter der Werbung "RR Savings" anzuzeigen.
Und irgendwie vergessen: Danke für die echt schnelle Antwort. :dankeschoen:

schrauber 05.05.2014 16:28
Zitat:
ProxyServer: 80.87.240.49:8087
Proxy mit Absicht?


Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

TypMitHaaren 05.05.2014 18:55
Proxy -> Wireshark ;)

Revo und Junkware kann ich erst Morgen und Adwremove bringt leider nix.^^ Aber erstmal danke.

Gruß

Ahja und " toolbar" lässt nich auch nicht mit Revo uninstallen. :O
Kann man da noch was anderes testen?

Gruß (nochmal ;D)

schrauber 06.05.2014 11:33
Deinstalliere über Windows. Was bedeutet AdwCleaner bringt leider nix?

TypMitHaaren 06.05.2014 13:56
Bei der deinstallation des Programmes ist ein Fehler aufgetreten...
Das heisst das ich es beireits durchgeführt habe und der **** immernoch da ist.. :(

JRM.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Niclas on 06.05.2014 at 14:30:38,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3192851615-808154685-2172071588-1001\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system protector"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2014 at 14:34:40,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleanerS0:
Code:
# AdwCleaner v3.205 - Bericht erstellt am 30/04/2014 um 16:15:01
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Niclas - PURPLE-PC
# Gestartet von : D:\Users\Niclas\Downloads\adwcleaner-3.205.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SystemStoreService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\AVG Nation toolbar
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Funmoods
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\Industriya
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\WINDOWS\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Users\Niclas\AppData\Local\AVG Nation toolbar
Ordner Gelöscht : C:\Users\Niclas\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Niclas\AppData\Local\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Niclas\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\Niclas\AppData\LocalLow\AVG Nation toolbar
Ordner Gelöscht : C:\Users\Niclas\AppData\LocalLow\GutscheinCodes
Ordner Gelöscht : C:\Users\Niclas\AppData\LocalLow\Industriya
Ordner Gelöscht : C:\Users\Niclas\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Niclas\AppData\Roaming\DownLite
Ordner Gelöscht : C:\Users\Niclas\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Niclas\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default\Extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com
Datei Gelöscht : C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default\user.js
Datei Gelöscht : C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deutsch.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deutsch.babylon.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Freemium1ClickMaint
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Software Updater

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FLV Player]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GutscheinCodes.GutscheinCodesBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\privitize.privitizeHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\privitize.privitizeHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKCU\Software\5e088d1e23ce442
Schlüssel Gelöscht : HKLM\SOFTWARE\5e088d1e23ce442
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052466.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052466.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052466.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052466.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522242266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555245566}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566246666}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F905535E-9C87-4A3F-8A3E-4E3B54C461C5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544244466}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511241166}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511241166}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511241166}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522242266}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555245566}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566246666}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511241166}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\AVG Nation toolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Funmoods
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\Webplayer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\AVG Nation toolbar
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\covus freemium gmbh
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v

[ Datei : C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.adc59fc105a264311af8dbf9b600a7b9c080e29b99bee4caab38c4958c5aa2376com52466.52466.internaldb.Resources_meta.value", "%7B%22iframe.html%22%3A%7B%22id%22%3A538570%2C%22ver%22%3A18%2C[...]
Zeile gelöscht : user_pref("extensions.adc59fc105a264311af8dbf9b600a7b9c080e29b99bee4caab38c4958c5aa2376com52466.52466.internaldb.Resources_resource_538570.value", "%22%3Chtml%20style%3D%5C%22width%3A854px%3Bheigth%3A[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "144c2ec036c63cc4d15404d6c18e7e54");

-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=56F8080027003CF0&affID=124589&tsp=5019
Gelöscht [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Gelöscht [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Gelöscht [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [21323 octets] - [30/04/2014 16:13:51]
AdwCleaner[S0].txt - [19437 octets] - [30/04/2014 16:15:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19498 octets] ##########
...und S1:
Code:
# AdwCleaner v3.205 - Bericht erstellt am 03/05/2014 um 18:08:09
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Niclas - PURPLE-PC
# Gestartet von : D:\Users\Niclas\Downloads\adwcleaner-3.205.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : BackupStack
Dienst Gelöscht : LPTSystemUpdater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\LPT
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\WINDOWS\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Ordner Gelöscht : C:\Users\Niclas\.android
Ordner Gelöscht : C:\Users\Niclas\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Niclas\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Niclas\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Niclas\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Niclas\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : D:\Users\Niclas\Documents\Mobogenie
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Niclas\daemonprocess.txt
Datei Gelöscht : C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : D:\Users\Niclas\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Advanced System Protector

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : D:\Users\Niclas\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter\Tools\CodeMeter Command Prompt.lnk
Verknüpfung Desinfiziert : C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKLM\Software\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Rr Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [21323 octets] - [30/04/2014 16:13:51]
AdwCleaner[R1].txt - [10892 octets] - [03/05/2014 18:06:33]
AdwCleaner[S0].txt - [19691 octets] - [30/04/2014 16:15:01]
AdwCleaner[S1].txt - [7714 octets] - [03/05/2014 18:08:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7774 octets] ##########
(hab auch noch R0 und R1 fallsde die brauchst ;))

mbam.txt kommt gleich.

mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 06.05.2014
Suchlauf-Zeit: 14:49:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.06.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Niclas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 279791
Verstrichene Zeit: 7 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 3
Adware.Adpeak, C:\Program Files\002\yewimmxqbs64.exe, 3628, Löschen bei Neustart, [98689a6637c914ec0d6ef23ccb39db25]
PUP.Optional.Adpeak.A, C:\Program Files\002\yewimmxqbs64.exe, 3628, Löschen bei Neustart, [5aa6c33de917d52b3607705190738878]
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\RrFilterService64.exe, 3440, Löschen bei Neustart, [619fcf31ca36f30d679cbbbaa45e07f9]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 15
Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yewimmxqbs64, In Quarantäne, [98689a6637c914ec0d6ef23ccb39db25],
PUP.Optional.Adpeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yewimmxqbs64, In Quarantäne, [5aa6c33de917d52b3607705190738878],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, In Quarantäne, [a957ae52cc34639d664b6515c43e57a9],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\CLASSES\esrv.privitizeESrvc, In Quarantäne, [ff0125db8779e51b39ed512d9c66df21],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\CLASSES\esrv.privitizeESrvc.1, In Quarantäne, [b34d47b912ee728ea185b2ccb74bf30d],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\rrsavings, In Quarantäne, [ce329967847c0cf42c835f1b55ad23dd],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.privitizeESrvc, In Quarantäne, [758b8b7524dc6e92bc6a83fb778bf60a],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.privitizeESrvc.1, In Quarantäne, [52aec8388c7451af52d4abd355ad7987],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhfcbmlocifngpbjdpgnkbjmgkadkjpp, In Quarantäne, [c937956b5da387798f9bdba315edcc34],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\INDUSTRIYA\privitize, In Quarantäne, [7a86cd336c9416ea0324601e41c13ec2],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3192851615-808154685-2172071588-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RrSavings, In Quarantäne, [728e5aa6a35d946cd6dd34468b77d22e],
PUP.Optional.FLVPlayerAddon.A, HKU\S-1-5-21-3192851615-808154685-2172071588-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FLV Player Addon, In Quarantäne, [f10fb44c08f841bf2529e89c7f83ad53],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3192851615-808154685-2172071588-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\rrsavings, In Quarantäne, [bb45ee121ee241bfa70f0971bc46e917],
PUP.Optional.PrivitizeTB.A, HKU\S-1-5-21-3192851615-808154685-2172071588-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INDUSTRIYA\privitize, In Quarantäne, [f9072cd4e51b3fc161c7225c808219e7],
PUP.Optional.RRSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RrFilterService64, In Quarantäne, [619fcf31ca36f30d679cbbbaa45e07f9],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings, In Quarantäne, [b34dab55857b53ad818113625da56c94],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, Löschen bei Neustart, [619fcf31ca36f30d679cbbbaa45e07f9],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, In Quarantäne, [619fcf31ca36f30d679cbbbaa45e07f9],

Dateien: 19
Adware.Adpeak, C:\Program Files\002\yewimmxqbs64.exe, Löschen bei Neustart, [98689a6637c914ec0d6ef23ccb39db25],
PUP.Optional.OutBrowse, C:\Users\Niclas\AppData\Local\Temp\DownloadManager.exe, In Quarantäne, [78881de33fc18b75ce2644d95da3e61a],
PUP.Optional.Somoto.A, C:\Users\Niclas\Local Settings\Application Data\Bundled software uninstaller\biclient.exe, In Quarantäne, [cb352ed2dc24a9571f2c011445bc1be5],
PUP.Optional.PrivitizeTB.A, C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default\searchplugins\privitize.xml, In Quarantäne, [907017e935cba85860c4661855adf40c],
PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-chromeinstaller.job, In Quarantäne, [0000ef1122deec14d07d7d07af53a35d],
PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-codedownloader.job, In Quarantäne, [9769996741bfa45c133a5430c93903fd],
PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-enabler.job, In Quarantäne, [0af606fa35cb748c7dd0156f6d9528d8],
PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-firefoxinstaller.job, In Quarantäne, [e51bdc2478883dc3c9846a1a36ccf907],
PUP.Optional.Adpeak.A, C:\Program Files\002\yewimmxqbs64.exe, Löschen bei Neustart, [5aa6c33de917d52b3607705190738878],
PUP.Optional.FunMoods.A, C:\Users\Niclas\AppData\Local\funmoods_2.3.1.crx, In Quarantäne, [eb152bd56c94808016449829ed16c63a],
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings\uninstaller.exe, In Quarantäne, [b34dab55857b53ad818113625da56c94],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Installbat64.dll, In Quarantäne, [619fcf31ca36f30d679cbbbaa45e07f9],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Microsoft.Deployment.WindowsInstaller.dll, In Quarantäne, [619fcf31ca36f30d679cbbbaa45e07f9],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Microsoft.Deployment.WindowsInstaller.xml, In Quarantäne, [619fcf31ca36f30d679cbbbaa45e07f9],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfapi.dll, Löschen bei Neustart, [619fcf31ca36f30d679cbbbaa45e07f9],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfregdrv.exe, In Quarantäne, [619fcf31ca36f30d679cbbbaa45e07f9],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\ProtocolFilters.dll, Löschen bei Neustart, [619fcf31ca36f30d679cbbbaa45e07f9],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\RrFilterService64.exe, Löschen bei Neustart, [619fcf31ca36f30d679cbbbaa45e07f9],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\sample.dll, In Quarantäne, [619fcf31ca36f30d679cbbbaa45e07f9],

Physische Sektoren: 0
(No malicious items detected)


(end)
Alles in Quarantäne und die Addware ist augenscheinlich weg.

Abschliessender FRST Scan:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Niclas (administrator) on PURPLE-PC on 06-05-2014 14:53:22
Running from D:\Users\Niclas\Downloads\FRST
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Nero AG) D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() D:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Windows\SysWOW64\UMonit.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
() D:\Program Files (x86)\puush\puush.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(LOL Replay) D:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(Dropbox, Inc.) C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(GameRanger Technologies) C:\Users\Niclas\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Aeria Games & Entertainment) D:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Elaborate Bytes AG) D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Lenovo, Japan, Ltd. ) C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe
() C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedEvents.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [Wippien] => D:\Program Files\Wippien\Wippien.exe [3022632 2011-08-19] ()
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => D:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [uTorrent] => C:\Users\Niclas\AppData\Roaming\uTorrent\uTorrent.exe [902736 2013-10-28] (BitTorrent Inc.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [MoodEditor.exe] => D:\Program Files (x86)\Pamela RichMood Editor\MoodEditor.exe [1025024 2013-08-17] (Scendix Software-Vertriebsges. mbH)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Niclas\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 593f4c133c4647d39d03057438dc1a9f-753923bc94f738da406656e912a26fccb404e6d9 --CMPID 0913b
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Desura] => D:\Program Files (x86)\Desura\desura.exe [2529096 2014-01-05] (Desura Pty Ltd)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [puush] => D:\Program Files (x86)\puush\puush.exe [567880 2014-04-13] ()
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {068b5e74-fc89-11e2-bea4-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {29722606-ef7a-11e2-be8c-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {a43a989f-d8c8-11e2-be75-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> D:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> D:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
ShortcutTarget: GameRanger.lnk -> C:\Users\Niclas\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)

==================== Internet (Whitelisted) ====================

ProxyServer: 80.87.240.49:8087
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {2E32E504-A3EA-4DB4-9876-2DCD2D89B98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {2E32E504-A3EA-4DB4-9876-2DCD2D89B98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - D:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - D:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\WINDOWS\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Niclas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - D:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - D:\Program Files (x86)\Fiddler2\FiddlerHook [2014-01-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "sync_promo"
CHR StartupUrls: "startup_urls_migration_time": "13034373880206099"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - D:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-31]
CHR Extension: (Google Drive) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-31]
CHR Extension: (YouTube) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-31]
CHR Extension: (Battlefield Heroes) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-02-22]
CHR Extension: (Google-Suche) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-31]
CHR Extension: (Live HTTP Headers) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2014-01-18]
CHR Extension: (Google Wallet) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-31]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-11-15] (BitRaider, LLC)
R2 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2227536 2014-04-15] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 HTCMonitorService; d:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
R3 Lenovo.RapidDrive.Advanced.Svc; C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [218112 2012-08-15] (Lenovo, Japan, Ltd. )
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo)
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4868640 2013-08-25] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-11-16] (BitRaider)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-02-28] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 sclbl; D:\AeriaGames\ScarletBlade\avital\scarbt64.sys [86352 2013-12-13] ()
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-04-12] (Oracle Corporation)
R3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S2 X5XSEx_Pr148; \??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [X]
S3 X6va011; \??\C:\WINDOWS\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\WINDOWS\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\WINDOWS\SysWOW64\Drivers\X6va013 [X]
S3 X6va014; \??\C:\WINDOWS\SysWOW64\Drivers\X6va014 [X]
S3 X6va015; \??\C:\WINDOWS\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-06 14:49 - 2014-05-06 14:49 - 00000000 ____H () C:\ProgramData\cm-lock
2014-05-06 14:39 - 2014-05-06 14:50 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 14:39 - 2014-05-06 14:39 - 00000787 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-06 14:39 - 2014-05-06 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 14:39 - 2014-05-06 14:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:39 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-06 14:39 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-06 14:39 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-06 14:30 - 2014-05-06 14:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-04 18:31 - 2014-05-04 18:31 - 00000000 ____D () C:\Users\Niclas\AppData\Local\InfiniteCrisis
2014-05-04 17:48 - 2014-05-04 17:48 - 00000000 ____D () C:\ProgramData\Turbine
2014-05-04 06:25 - 2014-05-04 06:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizard101(DE)
2014-05-03 23:34 - 2014-05-03 23:34 - 00001070 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2014-05-03 23:33 - 2014-05-03 23:34 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\GameRanger
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-05-03 20:08 - 2014-05-06 14:53 - 00000000 ____D () C:\FRST
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-03 18:02 - 2014-05-06 14:49 - 00000000 ____D () C:\Program Files\002
2014-05-03 18:02 - 2014-05-03 18:10 - 00001365 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-03 18:02 - 2014-05-03 18:02 - 00001212 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\Users\Niclas\AppData\Local\cache
2014-05-03 18:02 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-04-30 16:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-04-30 16:13 - 2014-05-03 18:08 - 00000000 ____D () C:\AdwCleaner
2014-04-28 15:22 - 2014-04-28 15:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 15:51 - 2014-04-21 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-04-16 15:43 - 2014-04-16 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-15 08:29 - 2014-04-18 21:57 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Teeworlds
2014-04-13 23:39 - 2014-04-13 23:39 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\puush
2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TERA
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
2014-04-10 23:30 - 2014-04-10 23:30 - 00000674 _____ () C:\Users\Public\Desktop\RFOnline1.0.lnk
2014-04-10 23:30 - 2014-04-10 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFOnline1.0
2014-04-10 22:35 - 2014-04-10 22:35 - 00000358 _____ () C:\console.log
2014-04-10 22:35 - 2014-04-10 22:35 - 00000000 ____D () C:\Users\Niclas\RFO
2014-04-09 21:01 - 2014-04-09 21:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Carbon
2014-04-09 16:43 - 2014-04-09 17:39 - 00000000 ____D () C:\Users\Niclas\AppData\Local\UberLauncher
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMNC
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Uber_Entertainment
2014-04-08 19:01 - 2014-04-09 12:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dwarfs
2014-04-08 16:32 - 2014-04-08 16:32 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\SpringLobby
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring

==================== One Month Modified Files and Folders =======

2014-05-06 14:53 - 2014-05-03 20:08 - 00000000 ____D () C:\FRST
2014-05-06 14:51 - 2013-08-25 19:11 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Skype
2014-05-06 14:50 - 2014-05-06 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 14:50 - 2013-09-14 14:54 - 00000000 ____D () C:\Users\Niclas\AppData\Local\LogMeIn Hamachi
2014-05-06 14:50 - 2013-08-04 10:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-05-06 14:50 - 2013-06-20 18:53 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-06 14:49 - 2014-05-06 14:49 - 00000000 ____H () C:\ProgramData\cm-lock
2014-05-06 14:49 - 2014-05-03 18:02 - 00000000 ____D () C:\Program Files\002
2014-05-06 14:49 - 2013-08-31 21:31 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 14:49 - 2013-08-03 22:49 - 00000000 ____D () C:\Users\Niclas\AppData\Local\HTC MediaHub
2014-05-06 14:49 - 2012-08-01 17:51 - 00038286 _____ () C:\WINDOWS\PFRO.log
2014-05-06 14:49 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-06 14:49 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-06 14:47 - 2013-06-21 18:41 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5658A565-CBA7-45CE-A1A3-2BE0A5C61F68}
2014-05-06 14:39 - 2014-05-06 14:39 - 00000787 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-06 14:39 - 2014-05-06 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 14:39 - 2014-05-06 14:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:37 - 2013-06-17 17:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3192851615-808154685-2172071588-1001
2014-05-06 14:30 - 2014-05-06 14:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-06 14:27 - 2013-08-21 10:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-06 14:26 - 2013-01-08 16:54 - 00761898 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-06 14:26 - 2013-01-08 16:54 - 00160028 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-06 14:26 - 2012-07-26 09:28 - 01772590 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-05 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-05 20:56 - 2013-08-31 21:31 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-04 21:17 - 2013-06-17 19:25 - 00000000 ____D () C:\Users\Niclas\AppData\Local\PMB Files
2014-05-04 18:31 - 2014-05-04 18:31 - 00000000 ____D () C:\Users\Niclas\AppData\Local\InfiniteCrisis
2014-05-04 17:51 - 2013-08-11 09:21 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Turbine
2014-05-04 17:50 - 2013-12-02 10:46 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Adobe
2014-05-04 17:49 - 2013-06-20 12:35 - 00253987 _____ () C:\WINDOWS\DirectX.log
2014-05-04 17:48 - 2014-05-04 17:48 - 00000000 ____D () C:\ProgramData\Turbine
2014-05-04 17:47 - 2013-06-17 19:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-04 09:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-04 06:25 - 2014-05-04 06:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizard101(DE)
2014-05-04 05:53 - 2013-06-20 14:53 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\.minecraft
2014-05-04 00:57 - 2013-01-08 08:04 - 00000000 ____D () C:\Program Files (x86)\SugarSync
2014-05-03 23:34 - 2014-05-03 23:34 - 00001070 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2014-05-03 23:34 - 2014-05-03 23:33 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\GameRanger
2014-05-03 23:34 - 2013-06-17 16:54 - 00000000 ___RD () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 21:04 - 2013-06-19 16:03 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Akamai
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-05-03 20:29 - 2013-06-17 16:53 - 00000000 ____D () C:\Users\Niclas
2014-05-03 18:10 - 2014-05-03 18:02 - 00001365 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-03 18:08 - 2014-04-30 16:13 - 00000000 ____D () C:\AdwCleaner
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-03 18:02 - 2014-05-03 18:02 - 00001212 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\Users\Niclas\AppData\Local\cache
2014-05-03 14:08 - 2013-09-04 19:22 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Paint.NET
2014-04-30 16:15 - 2014-03-10 20:20 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-04-28 19:50 - 2013-06-20 18:53 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-04-28 15:22 - 2014-04-28 15:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-28 15:22 - 2013-09-28 15:53 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-04-27 10:57 - 2013-08-31 21:32 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-25 11:35 - 2014-03-31 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-25 11:15 - 2013-06-22 12:02 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TS3Client
2014-04-22 15:57 - 2013-01-08 08:04 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-21 15:51 - 2014-04-21 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-04-18 21:57 - 2014-04-15 08:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Teeworlds
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-04-16 15:43 - 2014-04-16 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-14 09:18 - 2013-07-19 22:34 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Deployment
2014-04-13 23:39 - 2014-04-13 23:39 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\puush
2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TERA
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
2014-04-10 23:30 - 2014-04-10 23:30 - 00000674 _____ () C:\Users\Public\Desktop\RFOnline1.0.lnk
2014-04-10 23:30 - 2014-04-10 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFOnline1.0
2014-04-10 22:35 - 2014-04-10 22:35 - 00000358 _____ () C:\console.log
2014-04-10 22:35 - 2014-04-10 22:35 - 00000000 ____D () C:\Users\Niclas\RFO
2014-04-09 21:01 - 2014-04-09 21:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Carbon
2014-04-09 20:59 - 2013-06-19 18:52 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Awesomium
2014-04-09 17:39 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\UberLauncher
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMNC
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Uber_Entertainment
2014-04-09 12:25 - 2014-04-08 19:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dwarfs
2014-04-08 18:57 - 2013-07-24 11:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-08 16:32 - 2014-04-08 16:32 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\SpringLobby
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 15:28 - 2014-01-20 16:41 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\HpUpdate

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Niclas\AppData\Local\Temp\032939rr.exe
C:\Users\Niclas\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Niclas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Niclas\AppData\Local\Temp\bdfilters.dll
C:\Users\Niclas\AppData\Local\Temp\borlndlm.dll
C:\Users\Niclas\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Niclas\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Niclas\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Niclas\AppData\Local\Temp\i4jdel0.exe
C:\Users\Niclas\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\Niclas\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\Niclas\AppData\Local\Temp\NGMDll.dll
C:\Users\Niclas\AppData\Local\Temp\NGMResource.dll
C:\Users\Niclas\AppData\Local\Temp\NGMSetup.exe
C:\Users\Niclas\AppData\Local\Temp\Quarantine.exe
C:\Users\Niclas\AppData\Local\Temp\rad5D9E3.tmp_update.exe
C:\Users\Niclas\AppData\Local\Temp\ubertmp.exe
C:\Users\Niclas\AppData\Local\Temp\unicows.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-27 12:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Addition (falls überhaupt noch nötig ;))

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Niclas (administrator) on PURPLE-PC on 06-05-2014 14:53:22
Running from D:\Users\Niclas\Downloads\FRST
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Nero AG) D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() D:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Windows\SysWOW64\UMonit.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
() D:\Program Files (x86)\puush\puush.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(LOL Replay) D:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(Dropbox, Inc.) C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(GameRanger Technologies) C:\Users\Niclas\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Aeria Games & Entertainment) D:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Elaborate Bytes AG) D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Lenovo, Japan, Ltd. ) C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe
() C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedEvents.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [Wippien] => D:\Program Files\Wippien\Wippien.exe [3022632 2011-08-19] ()
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => D:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [uTorrent] => C:\Users\Niclas\AppData\Roaming\uTorrent\uTorrent.exe [902736 2013-10-28] (BitTorrent Inc.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [MoodEditor.exe] => D:\Program Files (x86)\Pamela RichMood Editor\MoodEditor.exe [1025024 2013-08-17] (Scendix Software-Vertriebsges. mbH)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Niclas\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 593f4c133c4647d39d03057438dc1a9f-753923bc94f738da406656e912a26fccb404e6d9 --CMPID 0913b
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Desura] => D:\Program Files (x86)\Desura\desura.exe [2529096 2014-01-05] (Desura Pty Ltd)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\Run: [puush] => D:\Program Files (x86)\puush\puush.exe [567880 2014-04-13] ()
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {068b5e74-fc89-11e2-bea4-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {29722606-ef7a-11e2-be8c-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3192851615-808154685-2172071588-1001\...\MountPoints2: {a43a989f-d8c8-11e2-be75-d43d7e38f36c} - "H:\HTC_Sync_Manager_PC.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> D:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> D:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
ShortcutTarget: GameRanger.lnk -> C:\Users\Niclas\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)

==================== Internet (Whitelisted) ====================

ProxyServer: 80.87.240.49:8087
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {2E32E504-A3EA-4DB4-9876-2DCD2D89B98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {2E32E504-A3EA-4DB4-9876-2DCD2D89B98D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\105p3hwn.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - D:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - D:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\WINDOWS\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Niclas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - D:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - D:\Program Files (x86)\Fiddler2\FiddlerHook [2014-01-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "sync_promo"
CHR StartupUrls: "startup_urls_migration_time": "13034373880206099"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - D:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-31]
CHR Extension: (Google Drive) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-31]
CHR Extension: (YouTube) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-31]
CHR Extension: (Battlefield Heroes) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-02-22]
CHR Extension: (Google-Suche) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-31]
CHR Extension: (Live HTTP Headers) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2014-01-18]
CHR Extension: (Google Wallet) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\Niclas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-31]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-11-15] (BitRaider, LLC)
R2 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2227536 2014-04-15] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 HTCMonitorService; d:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
R3 Lenovo.RapidDrive.Advanced.Svc; C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [218112 2012-08-15] (Lenovo, Japan, Ltd. )
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo)
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4868640 2013-08-25] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-11-16] (BitRaider)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-02-28] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 sclbl; D:\AeriaGames\ScarletBlade\avital\scarbt64.sys [86352 2013-12-13] ()
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-04-12] (Oracle Corporation)
R3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S2 X5XSEx_Pr148; \??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [X]
S3 X6va011; \??\C:\WINDOWS\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\WINDOWS\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\WINDOWS\SysWOW64\Drivers\X6va013 [X]
S3 X6va014; \??\C:\WINDOWS\SysWOW64\Drivers\X6va014 [X]
S3 X6va015; \??\C:\WINDOWS\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-06 14:49 - 2014-05-06 14:49 - 00000000 ____H () C:\ProgramData\cm-lock
2014-05-06 14:39 - 2014-05-06 14:50 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 14:39 - 2014-05-06 14:39 - 00000787 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-06 14:39 - 2014-05-06 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 14:39 - 2014-05-06 14:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:39 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-06 14:39 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-06 14:39 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-06 14:30 - 2014-05-06 14:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-04 18:31 - 2014-05-04 18:31 - 00000000 ____D () C:\Users\Niclas\AppData\Local\InfiniteCrisis
2014-05-04 17:48 - 2014-05-04 17:48 - 00000000 ____D () C:\ProgramData\Turbine
2014-05-04 06:25 - 2014-05-04 06:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizard101(DE)
2014-05-03 23:34 - 2014-05-03 23:34 - 00001070 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2014-05-03 23:33 - 2014-05-03 23:34 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\GameRanger
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-05-03 20:08 - 2014-05-06 14:53 - 00000000 ____D () C:\FRST
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-03 18:02 - 2014-05-06 14:49 - 00000000 ____D () C:\Program Files\002
2014-05-03 18:02 - 2014-05-03 18:10 - 00001365 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-03 18:02 - 2014-05-03 18:02 - 00001212 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\Users\Niclas\AppData\Local\cache
2014-05-03 18:02 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-04-30 16:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-04-30 16:13 - 2014-05-03 18:08 - 00000000 ____D () C:\AdwCleaner
2014-04-28 15:22 - 2014-04-28 15:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 15:51 - 2014-04-21 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-04-16 15:43 - 2014-04-16 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-15 08:29 - 2014-04-18 21:57 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Teeworlds
2014-04-13 23:39 - 2014-04-13 23:39 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\puush
2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TERA
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
2014-04-10 23:30 - 2014-04-10 23:30 - 00000674 _____ () C:\Users\Public\Desktop\RFOnline1.0.lnk
2014-04-10 23:30 - 2014-04-10 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFOnline1.0
2014-04-10 22:35 - 2014-04-10 22:35 - 00000358 _____ () C:\console.log
2014-04-10 22:35 - 2014-04-10 22:35 - 00000000 ____D () C:\Users\Niclas\RFO
2014-04-09 21:01 - 2014-04-09 21:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Carbon
2014-04-09 16:43 - 2014-04-09 17:39 - 00000000 ____D () C:\Users\Niclas\AppData\Local\UberLauncher
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMNC
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Uber_Entertainment
2014-04-08 19:01 - 2014-04-09 12:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dwarfs
2014-04-08 16:32 - 2014-04-08 16:32 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\SpringLobby
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring

==================== One Month Modified Files and Folders =======

2014-05-06 14:53 - 2014-05-03 20:08 - 00000000 ____D () C:\FRST
2014-05-06 14:51 - 2013-08-25 19:11 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Skype
2014-05-06 14:50 - 2014-05-06 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 14:50 - 2013-09-14 14:54 - 00000000 ____D () C:\Users\Niclas\AppData\Local\LogMeIn Hamachi
2014-05-06 14:50 - 2013-08-04 10:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-05-06 14:50 - 2013-06-20 18:53 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-06 14:49 - 2014-05-06 14:49 - 00000000 ____H () C:\ProgramData\cm-lock
2014-05-06 14:49 - 2014-05-03 18:02 - 00000000 ____D () C:\Program Files\002
2014-05-06 14:49 - 2013-08-31 21:31 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 14:49 - 2013-08-03 22:49 - 00000000 ____D () C:\Users\Niclas\AppData\Local\HTC MediaHub
2014-05-06 14:49 - 2012-08-01 17:51 - 00038286 _____ () C:\WINDOWS\PFRO.log
2014-05-06 14:49 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-06 14:49 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-06 14:47 - 2013-06-21 18:41 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5658A565-CBA7-45CE-A1A3-2BE0A5C61F68}
2014-05-06 14:39 - 2014-05-06 14:39 - 00000787 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-06 14:39 - 2014-05-06 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 14:39 - 2014-05-06 14:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:37 - 2013-06-17 17:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3192851615-808154685-2172071588-1001
2014-05-06 14:30 - 2014-05-06 14:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-06 14:27 - 2013-08-21 10:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-06 14:26 - 2013-01-08 16:54 - 00761898 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-06 14:26 - 2013-01-08 16:54 - 00160028 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-06 14:26 - 2012-07-26 09:28 - 01772590 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-05 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-05 20:56 - 2013-08-31 21:31 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-04 21:17 - 2013-06-17 19:25 - 00000000 ____D () C:\Users\Niclas\AppData\Local\PMB Files
2014-05-04 18:31 - 2014-05-04 18:31 - 00000000 ____D () C:\Users\Niclas\AppData\Local\InfiniteCrisis
2014-05-04 17:51 - 2013-08-11 09:21 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Turbine
2014-05-04 17:50 - 2013-12-02 10:46 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Adobe
2014-05-04 17:49 - 2013-06-20 12:35 - 00253987 _____ () C:\WINDOWS\DirectX.log
2014-05-04 17:48 - 2014-05-04 17:48 - 00000000 ____D () C:\ProgramData\Turbine
2014-05-04 17:47 - 2013-06-17 19:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-04 09:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-04 06:25 - 2014-05-04 06:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizard101(DE)
2014-05-04 05:53 - 2013-06-20 14:53 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\.minecraft
2014-05-04 00:57 - 2013-01-08 08:04 - 00000000 ____D () C:\Program Files (x86)\SugarSync
2014-05-03 23:34 - 2014-05-03 23:34 - 00001070 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2014-05-03 23:34 - 2014-05-03 23:33 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\GameRanger
2014-05-03 23:34 - 2013-06-17 16:54 - 00000000 ___RD () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 21:04 - 2013-06-19 16:03 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Akamai
2014-05-03 20:29 - 2014-05-03 20:29 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-05-03 20:29 - 2013-06-17 16:53 - 00000000 ____D () C:\Users\Niclas
2014-05-03 18:10 - 2014-05-03 18:02 - 00001365 _____ () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-03 18:08 - 2014-04-30 16:13 - 00000000 ____D () C:\AdwCleaner
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-05-03 18:03 - 2014-05-03 18:03 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-03 18:02 - 2014-05-03 18:02 - 00001212 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-05-03 18:02 - 2014-05-03 18:02 - 00000000 ____D () C:\Users\Niclas\AppData\Local\cache
2014-05-03 14:08 - 2013-09-04 19:22 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Paint.NET
2014-04-30 16:15 - 2014-03-10 20:20 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-04-28 19:50 - 2013-06-20 18:53 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-04-28 15:22 - 2014-04-28 15:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-28 15:22 - 2013-09-28 15:53 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-04-27 10:57 - 2013-08-31 21:32 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-25 11:35 - 2014-03-31 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-25 11:15 - 2013-06-22 12:02 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TS3Client
2014-04-22 15:57 - 2013-01-08 08:04 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-21 15:51 - 2014-04-21 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-04-18 21:57 - 2014-04-15 08:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Teeworlds
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-04-16 15:43 - 2014-04-16 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-14 09:18 - 2013-07-19 22:34 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Deployment
2014-04-13 23:39 - 2014-04-13 23:39 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\puush
2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\TERA
2014-04-12 00:09 - 2014-04-12 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
2014-04-10 23:30 - 2014-04-10 23:30 - 00000674 _____ () C:\Users\Public\Desktop\RFOnline1.0.lnk
2014-04-10 23:30 - 2014-04-10 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RFOnline1.0
2014-04-10 22:35 - 2014-04-10 22:35 - 00000358 _____ () C:\console.log
2014-04-10 22:35 - 2014-04-10 22:35 - 00000000 ____D () C:\Users\Niclas\RFO
2014-04-09 21:01 - 2014-04-09 21:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Carbon
2014-04-09 20:59 - 2013-06-19 18:52 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Awesomium
2014-04-09 17:39 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\UberLauncher
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMNC
2014-04-09 16:43 - 2014-04-09 16:43 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Uber_Entertainment
2014-04-09 12:25 - 2014-04-08 19:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dwarfs
2014-04-08 18:57 - 2013-07-24 11:25 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-08 16:32 - 2014-04-08 16:32 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\SpringLobby
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 16:29 - 2014-04-08 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring
2014-04-08 15:28 - 2014-01-20 16:41 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\HpUpdate

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Niclas\AppData\Local\Temp\032939rr.exe
C:\Users\Niclas\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Niclas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Niclas\AppData\Local\Temp\bdfilters.dll
C:\Users\Niclas\AppData\Local\Temp\borlndlm.dll
C:\Users\Niclas\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Niclas\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Niclas\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Niclas\AppData\Local\Temp\i4jdel0.exe
C:\Users\Niclas\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\Niclas\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\Niclas\AppData\Local\Temp\NGMDll.dll
C:\Users\Niclas\AppData\Local\Temp\NGMResource.dll
C:\Users\Niclas\AppData\Local\Temp\NGMSetup.exe
C:\Users\Niclas\AppData\Local\Temp\Quarantine.exe
C:\Users\Niclas\AppData\Local\Temp\rad5D9E3.tmp_update.exe
C:\Users\Niclas\AppData\Local\Temp\ubertmp.exe
C:\Users\Niclas\AppData\Local\Temp\unicows.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-27 12:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Soviel "FRST Log".....

TypMitHaaren 06.05.2014 13:59
Addition.txt :D
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Niclas at 2014-05-03 20:08:35
Running from D:\Users\Niclas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

 toolbar  (HKLM-x32\...\privitize) (Version: 1.8.21.6 - Industriya) <==== ATTENTION
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
8BitMMO (HKLM-x32\...\Steam App 250420) (Version:  - Archive Entertainment)
A Story About My Uncle (HKLM\...\UDK-f6b9a0a7-92d9-4a40-90ce-7f89bdae95b9) (Version:  - Epic Games, Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Conan: Unchained - EU version (HKLM-x32\...\Steam App 217750) (Version:  - Funcom)
Age of Wushu (HKLM-x32\...\{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}) (Version: 0.0.1.065 - Snail Games USA)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AlterLight 0 (HKLM-x32\...\AlterLight_0) (Version: 0 - The Game Assembly)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Archeblade (HKLM-x32\...\Steam App 207230) (Version:  - CodeBrush Games)
Ashampoo Music Studio 2013 v.4.1.2 (HKLM-x32\...\{91B33C97-0D61-2DA9-07F6-0EF54C520FE3}_is1) (Version: 4.1.2 - Ashampoo GmbH & Co. KG)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Aurora World (HKLM-x32\...\Aurora World_is1) (Version:  - www.theAuroraWorld.com)
Authorizer 2.5.1 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.5.1 - Propellerhead Software AB)
Authorizer Ignition Key Support (Version: 1.0.5.0 - Propellerhead Software AB) Hidden
AutoHotkey 1.1.11.00 (HKLM\...\AutoHotkey) (Version: 1.1.11.00 - Lexikos)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle for Wesnoth 1.11.7 (HKLM-x32\...\Battle for Wesnoth 1.11.7) (Version: 1.11.7 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.4 - BitRaider, LLC)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version:  - Stunlock Studios)
BlueVoda Website Builder 11.4G (HKLM-x32\...\BlueVoda_Website_Builder_1.0) (Version:  - )
C9 (HKLM-x32\...\Steam App 212390) (Version:  - Cloud 9 Studio)
CABAL Online (NA - Global) (HKCU\...\CabalOnline(NA - Global)) (Version:  - )
CABAL Online Europe (Europe) (HKLM-x32\...\CABAL Online (Europe)_is1) (Version:  - )
CABAL Online Patch 652 (HKLM-x32\...\CABAL Online Patch 652_is1) (Version:  - )
Cain & Abel 4.9.46 (HKLM-x32\...\Cain & Abel 4.9.46) (Version:  - )
Cannons Lasers Rockets (HKLM-x32\...\Steam App 265770) (Version:  - Net Games Laboratory)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
City of Steam: Arkadia (HKLM-x32\...\Steam App 266070) (Version:  - Mechanist Games)
CosmicBreak_eng (HKLM-x32\...\CosmicBreak_eng) (Version:  - )
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live PSG) (Version:  - Sony Online Entertainment)
DC Universe Online PSG (HKCU\...\soe-DC Universe Online PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
DEET Defender (HKLM\...\UDK-2ffafc82-eb9d-4945-adf2-631806ecc2d2) (Version:  - Epic Games, Inc.)
Demon's Gear Version 1.0 (HKLM-x32\...\{51A18CBB-3966-4423-AA65-CBB925CA03E0}_is1) (Version: 1.0 - Guilty Souls)
Der Herr der Ringe® - Die Eroberung™ (HKLM-x32\...\{628C3D50-F524-4C49-A958-672CE7953756}) (Version: 1.0.0.1 - Electronic Arts)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Desura: DataJack (HKLM-x32\...\Desura_108971910234144) (Version: Full - RSHAW)
Desura: Mortal Online (HKLM-x32\...\Desura_83146271883296) (Version: Free to Play - Star Vault AB)
Dethroned! (HKLM-x32\...\Steam App 269390) (Version:  - Treehouse Ltd)
DIE GEHEIMNISSE DER SPIDERWICKS (HKLM-x32\...\{DFA723CE-22B4-4E6B-92CF-176256ECF2DE}) (Version: 1.00.0000 - Sierra Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Dungeon Party (HKLM-x32\...\Steam App 215870) (Version:  - Cyanide Studio)
Dungeonland (HKLM-x32\...\Steam App 218130) (Version:  - Critical Studio)
Dwarfs F2P (HKLM-x32\...\Steam App 213650) (Version:  - Power of 2)
Eclipse Origins Runtime Files (HKCU\...\Eclipse Origins Runtime Files) (Version:  - )
EdenEternal-DE (HKLM-x32\...\EdenEternal-DE) (Version:  - )
Edimax Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0195 - Edimax Technology Co.)
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics)
Elsword_DE (HKLM-x32\...\Elsword_DE_is1) (Version:  - )
Evolution RTS (HKLM-x32\...\Steam App 291150) (Version:  - Frozen Yak Entertainment)
Fallen Earth (HKLM-x32\...\Steam App 113420) (Version:  - Reloaded Productions)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.5.9 - Telerik)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)
Flyff (HKLM-x32\...\{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1) (Version: Flyff - Gala Networks Europe Limited)
Forge (HKLM-x32\...\Steam App 223390) (Version:  - Dark Vale Games)
Free System Utilities (HKLM-x32\...\{a0f67e33-80b3-444d-989e-62c49b7b4792}) (Version: 1.1.0.141 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.141 - Covus Freemium GmbH) Hidden
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Free YouTube to MP3 Converter version 3.12.3.610 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.3.610 - DVDVideoSoft Ltd.)
Freeciv 2.4.0 (GTK+ client) (HKLM-x32\...\Freeciv-2.4.0-gtk2) (Version:  - )
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Galaxy Wars (HKCU\...\8ef8d8ab73c12fdc) (Version: 1.0.0.23 - Double Jungle)
Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge)
Geany 1.23.1 (HKLM-x32\...\Geany) (Version: 1.23.1 - The Geany developer team)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)
Ghost Recon Online (EU) (HKCU\...\d8be6c3f847d7d92) (Version: 1.33.8542.1 - Ubisoft)
GlassFish Server Open Source Edition 4.0 (HKLM\...\nbi-glassfish-mod-4.0.0.89.0) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version:  - Monolith Productions, Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hacknet (HKLM-x32\...\{4E0F622C-C5F1-4959-902D-BD2C1009A4CB}) (Version: 1.0.3.0 - Team Fractal Alligator)
Hawken (HKCU\...\Hawken) (Version:  - Meteor Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HeroesGo (HKCU\...\HeroesGo) (Version:  - )
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.45.0 - HTC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Jabbin 3.0 (HKLM-x32\...\Jabbin) (Version: 3.0 - Jabbin)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
LibreOffice 4.2.0.4 (HKLM-x32\...\{E043231F-34F2-4AF5-9400-0961CC15AAAE}) (Version: 4.2.0.4 - The Document Foundation)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
LMMS 0.4.14 (HKLM-x32\...\LMMS) (Version: 0.4.14 - LMMS Developers)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.7 - www.leaguereplays.com)
MarkdownPad 2 (HKLM-x32\...\MarkdownPad 2 2.3.0.25835) (Version: 2.3.0.25835 - Apricity Software LLC)
MarkdownPad 2 (x32 Version: 2.3.0.25835 - Apricity Software LLC) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Mi Producto (HKLM-x32\...\Mi Producto) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MicroVolts (HKLM-x32\...\Steam App 109400) (Version:  - NQ Games)
Mozilla Firefox 22.0 (x86 de) (HKCU\...\Mozilla Firefox 22.0 (x86 de)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.6 - Mozilla)
Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nmap 6.40 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA Grafiktreiber 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pamela RME 2.0 (HKLM-x32\...\MoodEditor) (Version: 2.0 - Scendix Software-Vertriebsges. mbH)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Panzar (HKLM-x32\...\Steam App 240320) (Version:  - Troxit Service)
Paragon Partition Manager™ 12 Professional Demo (HKLM-x32\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.6.31580 - Grinding Gear Games)
Perpetuum (HKLM-x32\...\Perpetuum) (Version:  - )
Perspective 1.0 (HKLM-x32\...\Perspective) (Version: 1.0 - Widdershins)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6)
PHYSICUBE (HKLM-x32\...\PHYSICUBE) (Version:  - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)
Prime World version 9.8.6 (HKLM-x32\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.8.6 - Nival)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 2.6 (64-bit) (HKLM\...\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E9}) (Version: 2.6.150 - Python Software Foundation)
Python 3.3.3 (64-bit) (HKLM\...\{e9d90870-ab19-32a8-aa93-f8348ba21d05}) (Version: 3.3.3150 - Python Software Foundation)
RaiderZ (HKLM-x32\...\RaiderZ) (Version:  - Perfect World Entertainment)
RapidDrive Advanced Version 2.00.0815 (HKLM-x32\...\{F8F9F1AC-5CB0-4DBB-87FA-1A6BC4EA02E5}_is1) (Version: 2.00.0815 - LENOVO, Inc.)
Realm Crafter Demo (HKLM-x32\...\Realm Crafter Demo) (Version: 1.24.3 - Solstar Games)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)
RFOnline1.0 Uninstall (HKLM-x32\...\RFOnline1.0) (Version:  - OnNet EU)
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
Scarlet Blade (HKLM-x32\...\Scarlet Blade) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar (HKLM-x32\...\{B2A302E7-8FA4-4585-AB7F-12C4DEBC0D32}) (Version: 11.44.63.16736 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKCU\...\{8764b8f1-aa4f-4121-af2b-a11394a55484}) (Version: 11.44.63.16736 - ReSoft Ltd.) <==== ATTENTION
Sky CABAL Online (HKLM-x32\...\Sky CABAL Online) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2069.0 - Hi-Rez Studios)
Spring 96.0 (HKLM-x32\...\Spring) (Version: 96.0 - Spring team)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - Star Gem Inc.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tag - IGF Professional 2008 (HKLM-x32\...\{1446A30C-6DAF-461E-96B1-31C554870082}_is1) (Version:  - DigiPen Institute of Technology)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Plan (HKLM-x32\...\Steam App 250600) (Version:  - Krillbite Studio)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Development Kit: 2013-07 (HKLM\...\UDK-f1efd744-6b11-4dbe-89cd-79df17532b4c) (Version:  - Epic Games, Inc.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Vindictus EU (HKLM-x32\...\Vindictus EU) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
WinHTTrack Website Copier 3.47-21 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.8 (HKLM-x32\...\winscp3_is1) (Version: 5.1.8 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version:  - )
Wireshark 1.10.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.6 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Padman 1.5 (HKLM-x32\...\World of Padman 1.5) (Version: 1.5 - Padworld Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F56C433-2243-4B08-B0B4-292DD3CB4DB8} - \Advanced System Protector No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2283D83A-0D95-4A39-B842-7AEEF96EF2BC} - System32\Tasks\FLV Player Addon-chromeinstaller => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-chromeinstaller.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {40DB2E3D-6F19-411B-9BE5-658C8B6CD946} - System32\Tasks\{B9EEE3F8-433A-428C-9D08-A7659D8B584B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.7.0.123/de/abandoninstall?page=tsProgressBar
Task: {44FA991A-5393-4B12-8FDB-EA59F579D14E} - System32\Tasks\{CAEE17C4-D58A-40C0-AFA8-32BE85C8B924} => Chrome.exe hxxp://ui.skype.com/ui/0/5.7.0.123/de/abandoninstall?page=tsProgressBar
Task: {505BEE49-200C-4AB7-BDF2-6DBF22B2F7F4} - System32\Tasks\FLV Player Addon-enabler => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-enabler.exe <==== ATTENTION
Task: {803FCEDD-4F07-4458-B0B9-54C0E34853A0} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {93531D38-BBE0-434D-9307-E777F40CD2DB} - System32\Tasks\FLV Player Addon-firefoxinstaller => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-firefoxinstaller.exe
Task: {9F4B9F80-E132-4F6C-AD99-4FA94AC039B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.)
Task: {A4A4B77E-AB47-4DE8-A8C2-EB0E37A0064A} - System32\Tasks\FLV Player Addon-codedownloader => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-codedownloader.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BA625361-1C6E-4C15-9C69-E5B4D2C9D1F1} - System32\Tasks\{CA0302C0-4C42-4BEB-9D1A-F9D566739961} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C98317F8-6159-49DA-8B52-F6BC06F0D8C3} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {CD6F31F9-7C8E-4E80-949E-2452FEAD93C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.)
Task: {D183C2C3-7E70-4CCD-B155-4538E1806706} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {D48EEC69-45B1-4078-AAEA-8D2A04B51E51} - System32\Tasks\{AA012D1E-BCF5-44B0-BBAA-51731A135E1D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {D52FD684-D56B-4E54-95F6-D9D81AAD6E46} - System32\Tasks\StartRapidDriveAdvancedServiceTask => net
Task: {E38AE981-9A23-49E3-A7DF-AF4923ABF9A3} - \Software Updater No Task File <==== ATTENTION
Task: {EB152564-46ED-497E-9450-4CB0893B42D4} - System32\Tasks\{D70D5D4B-2FFB-4F01-91FD-0E251E4DC044} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F08391DA-9788-4E6D-A92E-045A1E89D856} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FLV Player Addon-chromeinstaller.job => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-chromeinstaller.exe
Task: C:\WINDOWS\Tasks\FLV Player Addon-codedownloader.job => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-codedownloader.exe
Task: C:\WINDOWS\Tasks\FLV Player Addon-enabler.job => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FLV Player Addon-firefoxinstaller.job => C:\Program Files (x86)\FLV Player Addon\FLV Player Addon-firefoxinstaller.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-01-08 08:00 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-07-20 00:07 - 2014-02-22 14:53 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-03-06 15:52 - 2014-03-06 15:52 - 00171008 _____ () c:\Program Files\RrFilter\RrFilterService64.exe
2014-03-04 13:25 - 2014-03-04 13:25 - 00110080 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 13:25 - 2014-03-04 13:25 - 00317952 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2014-05-03 18:03 - 2014-05-03 18:03 - 00706560 _____ () C:\Program Files\002\yewimmxqbs64.exe
2013-08-01 18:33 - 2013-08-01 18:33 - 00169312 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-01-08 08:00 - 2012-07-24 13:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe
2012-01-10 14:41 - 2014-04-13 23:39 - 00567880 _____ () D:\Program Files (x86)\puush\puush.exe
2013-06-18 16:53 - 2013-06-18 16:55 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-08 08:00 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2013-01-08 08:04 - 2012-02-17 15:47 - 00809472 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedEvents.exe
2013-01-08 08:04 - 2012-07-23 17:58 - 00397824 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedCommon.dll
2013-01-08 08:04 - 2012-02-17 15:47 - 00040960 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\de\LenovoRapidDriveAdvancedCommon.resources.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00030056 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 18:32 - 2013-08-01 18:32 - 00607376 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 18:33 - 2013-08-01 18:33 - 00044392 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 18:33 - 2013-08-01 18:33 - 00036216 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 18:33 - 2013-08-01 18:33 - 00080248 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 18:38 - 2013-08-01 18:38 - 00223592 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-01-09 19:22 - 2014-04-22 00:55 - 00340480 _____ () D:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-23 09:59 - 2014-04-22 00:55 - 00471552 _____ () D:\Program Files (x86)\Steam\libavutil-53.dll
2013-07-01 08:20 - 2014-04-01 00:09 - 00754688 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2013-07-09 17:56 - 2014-04-24 00:01 - 01092288 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-09 13:45 - 2014-03-03 21:15 - 20626624 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () D:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () D:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () D:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-21 12:38 - 2014-03-21 12:38 - 00378880 _____ () D:\Program Files (x86)\LOLReplay\LOLUtils.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2013-01-08 08:00 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Niclas\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-27 10:57 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2013-01-08 08:04 - 2012-08-15 15:07 - 00220672 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\SSDetectPartition.dll
2013-01-08 07:59 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 06:03:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.9200.16384, Zeitstempel: 0x5010a60b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000de1b
ID des fehlerhaften Prozesses: 0x1f50
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3
Vollständiger Name des fehlerhaften Pakets: MsiExec.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsiExec.exe5

Error: (05/03/2014 04:41:35 PM) (Source: MsiInstaller) (User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (05/03/2014 04:41:16 PM) (Source: MsiInstaller) (User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (05/03/2014 00:40:05 PM) (Source: MsiInstaller) (User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (05/03/2014 00:38:46 PM) (Source: MsiInstaller) (User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.


System errors:
=============
Error: (05/03/2014 08:08:09 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/03/2014 06:10:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "X5XSEx_Pr148" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (05/03/2014 06:10:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "vToolbarUpdater18.1.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/03/2014 06:10:11 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (05/03/2014 06:09:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (05/03/2014 06:09:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/03/2014 06:09:04 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/03/2014 06:05:05 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/03/2014 06:04:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/03/2014 06:03:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (05/03/2014 06:03:19 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.9200.163845010a60bKERNELBASE.dll6.2.9200.1645150988950c00000050000de1b1f5001cf66e933427bd7c:\Windows\syswow64\MsiExec.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll712f05cc-d2dc-11e3-bfce-d43d7e38f36c

Error: (05/03/2014 04:41:35 PM) (Source: MsiInstaller)(User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/03/2014 04:41:16 PM) (Source: MsiInstaller)(User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/03/2014 00:40:05 PM) (Source: MsiInstaller)(User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/03/2014 00:38:46 PM) (Source: MsiInstaller)(User: PURPLE-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Niclas\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 16344.3 MB
Available physical RAM: 11729.32 MB
Total Pagefile: 18648.3 MB
Available Pagefile: 13389.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:57.78 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Lenovo) (Fixed) (Total:925.77 GB) (Free:302.09 GB) NTFS
Drive e: () (Fixed) (Total:451.4 GB) (Free:451.17 GB) NTFS
Drive f: () (Fixed) (Total:451.4 GB) (Free:448.83 GB) NTFS
Drive g: (DVDVolume) (CDROM) (Total:7.61 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 60 GB) (Disk ID: 3AF92328)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 3AF92329)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 07.05.2014 08:51

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131