Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Maus bewegt sich selbstständig (https://www.trojaner-board.de/153680-maus-bewegt-selbststaendig.html)

Hackfleischa 10.05.2014 20:18
Maus bewegt sich selbstständig
 
Hallo liebes Trojanerboard,

seit heute hab ich gemerkt dass sich meine Maus manchmal selbstständig bewegt.
Die letzten paar Tage hat mein Malwarebytes viele IPs geblockt. Viele davon wollten auch über einen geöffneten Port zugreifen. Ich hatten den 27015 geöffnet um einen Garry´s Mod Server laufen zu lassen. Erst seitdem wurden die IPs geblockt.

EDIT: Die angehängten Dateien bitte nicht beachten wusste erst nicht wie man die Logs anders postet

Hier die Logs von Malwarebytes:

Code:
2014/05/07 02:40:45 +0200    FRANZ-PC    (null)    MESSAGE    Starting protection
2014/05/07 02:40:45 +0200    FRANZ-PC    (null)    MESSAGE    Protection started successfully
2014/05/07 02:40:45 +0200    FRANZ-PC    (null)    MESSAGE    Starting IP protection
2014/05/07 02:40:47 +0200    FRANZ-PC    (null)    MESSAGE    IP Protection started successfully
2014/05/07 03:01:51 +0200    FRANZ-PC    Franz    MESSAGE    Starting protection
2014/05/07 03:01:51 +0200    FRANZ-PC    Franz    MESSAGE    Protection started successfully
2014/05/07 03:01:51 +0200    FRANZ-PC    Franz    MESSAGE    Starting IP protection
2014/05/07 03:01:53 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection started successfully
2014/05/07 14:35:43 +0200    FRANZ-PC    Franz    MESSAGE    Starting protection
2014/05/07 14:35:43 +0200    FRANZ-PC    Franz    MESSAGE    Protection started successfully
2014/05/07 14:35:43 +0200    FRANZ-PC    Franz    MESSAGE    Starting IP protection
2014/05/07 14:35:45 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection started successfully
2014/05/07 15:36:34 +0200    FRANZ-PC    Franz    MESSAGE    Executing scheduled update:  Daily
2014/05/07 15:36:45 +0200    FRANZ-PC    Franz    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.05.06.05 to version v2014.05.07.03
2014/05/07 15:36:45 +0200    FRANZ-PC    Franz    MESSAGE    Starting database refresh
2014/05/07 15:36:45 +0200    FRANZ-PC    Franz    MESSAGE    Stopping IP protection
2014/05/07 15:36:45 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection stopped successfully
2014/05/07 15:36:56 +0200    FRANZ-PC    Franz    MESSAGE    Database refreshed successfully
2014/05/07 15:36:56 +0200    FRANZ-PC    Franz    MESSAGE    Starting IP protection
2014/05/07 15:36:58 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection started successfully
2014/05/07 15:42:50 +0200    FRANZ-PC    Franz    IP-BLOCK    84.22.98.59 (Type: outgoing, Port: 59280, Process: hl2.exe)
2014/05/07 15:42:58 +0200    FRANZ-PC    Franz    IP-BLOCK    217.23.11.160 (Type: outgoing, Port: 59280, Process: hl2.exe)
2014/05/07 15:43:07 +0200    FRANZ-PC    Franz    IP-BLOCK    46.246.94.108 (Type: outgoing, Port: 59280, Process: hl2.exe)
2014/05/07 15:43:15 +0200    FRANZ-PC    Franz    IP-BLOCK    195.88.209.185 (Type: outgoing, Port: 59280, Process: hl2.exe)
2014/05/07 15:43:23 +0200    FRANZ-PC    Franz    IP-BLOCK    46.254.16.63 (Type: outgoing, Port: 59280, Process: hl2.exe)
2014/05/07 15:43:31 +0200    FRANZ-PC    Franz    IP-BLOCK    66.150.155.74 (Type: outgoing, Port: 59280, Process: hl2.exe)
2014/05/07 16:30:42 +0200    FRANZ-PC    Franz    IP-BLOCK    84.22.98.59 (Type: outgoing, Port: 60159, Process: hl2.exe)
2014/05/07 16:30:42 +0200    FRANZ-PC    Franz    IP-BLOCK    217.23.11.160 (Type: outgoing, Port: 60159, Process: hl2.exe)
2014/05/07 16:30:42 +0200    FRANZ-PC    Franz    IP-BLOCK    217.23.11.160 (Type: outgoing, Port: 60159, Process: hl2.exe)
2014/05/07 16:30:50 +0200    FRANZ-PC    Franz    IP-BLOCK    109.107.83.154 (Type: outgoing, Port: 60159, Process: hl2.exe)
2014/05/07 16:30:50 +0200    FRANZ-PC    Franz    IP-BLOCK    46.246.94.108 (Type: outgoing, Port: 60159, Process: hl2.exe)
2014/05/07 16:30:58 +0200    FRANZ-PC    Franz    IP-BLOCK    195.88.209.185 (Type: outgoing, Port: 60159, Process: hl2.exe)
2014/05/07 16:31:14 +0200    FRANZ-PC    Franz    IP-BLOCK    46.254.16.63 (Type: outgoing, Port: 60159, Process: hl2.exe)
2014/05/07 16:31:14 +0200    FRANZ-PC    Franz    IP-BLOCK    66.150.155.74 (Type: outgoing, Port: 60159, Process: hl2.exe)
2014/05/07 16:54:09 +0200    FRANZ-PC    Franz    IP-BLOCK    91.188.46.86 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/07 17:16:56 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.116.21 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/07 18:37:07 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.75.123 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/07 18:51:10 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.84.229 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/07 21:00:46 +0200    FRANZ-PC    Franz    IP-BLOCK    79.135.143.62 (Type: incoming, Port: 27015, Process: hl2.exe)
Code:
2014/05/08 06:04:00 +0200    FRANZ-PC    Franz    MESSAGE    Starting protection
2014/05/08 06:04:00 +0200    FRANZ-PC    Franz    MESSAGE    Protection started successfully
2014/05/08 06:04:00 +0200    FRANZ-PC    Franz    MESSAGE    Starting IP protection
2014/05/08 06:04:02 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection started successfully
2014/05/08 14:19:10 +0200    FRANZ-PC    Franz    MESSAGE    Starting protection
2014/05/08 14:19:10 +0200    FRANZ-PC    Franz    MESSAGE    Protection started successfully
2014/05/08 14:19:10 +0200    FRANZ-PC    Franz    MESSAGE    Starting IP protection
2014/05/08 14:19:13 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection started successfully
2014/05/08 15:33:17 +0200    FRANZ-PC    Franz    MESSAGE    Executing scheduled update:  Daily
2014/05/08 15:33:27 +0200    FRANZ-PC    Franz    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.05.07.03 to version v2014.05.08.05
2014/05/08 15:33:27 +0200    FRANZ-PC    Franz    MESSAGE    Starting database refresh
2014/05/08 15:33:27 +0200    FRANZ-PC    Franz    MESSAGE    Stopping IP protection
2014/05/08 15:33:27 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection stopped successfully
2014/05/08 15:33:30 +0200    FRANZ-PC    Franz    MESSAGE    Database refreshed successfully
2014/05/08 15:33:30 +0200    FRANZ-PC    Franz    MESSAGE    Starting IP protection
2014/05/08 15:33:31 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection started successfully
2014/05/08 18:37:29 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.123.153 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/08 18:37:29 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.123.153 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 18:37:29 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.123.153 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 18:37:53 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.116.21 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/08 18:37:53 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.116.21 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 18:37:53 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.116.21 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 18:53:58 +0200    FRANZ-PC    Franz    IP-BLOCK    93.170.147.243 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/08 18:53:58 +0200    FRANZ-PC    Franz    IP-BLOCK    93.170.147.243 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 19:17:00 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.123.153 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/08 19:17:00 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.123.153 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 19:19:16 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.123.153 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/08 19:19:16 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.123.153 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 19:19:16 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.123.153 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 20:36:20 +0200    FRANZ-PC    Franz    IP-BLOCK    91.188.46.86 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/08 20:36:20 +0200    FRANZ-PC    Franz    IP-BLOCK    91.188.46.86 (Type: incoming, Port: 27015, Process: svchost.exe)
2014/05/08 20:55:37 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.116.21 (Type: incoming, Port: 27015, Process: hl2.exe)
2014/05/08 20:55:37 +0200    FRANZ-PC    Franz    IP-BLOCK    89.28.116.21 (Type: incoming, Port: 27015, Process: svchost.exe)
Code:
2014/05/09 06:10:49 +0200    FRANZ-PC    Franz    MESSAGE    Starting protection
2014/05/09 06:10:49 +0200    FRANZ-PC    Franz    MESSAGE    Protection started successfully
2014/05/09 06:10:49 +0200    FRANZ-PC    Franz    MESSAGE    Starting IP protection
2014/05/09 06:10:51 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection started successfully
2014/05/09 13:08:12 +0200    FRANZ-PC    (null)    MESSAGE    Starting protection
2014/05/09 13:08:12 +0200    FRANZ-PC    (null)    MESSAGE    Protection started successfully
2014/05/09 13:08:12 +0200    FRANZ-PC    (null)    MESSAGE    Starting IP protection
2014/05/09 13:08:15 +0200    FRANZ-PC    (null)    MESSAGE    IP Protection started successfully
2014/05/09 14:13:15 +0200    FRANZ-PC    Franz    IP-BLOCK    84.22.98.59 (Type: outgoing, Port: 58066, Process: hl2.exe)
2014/05/09 14:13:15 +0200    FRANZ-PC    Franz    IP-BLOCK    217.23.11.160 (Type: outgoing, Port: 58066, Process: hl2.exe)
2014/05/09 14:13:15 +0200    FRANZ-PC    Franz    IP-BLOCK    217.23.11.160 (Type: outgoing, Port: 58066, Process: hl2.exe)
2014/05/09 14:13:23 +0200    FRANZ-PC    Franz    IP-BLOCK    46.246.94.108 (Type: outgoing, Port: 58066, Process: hl2.exe)
2014/05/09 14:13:40 +0200    FRANZ-PC    Franz    IP-BLOCK    195.88.209.185 (Type: outgoing, Port: 58066, Process: hl2.exe)
2014/05/09 14:13:56 +0200    FRANZ-PC    Franz    IP-BLOCK    46.254.16.63 (Type: outgoing, Port: 58066, Process: hl2.exe)
2014/05/09 14:13:56 +0200    FRANZ-PC    Franz    IP-BLOCK    66.150.155.74 (Type: outgoing, Port: 58066, Process: hl2.exe)
2014/05/09 15:00:29 +0200    FRANZ-PC    Franz    IP-BLOCK    84.22.98.59 (Type: outgoing, Port: 63085, Process: hl2.exe)
2014/05/09 15:00:29 +0200    FRANZ-PC    Franz    IP-BLOCK    217.23.11.160 (Type: outgoing, Port: 63085, Process: hl2.exe)
2014/05/09 15:00:29 +0200    FRANZ-PC    Franz    IP-BLOCK    217.23.11.160 (Type: outgoing, Port: 63085, Process: hl2.exe)
2014/05/09 15:00:46 +0200    FRANZ-PC    Franz    IP-BLOCK    46.246.94.108 (Type: outgoing, Port: 63085, Process: hl2.exe)
2014/05/09 15:00:54 +0200    FRANZ-PC    Franz    IP-BLOCK    195.88.209.185 (Type: outgoing, Port: 63085, Process: hl2.exe)
2014/05/09 15:01:10 +0200    FRANZ-PC    Franz    IP-BLOCK    46.254.16.63 (Type: outgoing, Port: 63085, Process: hl2.exe)
2014/05/09 15:01:18 +0200    FRANZ-PC    Franz    IP-BLOCK    66.150.155.74 (Type: outgoing, Port: 63085, Process: hl2.exe)
2014/05/09 15:16:41 +0200    FRANZ-PC    Franz    MESSAGE    Executing scheduled update:  Daily
2014/05/09 15:16:53 +0200    FRANZ-PC    Franz    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.05.08.05 to version v2014.05.09.06
2014/05/09 15:16:53 +0200    FRANZ-PC    Franz    MESSAGE    Starting database refresh
2014/05/09 15:16:53 +0200    FRANZ-PC    Franz    MESSAGE    Stopping IP protection
2014/05/09 15:16:53 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection stopped successfully
2014/05/09 15:16:57 +0200    FRANZ-PC    Franz    MESSAGE    Database refreshed successfully
2014/05/09 15:16:57 +0200    FRANZ-PC    Franz    MESSAGE    Starting IP protection
2014/05/09 15:16:59 +0200    FRANZ-PC    Franz    MESSAGE    IP Protection started successfully
Danke im Vorraus !

schrauber 11.05.2014 05:53
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Hackfleischa 11.05.2014 06:49
Danke für die Hilfe

Hier die FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Franz (administrator) on FRANZ-PC on 11-05-2014 07:43:05
Running from C:\Users\Franz\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Spotify Ltd) C:\Users\Franz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\puush\puush.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-01-31] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2076128565-2949655076-934418033-1000\...\Run: [Google Update] => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-06] (Google Inc.)
HKU\S-1-5-21-2076128565-2949655076-934418033-1000\...\Run: [Spotify Web Helper] => C:\Users\Franz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-08] (Spotify Ltd)
HKU\S-1-5-21-2076128565-2949655076-934418033-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-04-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)

==================== Internet (Whitelisted) ====================

ProxyServer: www-proxy.t-online.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKCU - DefaultScope {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\u2h2mwnf.default-1398355350095
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Franz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Franz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Franz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\u2h2mwnf.default-1398355350095\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-02-17]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Free Studio) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll (DVDVideoSoft Ltd.)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Franz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (WOT) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-07-05]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-06]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-06]
CHR Extension: (Stylish) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2012-10-24]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-11-17]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-06]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-01-31] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S3 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-25] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2011-11-21] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2011-11-21] (Ralink Technology, Corp.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology)
S4 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [89600 2005-11-03] (Protection Technology)
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 07:43 - 2014-05-11 07:43 - 00015476 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-05-11 07:43 - 2014-05-11 07:43 - 00000000 ____D () C:\FRST
2014-05-11 07:41 - 2014-05-11 07:42 - 02066432 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-05-10 14:26 - 2014-05-10 14:26 - 00000000 _____ () C:\Users\Franz\Desktop\Neues Textdokument.txt
2014-05-10 13:13 - 2014-05-10 13:13 - 00001702 _____ () C:\Users\Franz\Downloads\weapon_ttt_ak47.zip
2014-05-10 12:46 - 2014-05-10 12:47 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner (4)
2014-05-10 12:26 - 2014-05-10 12:26 - 00001694 _____ () C:\Users\Franz\Desktop\filezilla - Verknüpfung.lnk
2014-05-10 12:17 - 2014-05-10 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:07 - 2014-05-10 17:38 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner (3)
2014-05-09 19:01 - 2011-02-27 08:27 - 00000000 _____ () C:\Users\Franz\Desktop\ReadMeorFaceRape.txt
2014-05-09 18:22 - 2014-05-09 18:22 - 51897052 _____ () C:\Users\Franz\Desktop\garrysmod.zip
2014-05-09 18:19 - 2014-05-09 18:19 - 00000000 ____D () C:\Users\Franz\Desktop\ttt_space_station
2014-05-09 18:18 - 2014-05-09 18:18 - 12775885 _____ () C:\Users\Franz\Desktop\ttt_space_station.zip
2014-05-09 18:17 - 2014-05-09 18:17 - 04880488 _____ () C:\Users\Franz\Desktop\ttt_subway_b4.zip
2014-05-09 18:15 - 2011-05-22 18:32 - 00000770 _____ () C:\Users\Franz\Desktop\readme.txt
2014-05-09 18:11 - 2014-05-09 18:12 - 29572489 _____ () C:\Users\Franz\Desktop\forest_final.zip
2014-05-09 18:11 - 2014-05-09 18:12 - 08274871 _____ () C:\Users\Franz\Desktop\ttt_rooftops_a2.zip
2014-05-09 18:11 - 2014-05-09 18:11 - 03655823 _____ () C:\Users\Franz\Desktop\ttt_whitehouse_b2.zip
2014-05-09 18:06 - 2014-05-09 18:25 - 00000135 _____ () C:\Users\Franz\Desktop\mapcycle.txt.txt
2014-05-09 17:17 - 2014-05-09 17:17 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner (2)
2014-05-09 16:09 - 2014-05-10 20:38 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000957 _____ () C:\Users\Franz\Desktop\HLSW.lnk
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\Program Files (x86)\HLSW
2014-05-09 16:08 - 2014-05-09 16:08 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\hlsw_1_4_0_2_setup - CHIP-Downloader.exe
2014-05-09 15:10 - 2014-05-09 15:10 - 18532503 _____ () C:\Users\Franz\Desktop\ttt_mc_skyislands.zip
2014-05-09 15:10 - 2014-05-09 15:10 - 05226216 _____ () C:\Users\Franz\Desktop\ttt_minecraft_b5.zip
2014-05-09 14:52 - 2014-05-10 18:56 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\FileZilla
2014-05-09 14:50 - 2014-05-09 14:51 - 00000000 ____D () C:\Program Files (x86)\filezilla
2014-05-09 14:50 - 2014-05-09 14:50 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\FileZilla - CHIP-Downloader.exe
2014-05-07 22:28 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 22:28 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-07 22:28 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-07 22:28 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-07 04:54 - 2014-05-07 04:54 - 00000000 ____D () C:\Users\Franz\Desktop\Dreck
2014-05-07 03:06 - 2014-05-07 03:06 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\OpenOffice
2014-05-07 03:05 - 2014-05-07 03:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-07 02:55 - 2014-05-07 02:55 - 00003282 _____ () C:\Windows\System32\Tasks\{745B0226-3599-469E-9CD7-969C62E0F598}
2014-05-07 02:44 - 2014-05-07 02:45 - 164962843 _____ () C:\Users\Franz\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-05-06 21:40 - 2014-05-06 21:40 - 01877006 _____ () C:\Users\Franz\Documents\homo sapiens.odp
2014-05-06 18:20 - 2014-05-06 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 18:20 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 18:20 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 18:20 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 18:20 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 18:20 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 18:20 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 18:20 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 18:20 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 18:20 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 18:20 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 18:20 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 18:20 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 18:20 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 18:20 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 18:20 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 18:20 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 18:20 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 18:20 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 18:20 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 18:20 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 18:20 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 18:20 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 18:20 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 18:20 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 18:20 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 18:20 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 18:20 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 18:20 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 18:20 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 18:20 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 18:20 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 18:20 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 18:20 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 18:20 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 18:20 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 18:20 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 18:20 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 18:20 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 18:20 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 18:20 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 18:20 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 18:20 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 18:20 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 18:20 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 14:48 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 14:48 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 19:03 - 2014-05-05 19:04 - 00000000 ____D () C:\Users\Franz\Desktop\SuperUltraDupaOrdnerofDoom
2014-05-05 18:36 - 2014-05-05 18:37 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner
2014-05-05 16:12 - 2014-05-05 16:13 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Braid
2014-05-05 15:29 - 2014-05-05 15:29 - 00000383 _____ () C:\Windows\DirectX.log
2014-05-04 10:48 - 2014-05-11 06:16 - 00000840 _____ () C:\Windows\setupact.log
2014-05-04 10:48 - 2014-05-04 10:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-03 11:24 - 2014-05-03 11:24 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 11:22 - 2014-05-03 11:22 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\CCleaner - CHIP-Downloader.exe
2014-04-29 20:51 - 2014-04-29 20:51 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\com.blinkworks.IGTM
2014-04-28 15:26 - 2014-05-04 15:32 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TeamViewer
2014-04-26 20:34 - 2014-04-26 20:34 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-26 20:33 - 2014-04-26 20:33 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\TeamViewer - CHIP-Downloader.exe
2014-04-24 18:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-24 18:04 - 2014-04-24 18:04 - 01365865 _____ () C:\Users\Franz\Downloads\adwcleaner-3202.exe
2014-04-24 00:33 - 2014-04-24 00:34 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-04-24 00:33 - 2014-04-24 00:33 - 00066728 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-04-24 00:33 - 2014-04-24 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-19 22:00 - 2014-04-19 22:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\Notepad - CHIP-Downloader.exe
2014-04-19 16:58 - 2014-04-19 17:29 - 00000000 ____D () C:\Program Files (x86)\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-19 16:57 - 2014-04-19 16:57 - 01085440 _____ () C:\Users\Franz\Downloads\puush.msi
2014-04-19 16:19 - 2014-04-19 16:19 - 00395853 _____ () C:\Users\Franz\Downloads\ShadersMod-v2.3.15mc1.7.5-installer.jar
2014-04-16 13:06 - 2014-04-16 13:06 - 18948760 _____ (Trion Worlds Inc.) C:\Users\Franz\Downloads\RIFT-Install-0-irj31q.exe

==================== One Month Modified Files and Folders =======

2014-05-11 07:43 - 2014-05-11 07:43 - 00015476 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-05-11 07:43 - 2014-05-11 07:43 - 00000000 ____D () C:\FRST
2014-05-11 07:42 - 2014-05-11 07:41 - 02066432 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-05-11 07:31 - 2012-10-06 12:27 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA.job
2014-05-11 07:26 - 2012-10-06 12:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-11 07:10 - 2013-11-01 19:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 06:24 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 06:24 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 06:23 - 2012-10-05 18:55 - 01911912 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 06:21 - 2011-04-12 09:43 - 00709884 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 06:21 - 2011-04-12 09:43 - 00154320 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 06:21 - 2009-07-14 07:13 - 01649420 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 06:16 - 2014-05-04 10:48 - 00000840 _____ () C:\Windows\setupact.log
2014-05-11 06:16 - 2013-04-15 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 06:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 20:39 - 2012-10-07 15:54 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TS3Client
2014-05-10 20:38 - 2014-05-09 16:09 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\HLSW
2014-05-10 20:31 - 2012-10-06 12:27 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core.job
2014-05-10 19:42 - 2012-12-23 13:00 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A2BE357-0D83-461C-B9C4-6BCFCC2F8536}
2014-05-10 18:56 - 2014-05-09 14:52 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\FileZilla
2014-05-10 17:38 - 2014-05-09 19:07 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner (3)
2014-05-10 14:26 - 2014-05-10 14:26 - 00000000 _____ () C:\Users\Franz\Desktop\Neues Textdokument.txt
2014-05-10 13:13 - 2014-05-10 13:13 - 00001702 _____ () C:\Users\Franz\Downloads\weapon_ttt_ak47.zip
2014-05-10 12:47 - 2014-05-10 12:46 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner (4)
2014-05-10 12:26 - 2014-05-10 12:26 - 00001694 _____ () C:\Users\Franz\Desktop\filezilla - Verknüpfung.lnk
2014-05-10 12:17 - 2014-05-10 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 18:25 - 2014-05-09 18:06 - 00000135 _____ () C:\Users\Franz\Desktop\mapcycle.txt.txt
2014-05-09 18:22 - 2014-05-09 18:22 - 51897052 _____ () C:\Users\Franz\Desktop\garrysmod.zip
2014-05-09 18:19 - 2014-05-09 18:19 - 00000000 ____D () C:\Users\Franz\Desktop\ttt_space_station
2014-05-09 18:18 - 2014-05-09 18:18 - 12775885 _____ () C:\Users\Franz\Desktop\ttt_space_station.zip
2014-05-09 18:17 - 2014-05-09 18:17 - 04880488 _____ () C:\Users\Franz\Desktop\ttt_subway_b4.zip
2014-05-09 18:16 - 2011-10-03 10:44 - 00000000 ____D () C:\Users\Franz\Desktop\maps
2014-05-09 18:12 - 2014-05-09 18:11 - 29572489 _____ () C:\Users\Franz\Desktop\forest_final.zip
2014-05-09 18:12 - 2014-05-09 18:11 - 08274871 _____ () C:\Users\Franz\Desktop\ttt_rooftops_a2.zip
2014-05-09 18:11 - 2014-05-09 18:11 - 03655823 _____ () C:\Users\Franz\Desktop\ttt_whitehouse_b2.zip
2014-05-09 17:17 - 2014-05-09 17:17 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner (2)
2014-05-09 16:09 - 2014-05-09 16:09 - 00000957 _____ () C:\Users\Franz\Desktop\HLSW.lnk
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\Program Files (x86)\HLSW
2014-05-09 16:08 - 2014-05-09 16:08 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\hlsw_1_4_0_2_setup - CHIP-Downloader.exe
2014-05-09 15:11 - 2012-07-16 11:02 - 00000000 ____D () C:\Users\Franz\Downloads\materials
2014-05-09 15:11 - 2012-07-16 11:02 - 00000000 ____D () C:\Users\Franz\Downloads\maps
2014-05-09 15:11 - 2012-07-16 11:02 - 00000000 ____D () C:\Users\Franz\Desktop\materials
2014-05-09 15:10 - 2014-05-09 15:10 - 18532503 _____ () C:\Users\Franz\Desktop\ttt_mc_skyislands.zip
2014-05-09 15:10 - 2014-05-09 15:10 - 05226216 _____ () C:\Users\Franz\Desktop\ttt_minecraft_b5.zip
2014-05-09 14:51 - 2014-05-09 14:50 - 00000000 ____D () C:\Program Files (x86)\filezilla
2014-05-09 14:50 - 2014-05-09 14:50 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\FileZilla - CHIP-Downloader.exe
2014-05-07 20:26 - 2012-10-06 12:27 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA
2014-05-07 20:26 - 2012-10-06 12:27 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core
2014-05-07 16:02 - 2014-04-04 13:37 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\.minecraft
2014-05-07 14:35 - 2009-07-14 06:45 - 00295824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 04:54 - 2014-05-07 04:54 - 00000000 ____D () C:\Users\Franz\Desktop\Dreck
2014-05-07 04:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-07 03:07 - 2012-10-05 19:02 - 00064024 _____ () C:\Users\Franz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-07 03:06 - 2014-05-07 03:06 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\OpenOffice
2014-05-07 03:05 - 2014-05-07 03:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-07 02:55 - 2014-05-07 02:55 - 00003282 _____ () C:\Windows\System32\Tasks\{745B0226-3599-469E-9CD7-969C62E0F598}
2014-05-07 02:45 - 2014-05-07 02:44 - 164962843 _____ () C:\Users\Franz\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-05-06 21:40 - 2014-05-06 21:40 - 01877006 _____ () C:\Users\Franz\Documents\homo sapiens.odp
2014-05-06 18:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 18:20 - 2014-05-06 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 21:21 - 2014-01-29 18:38 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Spotify
2014-05-05 19:54 - 2014-02-13 16:38 - 00000000 ____D () C:\Users\Franz\AppData\Local\Battle.net
2014-05-05 19:04 - 2014-05-05 19:03 - 00000000 ____D () C:\Users\Franz\Desktop\SuperUltraDupaOrdnerofDoom
2014-05-05 18:37 - 2014-05-05 18:36 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner
2014-05-05 16:13 - 2014-05-05 16:12 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Braid
2014-05-05 15:29 - 2014-05-05 15:29 - 00000383 _____ () C:\Windows\DirectX.log
2014-05-05 14:11 - 2014-01-29 18:38 - 00000000 ____D () C:\Users\Franz\AppData\Local\Spotify
2014-05-04 22:51 - 2012-10-06 13:08 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Skype
2014-05-04 15:32 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TeamViewer
2014-05-04 10:48 - 2014-05-04 10:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-03 20:07 - 2012-10-07 18:16 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-03 20:07 - 2012-10-07 18:14 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-03 19:54 - 2012-10-07 18:16 - 00000000 ____D () C:\Users\Franz\AppData\Local\PunkBuster
2014-05-03 19:54 - 2012-10-07 18:14 - 00291512 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-03 19:52 - 2013-12-29 13:20 - 00000000 ____D () C:\Users\Franz\AppData\Local\Ubisoft
2014-05-03 19:14 - 2013-08-15 12:33 - 00000000 ____D () C:\ProgramData\Origin
2014-05-03 19:14 - 2013-08-15 12:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-03 18:16 - 2013-01-28 15:43 - 00000000 ____D () C:\Users\Franz\Desktop\Zeug
2014-05-03 11:31 - 2014-02-17 16:26 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-03 11:30 - 2012-09-05 13:50 - 00000000 ____D () C:\Windows\Panther
2014-05-03 11:24 - 2014-05-03 11:24 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 11:24 - 2013-08-27 21:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 11:22 - 2014-05-03 11:22 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\CCleaner - CHIP-Downloader.exe
2014-05-02 14:26 - 2014-02-13 16:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-29 20:51 - 2014-04-29 20:51 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\com.blinkworks.IGTM
2014-04-29 18:55 - 2013-06-25 14:48 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Audacity
2014-04-29 16:10 - 2013-11-01 19:56 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 16:10 - 2013-11-01 19:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 16:10 - 2013-11-01 19:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 16:01 - 2014-05-07 22:28 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-07 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-07 22:28 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-07 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 20:34 - 2014-04-26 20:34 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-26 20:33 - 2014-04-26 20:33 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\TeamViewer - CHIP-Downloader.exe
2014-04-26 19:07 - 2013-11-04 21:49 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-26 12:36 - 2014-01-23 16:45 - 00000000 ____D () C:\Users\Franz\AppData\Local\PMB Files
2014-04-26 12:36 - 2014-01-23 16:45 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-25 18:21 - 2013-09-09 19:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 18:20 - 2012-10-07 18:14 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-25 00:33 - 2012-11-17 15:31 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\DVDVideoSoft
2014-04-24 18:04 - 2014-04-24 18:04 - 01365865 _____ () C:\Users\Franz\Downloads\adwcleaner-3202.exe
2014-04-24 17:38 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-24 00:34 - 2014-04-24 00:33 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-04-24 00:33 - 2014-04-24 00:33 - 00066728 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-04-24 00:33 - 2014-04-24 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-04-22 00:51 - 2013-08-26 14:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Adobe
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-19 22:00 - 2014-04-19 22:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\Notepad - CHIP-Downloader.exe
2014-04-19 17:29 - 2014-04-19 16:58 - 00000000 ____D () C:\Program Files (x86)\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-19 16:57 - 2014-04-19 16:57 - 01085440 _____ () C:\Users\Franz\Downloads\puush.msi
2014-04-19 16:19 - 2014-04-19 16:19 - 00395853 _____ () C:\Users\Franz\Downloads\ShadersMod-v2.3.15mc1.7.5-installer.jar
2014-04-16 13:06 - 2014-04-16 13:06 - 18948760 _____ (Trion Worlds Inc.) C:\Users\Franz\Downloads\RIFT-Install-0-irj31q.exe
2014-04-14 04:24 - 2014-05-06 14:48 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 14:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 15:56 - 2014-02-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-30 17:55

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Und die Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by Franz at 2014-05-11 07:43:52
Running from C:\Users\Franz\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40131 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11109 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0131.1535.27922 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D2C98CB-7D5D-25CE-C72B-3F2C257F0284}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0131.1535.27922 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Artweaver Free 3.1 (HKLM-x32\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.1 - Boris Eyrich Software)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blobby Volley 2 Version 1.0 (HKLM-x32\...\Blobby Volley 2 Version 1.0_is1) (Version:  - )
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cthulhu Saves the World  (HKLM-x32\...\Steam App 107310) (Version:  - Zeboyd Games)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{094D6E27-97CC-447E-8660-56F75CFC1E00}) (Version: 11.1.20702.00 - Microsoft Corporation)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.03.03 - )
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Game Dev Tycoon DEMO Version 1.0.1 (HKLM-x32\...\{9B1070C1-D522-4E00-8263-F442422D26CA}_is1) (Version: 1.0.1 - Greenheart Games Pty. Ltd.)
GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - YoYo Games Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
Haunt 1.0 64bit (HKCU\...\Haunt 1.0 64bit) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version:  - Stripf Software)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{F28BD099-9FC0-4A03-A605-E069B8D17D47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Indie Game: The Movie (HKLM-x32\...\Steam App 207080) (Version:  - BlinkWorks Media)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kraven Manor (HKCU\...\Kraven Manor) (Version: 1.0.0 - The Guildhall at SMU)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version:  - Jasper Byrne)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - Visual Studio Express 2012 for Web (x32 Version: 3.0.30710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 -Visual Studio Express 2012 for Web Tools Update - DEU (x32 Version: 3.0.30710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 - Visual Studio Express 2012 for Web - DEU (x32 Version: 4.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 - Visual Studio Express 2012 for Web (x32 Version: 4.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime - DEU (x32 Version: 4.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - Visual Studio Express 2012 for Web - DEU (x32 Version: 1.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages - Visual Studio Express 2012 for Web (x32 Version: 1.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 - Visual Studio Express 2012 for Web - DEU (x32 Version: 2.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 - Visual Studio Express 2012 for Web (x32 Version: 2.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 Runtime - DEU (x32 Version: 2.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20710.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio Express 2012 for Web (x32 Version: 2.0.30625.9003 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Express Prerequisites x64 - DEU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU (x32 Version: 4.0.8876.1 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012-Vorbereitung (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Web - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 für das Web - DEU (HKLM-x32\...\{91e603e0-3440-459b-89b8-6c172245e343}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für das Web - DEU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Developer Tools - Visual Studio Express 2012 for Web - DEU (x32 Version: 1.0.30710.0 - Microsoft Corporation) Hidden
Microsoft Web Developer Tools - Visual Studio Express 2012 for Web (x32 Version: 1.0.30710.0 - Microsoft Corporation) Hidden
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Might & Magic: Duel of Champions (HKLM-x32\...\Steam App 256410) (Version:  - Ubisoft Quebec)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR) Hidden
No Time to Explain (HKLM-x32\...\Steam App 227280) (Version:  - tinyBuild)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version:  - Stridemann)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.2.15 - Electronic Arts)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unmechanical (HKLM-x32\...\Steam App 211180) (Version:  - )
Unreal Development Kit: 2012-10 (HKLM\...\UDK-5906061e-50b5-460d-8ab4-eca546d35761) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Visual Studio 2012 (KB2781514) (HKLM-x32\...\{56ef8912-352f-4fab-9c73-6f1c92a7127f}) (Version: 11.0.51219 - Microsoft Corporation)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17)

==================== Restore Points  =========================

03-05-2014 13:48:05 Geplanter Prüfpunkt
03-05-2014 17:51:33 DirectX wurde installiert
03-05-2014 22:35:19 Windows Update
05-05-2014 13:29:17 DirectX wurde installiert
05-05-2014 14:12:27 DirectX wurde installiert
06-05-2014 16:19:39 Windows Update
07-05-2014 00:48:18 OpenOffice 4.1.0 wird installiert
07-05-2014 01:03:52 OpenOffice 4.1.0 wird installiert
07-05-2014 20:28:26 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {031EA1A5-D309-409B-BFDD-09651FE764E2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {176ADCB9-A379-45DC-A2AC-CAF4EF05F035} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {1A3D7AF9-A3B4-4988-B796-A4B8C48A1D22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06] (Google Inc.)
Task: {820D9D1F-4137-45BB-BEE8-A33766515EFA} - System32\Tasks\{3F4655C3-434D-4DA4-B3C3-0B16BD8D8307} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: {820DD44C-C9F1-47B8-9F9F-87F00A00D3DE} - System32\Tasks\{E2B4A61D-A404-45C0-B299-63B3FC124C0A} => C:\Program Files (x86)\TrackMania Nations ESWC\TmNationsESWCLauncher.exe
Task: {928B4F3E-72C6-49F7-ACB2-FC902FC5ABAA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06] (Google Inc.)
Task: {A7824391-C22B-4610-81CF-AB4C0A6DB9EA} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2012-01-03] (ASUSTek Computer Inc.)
Task: {C1233008-5915-4C81-8103-8FA4EC63EC64} - System32\Tasks\{B0DBA517-09DB-466F-8F0C-348278DCAB93} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar
Task: {EDEF9CB5-BC76-42A5-B18B-6CE190DD1980} - System32\Tasks\{E9C4AEB7-39BF-4F6C-8F4A-1E792063A047} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core.job => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA.job => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-31 16:38 - 2014-01-31 16:38 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-11-04 16:03 - 2013-11-04 16:03 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-11-04 16:03 - 2013-11-04 16:03 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-01-31 16:38 - 2014-01-31 16:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-10-07 18:14 - 2014-04-25 18:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-10 14:41 - 2014-04-19 17:29 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2014-01-31 16:38 - 2014-01-31 16:38 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-10-06 12:24 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-10-05 19:33 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2012-10-05 19:33 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2013-01-09 11:09 - 2013-01-09 11:09 - 00118784 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\Ralink.dll
2012-09-04 14:34 - 2012-09-04 14:34 - 01066856 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\RaWLAPI.dll
2014-05-10 12:17 - 2014-05-10 12:17 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-29 16:10 - 2014-04-29 16:10 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2014-05-01 10:55 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-03-05 15:21 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-01 10:55 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-09 17:12 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-04-29 02:37 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-01 10:55 - 2014-04-29 02:37 - 02198720 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-01 10:55 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-10-06 12:53 - 2014-05-10 04:29 - 01145536 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-10-06 12:53 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-10-06 12:53 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-10-06 12:53 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-10-06 12:53 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Google Update => "C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2014 06:18:07 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 08:26:51 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm hl2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1f30

Startzeit: 01cf6c79f6c1c40a

Endzeit: 134

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

Berichts-ID:

Error: (05/10/2014 06:50:36 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm hl2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16ac

Startzeit: 01cf6c67f365a308

Endzeit: 108

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

Berichts-ID:

Error: (05/10/2014 04:28:07 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm hl2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15f0

Startzeit: 01cf6c475579a41f

Endzeit: 90

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

Berichts-ID:

Error: (05/10/2014 11:04:36 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 01:09:25 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 06:12:00 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 02:20:21 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 06:05:08 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 02:36:40 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/11/2014 07:27:00 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/11/2014 07:27:00 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (05/11/2014 06:16:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/10/2014 11:03:19 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/09/2014 01:08:05 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/09/2014 06:10:39 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/08/2014 02:19:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/08/2014 06:03:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/07/2014 02:35:35 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/07/2014 06:33:47 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (05/11/2014 06:18:07 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 08:26:51 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: hl2.exe0.0.0.01f3001cf6c79f6c1c40a134C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

Error: (05/10/2014 06:50:36 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: hl2.exe0.0.0.016ac01cf6c67f365a308108C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

Error: (05/10/2014 04:28:07 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: hl2.exe0.0.0.015f001cf6c475579a41f90C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

Error: (05/10/2014 11:04:36 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 01:09:25 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 06:12:00 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 02:20:21 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 06:05:08 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 02:36:40 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-07-28 09:07:43.865
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\sfvfs02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-28 09:07:43.801
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\sfvfs02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8174.12 MB
Available physical RAM: 5844.12 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 13672.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:921.75 GB) (Free:493.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6B4FF10E)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=922 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 12.05.2014 10:00
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hackfleischa 14.05.2014 13:41
Zwischendurch hat mir Antivir gemeldet dass die Registry blockiert wurde, hatte es aber eigentlich deaktiviert.

Code:
ComboFix 14-05-13.01 - Franz 14.05.2014  14:25:02.1.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8174.5944 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-14 bis 2014-05-14  ))))))))))))))))))))))))))))))
.
.
2014-05-14 12:32 . 2014-05-14 12:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-14 12:26 . 2014-05-14 12:26        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EBA00A4-4270-468E-915D-C5FAFC2770CC}\offreg.dll
2014-05-14 12:19 . 2014-04-17 03:31        10651704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EBA00A4-4270-468E-915D-C5FAFC2770CC}\mpengine.dll
2014-05-12 13:38 . 2014-05-12 13:38        --------        d-----w-        c:\users\Franz\AppData\Roaming\LoneSurvivor
2014-05-11 05:43 . 2014-05-11 05:44        --------        d-----w-        C:\FRST
2014-05-09 14:09 . 2014-05-11 16:22        --------        d-----w-        c:\users\Franz\AppData\Roaming\HLSW
2014-05-09 14:09 . 2014-05-09 14:09        --------        d-s---w-        c:\program files (x86)\HLSW
2014-05-09 12:52 . 2014-05-11 10:37        --------        d-----w-        c:\users\Franz\AppData\Roaming\FileZilla
2014-05-09 12:50 . 2014-05-09 12:51        --------        d-----w-        c:\program files (x86)\filezilla
2014-05-07 20:28 . 2014-04-29 14:01        23547904        ----a-w-        c:\windows\system32\mshtml.dll
2014-05-07 20:28 . 2014-04-29 13:40        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-07 20:28 . 2014-04-29 12:34        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-05-07 01:06 . 2014-05-07 01:06        --------        d-----w-        c:\users\Franz\AppData\Roaming\OpenOffice
2014-05-07 01:05 . 2014-05-07 01:05        --------        d-----w-        c:\program files (x86)\OpenOffice 4
2014-05-06 12:48 . 2014-04-14 02:24        465408        ----a-w-        c:\windows\system32\aepdu.dll
2014-05-06 12:48 . 2014-04-14 02:19        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-05-05 14:12 . 2014-05-05 14:13        --------        d-----w-        c:\users\Franz\AppData\Roaming\Braid
2014-04-29 18:51 . 2014-04-29 18:51        --------        d-----w-        c:\users\Franz\AppData\Roaming\com.blinkworks.IGTM
2014-04-28 13:26 . 2014-05-04 13:32        --------        d-----w-        c:\users\Franz\AppData\Roaming\TeamViewer
2014-04-26 18:34 . 2014-04-26 18:34        --------        d-----w-        c:\program files (x86)\TeamViewer
2014-04-24 16:06 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-04-23 22:33 . 2014-04-23 22:34        --------        d-----w-        c:\program files\Virtual Audio Cable
2014-04-23 22:33 . 2014-04-23 22:33        66728        ----a-w-        c:\windows\system32\drivers\vrtaucbl.sys
2014-04-19 20:01 . 2014-04-19 20:01        --------        d-----w-        c:\users\Franz\AppData\Roaming\Notepad++
2014-04-19 20:01 . 2014-04-19 20:01        --------        d-----w-        c:\program files (x86)\Notepad++
2014-04-19 14:58 . 2014-04-19 14:58        --------        d-----w-        c:\users\Franz\AppData\Roaming\puush
2014-04-19 14:58 . 2014-04-19 15:29        --------        d-----w-        c:\program files (x86)\puush
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-03 18:07 . 2012-10-07 16:16        291760        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2014-05-03 18:07 . 2012-10-07 16:14        291760        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2014-05-03 17:54 . 2012-10-07 16:14        291512        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2014-04-29 14:10 . 2013-11-01 17:56        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 14:10 . 2013-11-01 17:56        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-25 16:20 . 2012-10-07 16:14        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2014-03-31 07:35 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-04 09:44 . 2014-04-09 11:17        362496        ----a-w-        c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 11:17        243712        ----a-w-        c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 11:17        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 11:17        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 11:17        1163264        ----a-w-        c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 11:17        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 11:17        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 11:17        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 11:17        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 11:17        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 11:17        2048        ----a-w-        c:\windows\SysWow64\user.exe
2014-03-01 12:38 . 2014-03-01 12:38        108968        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-03-01 12:38 . 2014-03-01 12:39        312744        ----a-w-        c:\windows\system32\javaws.exe
2014-03-01 12:38 . 2014-03-01 12:38        189352        ----a-w-        c:\windows\system32\javaw.exe
2014-03-01 12:38 . 2014-03-01 12:38        189352        ----a-w-        c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Franz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-08 1171000]
"puush"="c:\program files (x86)\puush\puush.exe" [2014-04-19 567880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-01-31 767200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA4100 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE [2013-1-9 4989656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
R3 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe;c:\program files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-01 14:10]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core.job
- c:\users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06 10:27]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA.job
- c:\users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06 10:27]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://localoem.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = www-proxy.t-online.de:80
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\u2h2mwnf.default-1398355350095\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2076128565-2949655076-934418033-1000\Software\SecuROM\License information*]
"datasecu"=hex:14,cf,5e,e2,d4,e3,48,3b,dd,1b,ba,af,6e,3c,f9,b1,87,cf,64,fc,fe,
  cb,79,a9,c6,31,60,f8,1f,9c,63,e4,c5,5c,2a,2c,d2,29,7b,3f,d1,08,89,f9,f0,50,\
"rkeysecu"=hex:7e,2e,a7,51,00,19,cd,67,6a,1a,4b,a9,b1,63,5c,f6
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-14  14:33:43
ComboFix-quarantined-files.txt  2014-05-14 12:33
.
Vor Suchlauf: 15 Verzeichnis(se), 532.291.661.824 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 531.771.879.424 Bytes frei
.
- - End Of File - - F956EF07D0FB9F5DD15002F59A29C057
A36C5E4F47E84449FF07ED3517B43A31

schrauber 15.05.2014 09:45
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Hackfleischa 15.05.2014 13:19
Malwarebytes:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 15.05.2014
Suchlauf-Zeit: 14:13:06
Logdatei: Mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.15.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Franz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 283823
Verstrichene Zeit: 10 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Adwarecleaner hat sich beim Suchlauf immer aufgehangen, sodass ich die Dateien nich entfernen konnte. Ein Log wurde dennoch erstellt:
Code:
# AdwCleaner v3.208 - Bericht erstellt am 15/05/2014 um 13:42:08
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Franz - FRANZ-PC
# Gestartet von : C:\Users\Franz\Downloads\adwcleaner_3.208.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Users\Franz\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\Franz\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU64\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\u2h2mwnf.default-1398355350095\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Franz on 15.05.2014 at 13:49:08,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Franz\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Franz\AppData\Roaming\pdfforge"



~~~ FireFox

Emptied folder: C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\u2h2mwnf.default-1398355350095\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.05.2014 at 13:54:12,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Franz (administrator) on FRANZ-PC on 15-05-2014 13:45:30
Running from C:\Users\Franz\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\puush\puush.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-01-31] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2076128565-2949655076-934418033-1000\...\Run: [Spotify Web Helper] => C:\Users\Franz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-08] (Spotify Ltd)
HKU\S-1-5-21-2076128565-2949655076-934418033-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-04-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)

==================== Internet (Whitelisted) ====================

ProxyServer: www-proxy.t-online.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKCU - DefaultScope {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\u2h2mwnf.default-1398355350095
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Franz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Franz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Franz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\u2h2mwnf.default-1398355350095\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-02-17]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Free Studio) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll (DVDVideoSoft Ltd.)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Franz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (WOT) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-07-05]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-06]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-06]
CHR Extension: (Stylish) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2012-10-24]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-11-17]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-06]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-01-31] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-15] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S3 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-25] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2011-11-21] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2011-11-21] (Ralink Technology, Corp.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology)
S4 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [89600 2005-11-03] (Protection Technology)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-15 13:45 - 2014-05-15 13:45 - 00014978 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-05-15 13:45 - 2014-05-15 13:45 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-05-15 13:42 - 2014-05-15 13:42 - 00002126 _____ () C:\Users\Franz\Desktop\AdwCleaner[R4].txt
2014-05-15 13:25 - 2014-05-15 13:44 - 00000000 ____D () C:\AdwCleaner
2014-05-15 13:25 - 2014-05-15 13:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Franz\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 13:24 - 2014-05-15 13:24 - 01325827 _____ () C:\Users\Franz\Downloads\adwcleaner_3.208.exe
2014-05-15 13:24 - 2014-05-15 13:24 - 01016261 _____ (Thisisu) C:\Users\Franz\Downloads\JRT.exe
2014-05-14 22:25 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:25 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:25 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:25 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:25 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:25 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 15:16 - 2014-05-14 16:14 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner
2014-05-14 14:42 - 2014-05-14 14:42 - 00000552 _____ () C:\Windows\PFRO.log
2014-05-14 14:33 - 2014-05-14 14:33 - 00013621 _____ () C:\ComboFix.txt
2014-05-14 14:23 - 2014-05-14 14:33 - 00000000 ____D () C:\Qoobox
2014-05-14 14:23 - 2014-05-14 14:33 - 00000000 ____D () C:\ComboFix
2014-05-14 14:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-14 14:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-14 14:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-14 14:22 - 2014-05-14 14:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-14 14:18 - 2014-05-14 14:18 - 05200050 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-05-13 14:02 - 2014-05-15 13:15 - 00001033 _____ () C:\Windows\setupact.log
2014-05-13 14:02 - 2014-05-13 14:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\LoneSurvivor
2014-05-11 07:43 - 2014-05-15 13:45 - 00000000 ____D () C:\FRST
2014-05-11 07:41 - 2014-05-15 13:45 - 02066944 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-05-10 13:13 - 2014-05-10 13:13 - 00001702 _____ () C:\Users\Franz\Downloads\weapon_ttt_ak47.zip
2014-05-10 12:26 - 2014-05-10 12:26 - 00001694 _____ () C:\Users\Franz\Desktop\filezilla - Verknüpfung.lnk
2014-05-10 12:17 - 2014-05-10 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 16:09 - 2014-05-14 22:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000957 _____ () C:\Users\Franz\Desktop\HLSW.lnk
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\Program Files (x86)\HLSW
2014-05-09 16:08 - 2014-05-09 16:08 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\hlsw_1_4_0_2_setup - CHIP-Downloader.exe
2014-05-09 14:52 - 2014-05-14 15:21 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\FileZilla
2014-05-09 14:50 - 2014-05-09 14:51 - 00000000 ____D () C:\Program Files (x86)\filezilla
2014-05-09 14:50 - 2014-05-09 14:50 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\FileZilla - CHIP-Downloader.exe
2014-05-07 03:06 - 2014-05-07 03:06 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\OpenOffice
2014-05-07 03:05 - 2014-05-07 03:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-07 02:55 - 2014-05-07 02:55 - 00003282 _____ () C:\Windows\System32\Tasks\{745B0226-3599-469E-9CD7-969C62E0F598}
2014-05-07 02:44 - 2014-05-07 02:45 - 164962843 _____ () C:\Users\Franz\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-05-06 21:40 - 2014-05-06 21:40 - 01877006 _____ () C:\Users\Franz\Documents\homo sapiens.odp
2014-05-06 18:20 - 2014-05-06 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 18:20 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 18:20 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 18:20 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 18:20 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 18:20 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 18:20 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 18:20 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 18:20 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 18:20 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 18:20 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 18:20 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 18:20 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 18:20 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 18:20 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 18:20 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 18:20 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 18:20 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 18:20 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 18:20 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 18:20 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 18:20 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 18:20 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 18:20 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 18:20 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 18:20 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 18:20 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 18:20 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 18:20 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 18:20 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 18:20 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 18:20 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 18:20 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 18:20 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 18:20 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 18:20 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 18:20 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 18:20 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 18:20 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 18:20 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 18:20 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 18:20 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 18:20 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 18:20 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 18:20 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 14:48 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 14:48 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 16:12 - 2014-05-05 16:13 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Braid
2014-05-03 11:24 - 2014-05-03 11:24 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 11:22 - 2014-05-03 11:22 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\CCleaner - CHIP-Downloader.exe
2014-04-29 20:51 - 2014-04-29 20:51 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\com.blinkworks.IGTM
2014-04-28 15:26 - 2014-05-04 15:32 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TeamViewer
2014-04-26 20:34 - 2014-04-26 20:34 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-26 20:33 - 2014-04-26 20:33 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\TeamViewer - CHIP-Downloader.exe
2014-04-24 18:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-24 00:33 - 2014-04-24 00:34 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-04-24 00:33 - 2014-04-24 00:33 - 00066728 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-04-24 00:33 - 2014-04-24 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-19 22:00 - 2014-04-19 22:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\Notepad - CHIP-Downloader.exe
2014-04-19 16:58 - 2014-04-19 17:29 - 00000000 ____D () C:\Program Files (x86)\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-19 16:57 - 2014-04-19 16:57 - 01085440 _____ () C:\Users\Franz\Downloads\puush.msi
2014-04-19 16:19 - 2014-04-19 16:19 - 00395853 _____ () C:\Users\Franz\Downloads\ShadersMod-v2.3.15mc1.7.5-installer.jar
2014-04-16 13:06 - 2014-04-16 13:06 - 18948760 _____ (Trion Worlds Inc.) C:\Users\Franz\Downloads\RIFT-Install-0-irj31q.exe

==================== One Month Modified Files and Folders =======

2014-05-15 13:46 - 2014-05-15 13:45 - 00014978 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-05-15 13:45 - 2014-05-15 13:45 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-05-15 13:45 - 2014-05-11 07:43 - 00000000 ____D () C:\FRST
2014-05-15 13:45 - 2014-05-11 07:41 - 02066944 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-05-15 13:44 - 2014-05-15 13:25 - 00000000 ____D () C:\AdwCleaner
2014-05-15 13:42 - 2014-05-15 13:42 - 00002126 _____ () C:\Users\Franz\Desktop\AdwCleaner[R4].txt
2014-05-15 13:32 - 2012-10-06 12:27 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA.job
2014-05-15 13:25 - 2014-05-15 13:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Franz\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 13:24 - 2014-05-15 13:24 - 01325827 _____ () C:\Users\Franz\Downloads\adwcleaner_3.208.exe
2014-05-15 13:24 - 2014-05-15 13:24 - 01016261 _____ (Thisisu) C:\Users\Franz\Downloads\JRT.exe
2014-05-15 13:24 - 2012-10-05 18:55 - 01053019 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 13:24 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 13:24 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 13:22 - 2011-04-12 09:43 - 00709884 _____ () C:\Windows\system32\perfh007.dat
2014-05-15 13:22 - 2011-04-12 09:43 - 00154320 _____ () C:\Windows\system32\perfc007.dat
2014-05-15 13:22 - 2009-07-14 07:13 - 01649420 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 13:21 - 2013-03-29 15:46 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-15 13:21 - 2013-03-29 15:46 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-15 13:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 13:15 - 2014-05-13 14:02 - 00001033 _____ () C:\Windows\setupact.log
2014-05-14 22:22 - 2014-05-09 16:09 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\HLSW
2014-05-14 22:22 - 2012-10-07 15:54 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TS3Client
2014-05-14 22:22 - 2012-10-06 12:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-14 22:10 - 2013-11-01 19:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 21:24 - 2014-01-29 18:38 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Spotify
2014-05-14 20:31 - 2012-10-06 12:27 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core.job
2014-05-14 19:17 - 2014-01-29 18:38 - 00000000 ____D () C:\Users\Franz\AppData\Local\Spotify
2014-05-14 18:11 - 2013-11-01 19:56 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 18:11 - 2013-11-01 19:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:11 - 2013-11-01 19:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:45 - 2014-02-13 16:38 - 00000000 ____D () C:\Users\Franz\AppData\Local\Battle.net
2014-05-14 16:14 - 2014-05-14 15:16 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner
2014-05-14 15:21 - 2014-05-09 14:52 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\FileZilla
2014-05-14 14:42 - 2014-05-14 14:42 - 00000552 _____ () C:\Windows\PFRO.log
2014-05-14 14:33 - 2014-05-14 14:33 - 00013621 _____ () C:\ComboFix.txt
2014-05-14 14:33 - 2014-05-14 14:23 - 00000000 ____D () C:\Qoobox
2014-05-14 14:33 - 2014-05-14 14:23 - 00000000 ____D () C:\ComboFix
2014-05-14 14:33 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-14 14:32 - 2014-05-14 14:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-14 14:32 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-14 14:18 - 2014-05-14 14:18 - 05200050 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-05-14 14:16 - 2012-12-23 13:00 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A2BE357-0D83-461C-B9C4-6BCFCC2F8536}
2014-05-13 16:42 - 2013-11-04 21:49 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-05-13 14:02 - 2014-05-13 14:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 17:13 - 2013-06-25 14:48 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Audacity
2014-05-12 16:22 - 2014-04-04 13:37 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\.minecraft
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\LoneSurvivor
2014-05-11 09:45 - 2014-02-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-11 06:16 - 2013-04-15 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 13:13 - 2014-05-10 13:13 - 00001702 _____ () C:\Users\Franz\Downloads\weapon_ttt_ak47.zip
2014-05-10 12:26 - 2014-05-10 12:26 - 00001694 _____ () C:\Users\Franz\Desktop\filezilla - Verknüpfung.lnk
2014-05-10 12:17 - 2014-05-10 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 16:09 - 2014-05-09 16:09 - 00000957 _____ () C:\Users\Franz\Desktop\HLSW.lnk
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\Program Files (x86)\HLSW
2014-05-09 16:08 - 2014-05-09 16:08 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\hlsw_1_4_0_2_setup - CHIP-Downloader.exe
2014-05-09 15:11 - 2012-07-16 11:02 - 00000000 ____D () C:\Users\Franz\Downloads\materials
2014-05-09 15:11 - 2012-07-16 11:02 - 00000000 ____D () C:\Users\Franz\Downloads\maps
2014-05-09 14:51 - 2014-05-09 14:50 - 00000000 ____D () C:\Program Files (x86)\filezilla
2014-05-09 14:50 - 2014-05-09 14:50 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\FileZilla - CHIP-Downloader.exe
2014-05-07 20:26 - 2012-10-06 12:27 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA
2014-05-07 20:26 - 2012-10-06 12:27 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core
2014-05-07 14:35 - 2009-07-14 06:45 - 00295824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 04:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-07 03:07 - 2012-10-05 19:02 - 00064024 _____ () C:\Users\Franz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-07 03:06 - 2014-05-07 03:06 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\OpenOffice
2014-05-07 03:05 - 2014-05-07 03:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-07 02:55 - 2014-05-07 02:55 - 00003282 _____ () C:\Windows\System32\Tasks\{745B0226-3599-469E-9CD7-969C62E0F598}
2014-05-07 02:45 - 2014-05-07 02:44 - 164962843 _____ () C:\Users\Franz\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-05-06 21:40 - 2014-05-06 21:40 - 01877006 _____ () C:\Users\Franz\Documents\homo sapiens.odp
2014-05-06 18:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 18:20 - 2014-05-06 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 06:40 - 2014-05-14 22:25 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 16:13 - 2014-05-05 16:12 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Braid
2014-05-04 22:51 - 2012-10-06 13:08 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Skype
2014-05-04 15:32 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TeamViewer
2014-05-03 20:07 - 2012-10-07 18:16 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-03 20:07 - 2012-10-07 18:14 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-03 19:54 - 2012-10-07 18:16 - 00000000 ____D () C:\Users\Franz\AppData\Local\PunkBuster
2014-05-03 19:54 - 2012-10-07 18:14 - 00291512 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-03 19:52 - 2013-12-29 13:20 - 00000000 ____D () C:\Users\Franz\AppData\Local\Ubisoft
2014-05-03 19:14 - 2013-08-15 12:33 - 00000000 ____D () C:\ProgramData\Origin
2014-05-03 19:14 - 2013-08-15 12:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-03 18:16 - 2013-01-28 15:43 - 00000000 ____D () C:\Users\Franz\Desktop\Zeug
2014-05-03 11:31 - 2014-02-17 16:26 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-03 11:30 - 2012-09-05 13:50 - 00000000 ____D () C:\Windows\Panther
2014-05-03 11:24 - 2014-05-03 11:24 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 11:24 - 2013-08-27 21:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 11:22 - 2014-05-03 11:22 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\CCleaner - CHIP-Downloader.exe
2014-05-02 14:26 - 2014-02-13 16:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-29 20:51 - 2014-04-29 20:51 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\com.blinkworks.IGTM
2014-04-26 20:34 - 2014-04-26 20:34 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-26 20:33 - 2014-04-26 20:33 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\TeamViewer - CHIP-Downloader.exe
2014-04-26 12:36 - 2014-01-23 16:45 - 00000000 ____D () C:\Users\Franz\AppData\Local\PMB Files
2014-04-26 12:36 - 2014-01-23 16:45 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-25 18:21 - 2013-09-09 19:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 18:20 - 2012-10-07 18:14 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-25 00:33 - 2012-11-17 15:31 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\DVDVideoSoft
2014-04-24 17:38 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-24 00:34 - 2014-04-24 00:33 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-04-24 00:33 - 2014-04-24 00:33 - 00066728 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-04-24 00:33 - 2014-04-24 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-04-22 00:51 - 2013-08-26 14:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Adobe
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-19 22:00 - 2014-04-19 22:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\Notepad - CHIP-Downloader.exe
2014-04-19 17:29 - 2014-04-19 16:58 - 00000000 ____D () C:\Program Files (x86)\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-19 16:57 - 2014-04-19 16:57 - 01085440 _____ () C:\Users\Franz\Downloads\puush.msi
2014-04-19 16:19 - 2014-04-19 16:19 - 00395853 _____ () C:\Users\Franz\Downloads\ShadersMod-v2.3.15mc1.7.5-installer.jar
2014-04-16 13:06 - 2014-04-16 13:06 - 18948760 _____ (Trion Worlds Inc.) C:\Users\Franz\Downloads\RIFT-Install-0-irj31q.exe

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-11 08:55

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 16.05.2014 11:11

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hackfleischa 18.05.2014 13:50
Eset Online Scanner:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d072d31d5b62db49b523fd11c403b7f8
# engine=18309
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-18 12:39:31
# local_time=2014-05-18 02:39:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 63422 265840061 9210 0
# compatibility_mode=5893 16776573 100 94 16088 152046621 0 0
# scanned=334195
# found=8
# cleaned=0
# scan_time=8414
sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz\Desktop\Zeug\Installer\FreeYouTubeToMP3Converter_3.11.35.1031.exe"
sh=1D073A259B7906A6503681271CDE03F4DE8EA0B5 ft=1 fh=d40116fdf6d35222 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz\Downloads\CCleaner - CHIP-Downloader.exe"
sh=42577C445957B7B4B1CFC775099218C50D9BC84C ft=1 fh=41910ab81963d3d6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz\Downloads\FileZilla - CHIP-Downloader.exe"
sh=22EC476853E625E3B2D755F358CA38F333199D91 ft=1 fh=d05d6b8e2a135b3f vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz\Downloads\hlsw_1_4_0_2_setup - CHIP-Downloader.exe"
sh=15581E9878B741A2C71FBF1E98D6C993F842612B ft=1 fh=b3ff78098888ab0e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz\Downloads\Notepad - CHIP-Downloader.exe"
sh=AFC2C43913F74660004D651BCCEC7A90B3DB027D ft=1 fh=0cf32797c7f25937 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz\Downloads\PDF24 Creator - CHIP-Downloader.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz\Downloads\PDFCreator-1_7_1_setup.exe"
sh=5E5B9A90AE2C34DF33E5ECD192195A5CFE9CE47C ft=1 fh=0d07123090953261 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz\Downloads\TeamViewer - CHIP-Downloader.exe"
SecurityCheck:
Code:
Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Call of Duty: Ghosts 
 Call of Duty: Ghosts - Multiplayer
 Adobe Flash Player 13.0.0.214 
 Adobe Reader XI 
 Mozilla Firefox (29.0.1)
 Google Chrome 34.0.1847.131 
 Google Chrome 34.0.1847.137 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Franz (administrator) on FRANZ-PC on 18-05-2014 14:45:16
Running from C:\Users\Franz\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Spotify Ltd) C:\Users\Franz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\puush\puush.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-01-31] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2076128565-2949655076-934418033-1000\...\Run: [Spotify Web Helper] => C:\Users\Franz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2076128565-2949655076-934418033-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-04-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)

==================== Internet (Whitelisted) ====================

ProxyServer: www-proxy.t-online.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKCU - DefaultScope {80E2732B-B775-4988-B2FA-66F8D6B416DA} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\u2h2mwnf.default-1398355350095
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Franz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Franz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Franz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\u2h2mwnf.default-1398355350095\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-02-17]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Franz\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Free Studio) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll (DVDVideoSoft Ltd.)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Franz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (WOT) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-07-05]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-06]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-06]
CHR Extension: (Stylish) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2012-10-24]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-11-17]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-06]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-01-31] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-15] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S3 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-25] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2011-11-21] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2011-11-21] (Ralink Technology, Corp.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology)
S4 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [89600 2005-11-03] (Protection Technology)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 14:45 - 2014-05-18 14:45 - 00014862 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-05-18 14:44 - 2014-05-18 14:44 - 00000863 _____ () C:\Users\Franz\Desktop\Neues Textdokument.txt
2014-05-18 12:07 - 2014-05-18 12:07 - 02347384 _____ (ESET) C:\Users\Franz\Downloads\esetsmartinstaller_deu.exe
2014-05-18 12:07 - 2014-05-18 12:07 - 00855379 _____ () C:\Users\Franz\Desktop\SecurityCheck.exe
2014-05-18 10:21 - 2014-05-18 10:22 - 00000000 ____D () C:\Users\Franz\Documents\RCT3
2014-05-18 10:21 - 2014-05-18 10:21 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Atari
2014-05-18 10:20 - 2014-05-18 10:20 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll
2014-05-18 10:20 - 2014-05-18 10:20 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Leadertech
2014-05-18 10:18 - 2014-05-18 10:18 - 00001217 _____ () C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2014-05-18 10:11 - 2014-05-18 10:11 - 00000000 ____D () C:\Program Files (x86)\Atari
2014-05-17 21:19 - 2014-05-17 21:20 - 2242472912 _____ () C:\Users\Franz\Desktop\csgo 2014-05-17 21-19-10-99.avi
2014-05-16 15:34 - 2014-05-16 16:30 - 00000000 ____D () C:\Users\Franz\AppData\Local\Arma 3
2014-05-16 15:34 - 2014-05-16 15:34 - 00000000 ____D () C:\Users\Franz\Documents\Arma 3
2014-05-16 15:34 - 2014-05-16 15:34 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2014-05-16 15:32 - 2014-05-18 10:20 - 00166892 _____ () C:\Windows\DirectX.log
2014-05-15 14:01 - 2014-05-18 10:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 14:01 - 2014-05-15 14:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 14:01 - 2014-05-15 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 14:01 - 2014-05-15 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 14:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 14:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 13:49 - 2014-05-15 13:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-15 13:45 - 2014-05-18 14:45 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-05-15 13:25 - 2014-05-15 13:44 - 00000000 ____D () C:\AdwCleaner
2014-05-15 13:25 - 2014-05-15 13:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Franz\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 13:24 - 2014-05-15 13:24 - 01325827 _____ () C:\Users\Franz\Downloads\adwcleaner_3.208.exe
2014-05-15 13:24 - 2014-05-15 13:24 - 01016261 _____ (Thisisu) C:\Users\Franz\Desktop\JRT.exe
2014-05-15 13:24 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 13:24 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 13:24 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:24 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:22 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:22 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:22 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:22 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:22 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:22 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:22 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:22 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:22 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:22 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:22 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:22 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:22 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:22 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:22 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:22 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:22 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:22 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:22 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:22 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:22 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:22 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:22 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:22 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:22 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:22 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:22 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:22 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:22 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:22 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 22:25 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:25 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:25 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:25 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:25 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:25 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 15:16 - 2014-05-14 16:14 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner
2014-05-14 14:42 - 2014-05-14 14:42 - 00000552 _____ () C:\Windows\PFRO.log
2014-05-14 14:33 - 2014-05-14 14:33 - 00013621 _____ () C:\ComboFix.txt
2014-05-14 14:23 - 2014-05-14 14:33 - 00000000 ____D () C:\Qoobox
2014-05-14 14:23 - 2014-05-14 14:33 - 00000000 ____D () C:\ComboFix
2014-05-14 14:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-14 14:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-14 14:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-14 14:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-14 14:22 - 2014-05-14 14:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-14 14:18 - 2014-05-14 14:18 - 05200050 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-05-13 14:02 - 2014-05-18 10:00 - 00001257 _____ () C:\Windows\setupact.log
2014-05-13 14:02 - 2014-05-13 14:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\LoneSurvivor
2014-05-11 07:43 - 2014-05-18 14:45 - 00000000 ____D () C:\FRST
2014-05-11 07:41 - 2014-05-18 14:45 - 02067456 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-05-10 13:13 - 2014-05-10 13:13 - 00001702 _____ () C:\Users\Franz\Downloads\weapon_ttt_ak47.zip
2014-05-10 12:26 - 2014-05-10 12:26 - 00001694 _____ () C:\Users\Franz\Desktop\filezilla - Verknüpfung.lnk
2014-05-10 12:17 - 2014-05-10 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 16:09 - 2014-05-14 22:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000957 _____ () C:\Users\Franz\Desktop\HLSW.lnk
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\Program Files (x86)\HLSW
2014-05-09 16:08 - 2014-05-09 16:08 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\hlsw_1_4_0_2_setup - CHIP-Downloader.exe
2014-05-09 14:52 - 2014-05-14 15:21 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\FileZilla
2014-05-09 14:50 - 2014-05-09 14:51 - 00000000 ____D () C:\Program Files (x86)\filezilla
2014-05-09 14:50 - 2014-05-09 14:50 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\FileZilla - CHIP-Downloader.exe
2014-05-07 03:06 - 2014-05-07 03:06 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\OpenOffice
2014-05-07 03:05 - 2014-05-07 03:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-07 02:55 - 2014-05-07 02:55 - 00003282 _____ () C:\Windows\System32\Tasks\{745B0226-3599-469E-9CD7-969C62E0F598}
2014-05-07 02:44 - 2014-05-07 02:45 - 164962843 _____ () C:\Users\Franz\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-05-06 21:40 - 2014-05-06 21:40 - 01877006 _____ () C:\Users\Franz\Documents\homo sapiens.odp
2014-05-06 18:20 - 2014-05-16 14:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 18:20 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 18:20 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 18:20 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 18:20 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 18:20 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 18:20 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 18:20 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 18:20 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 18:20 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 18:20 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 18:20 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 18:20 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 18:20 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 18:20 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 18:20 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 18:20 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 18:20 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 18:20 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 18:20 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 18:20 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 18:20 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 18:20 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 18:20 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 18:20 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 18:20 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 18:20 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 18:20 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 18:20 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 18:20 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 18:20 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 18:20 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 18:20 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 18:20 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 18:20 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 18:20 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 18:20 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 18:20 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 18:20 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 18:20 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 18:20 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 18:20 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 18:20 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 18:20 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 18:20 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-05 16:12 - 2014-05-05 16:13 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Braid
2014-05-03 11:24 - 2014-05-03 11:24 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 11:22 - 2014-05-03 11:22 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\CCleaner - CHIP-Downloader.exe
2014-04-29 20:51 - 2014-04-29 20:51 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\com.blinkworks.IGTM
2014-04-28 15:26 - 2014-05-04 15:32 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TeamViewer
2014-04-26 20:34 - 2014-04-26 20:34 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-26 20:33 - 2014-04-26 20:33 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\TeamViewer - CHIP-Downloader.exe
2014-04-24 18:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-24 00:33 - 2014-04-24 00:34 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-04-24 00:33 - 2014-04-24 00:33 - 00066728 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-04-24 00:33 - 2014-04-24 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-19 22:00 - 2014-04-19 22:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\Notepad - CHIP-Downloader.exe
2014-04-19 16:58 - 2014-04-19 17:29 - 00000000 ____D () C:\Program Files (x86)\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-19 16:57 - 2014-04-19 16:57 - 01085440 _____ () C:\Users\Franz\Downloads\puush.msi
2014-04-19 16:19 - 2014-04-19 16:19 - 00395853 _____ () C:\Users\Franz\Downloads\ShadersMod-v2.3.15mc1.7.5-installer.jar

==================== One Month Modified Files and Folders =======

2014-05-18 14:45 - 2014-05-18 14:45 - 00014862 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-05-18 14:45 - 2014-05-15 13:45 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-05-18 14:45 - 2014-05-11 07:43 - 00000000 ____D () C:\FRST
2014-05-18 14:45 - 2014-05-11 07:41 - 02067456 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-05-18 14:44 - 2014-05-18 14:44 - 00000863 _____ () C:\Users\Franz\Desktop\Neues Textdokument.txt
2014-05-18 14:31 - 2012-10-06 12:27 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA.job
2014-05-18 14:10 - 2013-11-01 19:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 12:16 - 2014-01-29 18:38 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Spotify
2014-05-18 12:07 - 2014-05-18 12:07 - 02347384 _____ (ESET) C:\Users\Franz\Downloads\esetsmartinstaller_deu.exe
2014-05-18 12:07 - 2014-05-18 12:07 - 00855379 _____ () C:\Users\Franz\Desktop\SecurityCheck.exe
2014-05-18 10:30 - 2014-05-15 14:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 10:22 - 2014-05-18 10:21 - 00000000 ____D () C:\Users\Franz\Documents\RCT3
2014-05-18 10:21 - 2014-05-18 10:21 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Atari
2014-05-18 10:20 - 2014-05-18 10:20 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll
2014-05-18 10:20 - 2014-05-18 10:20 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Leadertech
2014-05-18 10:20 - 2014-05-16 15:32 - 00166892 _____ () C:\Windows\DirectX.log
2014-05-18 10:18 - 2014-05-18 10:18 - 00001217 _____ () C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
2014-05-18 10:18 - 2014-05-18 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2014-05-18 10:11 - 2014-05-18 10:11 - 00000000 ____D () C:\Program Files (x86)\Atari
2014-05-18 10:09 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 10:09 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 10:06 - 2012-10-05 18:55 - 01641149 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 10:05 - 2011-04-12 09:43 - 00709884 _____ () C:\Windows\system32\perfh007.dat
2014-05-18 10:05 - 2011-04-12 09:43 - 00154320 _____ () C:\Windows\system32\perfc007.dat
2014-05-18 10:05 - 2009-07-14 07:13 - 01649420 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 10:00 - 2014-05-13 14:02 - 00001257 _____ () C:\Windows\setupact.log
2014-05-18 10:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 00:26 - 2012-10-07 15:54 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TS3Client
2014-05-18 00:26 - 2012-10-06 12:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-17 22:45 - 2013-08-15 12:33 - 00000000 ____D () C:\ProgramData\Origin
2014-05-17 22:45 - 2013-08-15 12:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-17 21:20 - 2014-05-17 21:19 - 2242472912 _____ () C:\Users\Franz\Desktop\csgo 2014-05-17 21-19-10-99.avi
2014-05-17 20:31 - 2012-10-06 12:27 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core.job
2014-05-17 20:18 - 2014-02-13 16:38 - 00000000 ____D () C:\Users\Franz\AppData\Local\Battle.net
2014-05-17 17:21 - 2012-12-23 13:00 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A2BE357-0D83-461C-B9C4-6BCFCC2F8536}
2014-05-17 14:21 - 2012-10-06 13:08 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Skype
2014-05-16 16:30 - 2014-05-16 15:34 - 00000000 ____D () C:\Users\Franz\AppData\Local\Arma 3
2014-05-16 15:34 - 2014-05-16 15:34 - 00000000 ____D () C:\Users\Franz\Documents\Arma 3
2014-05-16 15:34 - 2014-05-16 15:34 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2014-05-16 14:10 - 2012-10-05 18:55 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 14:10 - 2012-10-05 18:55 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 14:06 - 2014-05-06 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 19:34 - 2014-01-29 18:38 - 00000000 ____D () C:\Users\Franz\AppData\Local\Spotify
2014-05-15 14:01 - 2014-05-15 14:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 14:01 - 2014-05-15 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 14:01 - 2014-05-15 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 14:01 - 2012-10-07 17:08 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Malwarebytes
2014-05-15 14:01 - 2012-10-07 17:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 13:49 - 2014-05-15 13:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-15 13:44 - 2014-05-15 13:25 - 00000000 ____D () C:\AdwCleaner
2014-05-15 13:25 - 2014-05-15 13:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Franz\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 13:24 - 2014-05-15 13:24 - 01325827 _____ () C:\Users\Franz\Downloads\adwcleaner_3.208.exe
2014-05-15 13:24 - 2014-05-15 13:24 - 01016261 _____ (Thisisu) C:\Users\Franz\Desktop\JRT.exe
2014-05-15 13:21 - 2013-03-29 15:46 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-15 13:21 - 2013-03-29 15:46 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-14 22:22 - 2014-05-09 16:09 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\HLSW
2014-05-14 18:11 - 2013-11-01 19:56 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 18:11 - 2013-11-01 19:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:11 - 2013-11-01 19:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 16:14 - 2014-05-14 15:16 - 00000000 ____D () C:\Users\Franz\Desktop\Neuer Ordner
2014-05-14 15:21 - 2014-05-09 14:52 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\FileZilla
2014-05-14 14:42 - 2014-05-14 14:42 - 00000552 _____ () C:\Windows\PFRO.log
2014-05-14 14:33 - 2014-05-14 14:33 - 00013621 _____ () C:\ComboFix.txt
2014-05-14 14:33 - 2014-05-14 14:23 - 00000000 ____D () C:\Qoobox
2014-05-14 14:33 - 2014-05-14 14:23 - 00000000 ____D () C:\ComboFix
2014-05-14 14:33 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-14 14:32 - 2014-05-14 14:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-14 14:32 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-14 14:18 - 2014-05-14 14:18 - 05200050 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-05-13 16:42 - 2013-11-04 21:49 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-05-13 14:02 - 2014-05-13 14:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 17:13 - 2013-06-25 14:48 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Audacity
2014-05-12 16:22 - 2014-04-04 13:37 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\.minecraft
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\LoneSurvivor
2014-05-11 09:45 - 2014-02-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-11 06:16 - 2013-04-15 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 13:13 - 2014-05-10 13:13 - 00001702 _____ () C:\Users\Franz\Downloads\weapon_ttt_ak47.zip
2014-05-10 12:26 - 2014-05-10 12:26 - 00001694 _____ () C:\Users\Franz\Desktop\filezilla - Verknüpfung.lnk
2014-05-10 12:17 - 2014-05-10 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 16:09 - 2014-05-09 16:09 - 00000957 _____ () C:\Users\Franz\Desktop\HLSW.lnk
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLSW
2014-05-09 16:09 - 2014-05-09 16:09 - 00000000 ___SD () C:\Program Files (x86)\HLSW
2014-05-09 16:08 - 2014-05-09 16:08 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\hlsw_1_4_0_2_setup - CHIP-Downloader.exe
2014-05-09 15:11 - 2012-07-16 11:02 - 00000000 ____D () C:\Users\Franz\Downloads\materials
2014-05-09 15:11 - 2012-07-16 11:02 - 00000000 ____D () C:\Users\Franz\Downloads\maps
2014-05-09 14:51 - 2014-05-09 14:50 - 00000000 ____D () C:\Program Files (x86)\filezilla
2014-05-09 14:50 - 2014-05-09 14:50 - 00629584 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\FileZilla - CHIP-Downloader.exe
2014-05-09 08:14 - 2014-05-15 13:24 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 13:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 20:26 - 2012-10-06 12:27 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000UA
2014-05-07 20:26 - 2012-10-06 12:27 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2076128565-2949655076-934418033-1000Core
2014-05-07 14:35 - 2009-07-14 06:45 - 00295824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 04:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-07 03:07 - 2012-10-05 19:02 - 00064024 _____ () C:\Users\Franz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-07 03:06 - 2014-05-07 03:06 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-07 03:06 - 2014-05-07 03:06 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\OpenOffice
2014-05-07 03:05 - 2014-05-07 03:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-07 02:55 - 2014-05-07 02:55 - 00003282 _____ () C:\Windows\System32\Tasks\{745B0226-3599-469E-9CD7-969C62E0F598}
2014-05-07 02:45 - 2014-05-07 02:44 - 164962843 _____ () C:\Users\Franz\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_de.exe
2014-05-06 21:40 - 2014-05-06 21:40 - 01877006 _____ () C:\Users\Franz\Documents\homo sapiens.odp
2014-05-06 18:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 06:40 - 2014-05-14 22:25 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 16:13 - 2014-05-05 16:12 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Braid
2014-05-04 15:32 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\TeamViewer
2014-05-03 20:07 - 2012-10-07 18:16 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-03 20:07 - 2012-10-07 18:14 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-03 19:54 - 2012-10-07 18:16 - 00000000 ____D () C:\Users\Franz\AppData\Local\PunkBuster
2014-05-03 19:54 - 2012-10-07 18:14 - 00291512 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-03 19:52 - 2013-12-29 13:20 - 00000000 ____D () C:\Users\Franz\AppData\Local\Ubisoft
2014-05-03 18:16 - 2013-01-28 15:43 - 00000000 ____D () C:\Users\Franz\Desktop\Zeug
2014-05-03 11:31 - 2014-02-17 16:26 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-03 11:30 - 2012-09-05 13:50 - 00000000 ____D () C:\Windows\Panther
2014-05-03 11:24 - 2014-05-03 11:24 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 11:24 - 2013-08-27 21:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 11:22 - 2014-05-03 11:22 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\CCleaner - CHIP-Downloader.exe
2014-05-02 14:26 - 2014-02-13 16:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-29 20:51 - 2014-04-29 20:51 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\com.blinkworks.IGTM
2014-04-26 20:34 - 2014-04-26 20:34 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-26 20:34 - 2014-04-26 20:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-26 20:33 - 2014-04-26 20:33 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\TeamViewer - CHIP-Downloader.exe
2014-04-26 12:36 - 2014-01-23 16:45 - 00000000 ____D () C:\Users\Franz\AppData\Local\PMB Files
2014-04-26 12:36 - 2014-01-23 16:45 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-25 18:21 - 2013-09-09 19:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-25 18:20 - 2012-10-07 18:14 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-25 00:33 - 2012-11-17 15:31 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\DVDVideoSoft
2014-04-24 17:38 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-24 00:34 - 2014-04-24 00:33 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-04-24 00:33 - 2014-04-24 00:33 - 00066728 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-04-24 00:33 - 2014-04-24 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-04-22 00:51 - 2013-08-26 14:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Adobe
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-19 22:01 - 2014-04-19 22:01 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-19 22:00 - 2014-04-19 22:00 - 00613200 _____ (Chip Digital GmbH) C:\Users\Franz\Downloads\Notepad - CHIP-Downloader.exe
2014-04-19 17:29 - 2014-04-19 16:58 - 00000000 ____D () C:\Program Files (x86)\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\puush
2014-04-19 16:58 - 2014-04-19 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-04-19 16:57 - 2014-04-19 16:57 - 01085440 _____ () C:\Users\Franz\Downloads\puush.msi
2014-04-19 16:19 - 2014-04-19 16:19 - 00395853 _____ () C:\Users\Franz\Downloads\ShadersMod-v2.3.15mc1.7.5-installer.jar

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe
C:\Users\Franz\AppData\Local\Temp\SIntf16.dll
C:\Users\Franz\AppData\Local\Temp\SIntf32.dll
C:\Users\Franz\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-15 13:22] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

schrauber 19.05.2014 09:33
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131