Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win7 Suchseite Trovi.com lässt sich nicht entfernen (https://www.trojaner-board.de/154150-win7-suchseite-trovi-com-laesst-entfernen.html)

Latviel 24.05.2014 20:33
Ok durchgeführt!

Es gab während des Prozesses keine Meldungen etc.. Alles in einem rutsch durchgelaufen!

Bemerkung 1 zu den Startseiten im Firefox:
Ich habe beide Startseiten unkenntlich gemacht da ich in diesem Verein aktiv mitarbeite und mit privatem Namen aufgeführt werde. Beide Seiten stehen ohne kryptische Zeichen in ihrer normalen URL drinnen. Obwohl mich in der log das "hxxp" der ersten Startseite irretiert. Kenne mich da allerdings nicht so aus!?

Bemerkung 2 zu den Startseiten im Firefox:
In der Log steht die zweite Startseite mit http drinnen. Kopiere ich es hier rein steht hxxp drinnen!?

Wenn es für dich unbedingt von nöten ist kann ich es angeben, würde es aber wenn möglich vermeiden wollen.

Code:
ComboFix 14-05-19.01 - *** 24.05.2014  20:29:22.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8169.6120 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\YoutubeAdblocker
c:\windows\SysWow64\tmp8555.tmp
c:\windows\SysWow64\tmp8565.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-24 bis 2014-05-24  ))))))))))))))))))))))))))))))
.
.
2014-05-24 18:35 . 2014-05-24 18:35        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-05-23 22:18 . 2014-05-23 22:18        --------        d-----w-        c:\program files (x86)\ESET
2014-05-23 16:43 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A9D3415-1C50-4BD6-B4F0-5F5F8737808B}\mpengine.dll
2014-05-21 05:49 . 2014-05-23 22:17        --------        d-----w-        C:\FRST
2014-05-20 22:12 . 2014-05-24 18:14        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-20 22:12 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-05-20 22:12 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-05-20 22:12 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-05-20 20:27 . 2014-05-20 21:37        --------        d-----w-        c:\programdata\NeeXtuCouep
2014-05-20 20:27 . 2014-05-20 20:27        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\Chromatic Browser
2014-05-20 20:27 . 2014-05-20 20:27        --------        d-----w-        c:\users\***\AppData\Local\Chromatic Browser
2014-05-20 20:27 . 2014-05-20 20:27        --------        d-----w-        c:\program files (x86)\NeeXtuCouep
2014-05-20 20:26 . 2014-05-20 20:26        2118880        ----a-w-        c:\windows\SysWow64\setup.exe
2014-05-18 15:46 . 2008-07-12 06:18        540688        ----a-w-        c:\windows\system32\d3dx10_39.dll
2014-05-18 15:46 . 2008-07-12 06:18        1942552        ----a-w-        c:\windows\system32\D3DCompiler_39.dll
2014-05-18 15:46 . 2008-07-12 06:18        4992520        ----a-w-        c:\windows\system32\D3DX9_39.dll
2014-05-18 11:39 . 2014-05-18 11:39        --------        d-----w-        c:\users\***\AppData\Local\Broadcom
2014-05-18 11:39 . 2010-01-15 11:23        98344        ----a-w-        c:\windows\system32\drivers\btwaudio.sys
2014-05-18 11:39 . 2010-01-15 11:23        132648        ----a-w-        c:\windows\system32\drivers\btwavdt.sys
2014-05-18 11:39 . 2010-01-15 11:23        21288        ----a-w-        c:\windows\system32\drivers\btwrchid.sys
2014-05-18 11:39 . 2009-04-07 12:33        35104        ----a-w-        c:\windows\system32\drivers\btwl2cap.sys
2014-05-18 11:38 . 2014-05-18 11:38        --------        d-----w-        c:\program files\WIDCOMM
2014-05-18 00:12 . 2014-05-18 00:12        --------        d-----w-        c:\programdata\AllaboutApp
2014-05-18 00:11 . 2014-05-18 00:11        --------        d-----w-        c:\users\***\AppData\Roaming\SendSpace
2014-05-18 00:10 . 2014-05-22 17:38        --------        d-----w-        c:\programdata\YoutubeAdblocker
2014-05-18 00:09 . 2014-05-20 20:28        --------        d-----w-        c:\programdata\savee nneT
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\program files (x86)\savee nneT
2014-05-18 00:09 . 2014-05-22 17:34        --------        d-----w-        c:\programdata\8dae8828e4a957ff
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\Torch
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\Google
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\Comodo
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\users\***\AppData\Local\Torch
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\users\***\AppData\Local\Comodo
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\users\HomeGroupUser$
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\users\Gast
2014-05-18 00:09 . 2014-05-18 00:09        --------        d-----w-        c:\users\Administrator
2014-05-18 00:07 . 2014-05-18 00:12        --------        d-----w-        c:\programdata\InstallMate
2014-05-17 23:55 . 2014-05-17 23:55        --------        d-----w-        c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-05-17 23:55 . 2014-05-17 23:55        --------        d-----w-        c:\windows\SysWow64\xlive
2014-05-17 23:55 . 2014-05-17 23:55        --------        d-----w-        c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-05-17 00:50 . 2014-05-17 00:58        --------        d--h--w-        c:\program files (x86)\Temp
2014-05-16 23:41 . 2014-05-16 23:41        --------        d-sh--w-        c:\windows\ftpcache
2014-05-13 20:10 . 2014-05-06 04:40        23544320        ----a-w-        c:\windows\system32\mshtml.dll
2014-05-13 20:10 . 2014-05-06 03:00        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2014-05-13 20:09 . 2014-05-06 04:17        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-13 20:09 . 2014-05-06 03:07        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-05-06 22:44 . 2014-05-06 22:44        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-05-06 22:44 . 2014-05-06 22:44        43152        ----a-w-        c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-18 20:17 . 2013-02-02 12:46        311968        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2014-05-18 18:52 . 2013-02-02 12:46        43168        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2014-05-15 10:44 . 2011-12-26 14:24        423240        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-05-15 10:44 . 2011-12-26 14:24        1039096        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-05-15 10:44 . 2014-01-02 17:18        85328        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-05-14 21:02 . 2012-04-01 08:29        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 21:02 . 2011-12-26 14:55        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 20:06 . 2011-12-26 13:56        93223848        ----a-w-        c:\windows\system32\MRT.exe
2014-05-11 08:10 . 2014-03-15 09:15        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\NewShortcut2_42CBAC89E210433F82D8B5BE80F2AEF2.exe
2014-05-11 08:10 . 2014-03-15 09:15        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\NewShortcut1_D441B457DF544BDE9AF24CD3A5A86089.exe
2014-05-11 08:10 . 2014-03-15 09:12        98304        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\StartCenter2014_W8_5B46E5977D754E089659BE6AD1F9B759.exe
2014-05-11 08:10 . 2014-03-15 09:12        98304        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\StartCenter2014_C881D8C379EF459FB5826AE7A330CFFB.exe
2014-05-11 08:10 . 2014-03-15 09:12        98304        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\DesktopIcon_12315F4CBF744E98897D372E486C466A.exe
2014-05-11 08:10 . 2014-03-15 09:12        81920        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\ARPPRODUCTICON.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\Support_W8_F8B35F136AE646FD99DF1ED970BFF17C.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\Support_9CA870DD2DE842D9AA34F7B64DCA491C.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEvorweg_W8_7048A26ED1D94694AD78722A8C26F1D9.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEvorweg_D88EC50776204E11A45F4BA56D9E9F9A.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEnormal_W8_490717E7771547F490F75B8D5E3FFB21.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEnormal_E816849259B145008D96169BDA2F9A1C.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEfest_W8_EF7BE7BF193D4A62B73F4CAA41CA972C.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEfest_85F8D7EED43B44D48769FCEF89564CC5.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEermaess_W8_DF471FAEB8BD4DC8AE3F38951BA12FF7.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEermaess_AC738017BDBE4A75BD9BC236CF03BAD5.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEeinurvor_W8_B5D6E2477DF849E89ED9C51876F8D4A7.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEeinurvor_6111E232E85449F19ACDA70D15D6D8A7.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEeinur_W8_007A0C27C9A3442C9CEAEEC2C7B82AE5.exe
2014-05-11 08:10 . 2014-03-15 09:12        65536        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\SSEeinur_345636AACDA04899B531EC803D3963FE.exe
2014-05-11 08:10 . 2014-03-15 09:12        49152        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\Uninstall_W8_03A9248590D14BFDBC7EF4783648E0D8.exe
2014-05-11 08:10 . 2014-03-15 09:12        49152        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\Uninstall_AA2D99EAB10D464EACD1AB33FE89209E.exe
2014-05-11 08:10 . 2014-03-15 09:12        40960        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\Report_W8_91584FFDDEF841FEB2A02531A2DC5A69.exe
2014-05-11 08:10 . 2014-03-15 09:12        40960        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{A463EB06-22A6-47F5-9593-E52B291EF13E}\Report_E3BBAB5C9F584EC58992AA7E7A58C919.exe
2014-05-06 22:44 . 2013-03-16 12:15        208416        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-05-06 22:44 . 2013-03-16 12:15        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-05-06 22:44 . 2012-02-25 11:43        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-05-06 22:44 . 2011-12-26 14:24        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-05-06 22:44 . 2011-12-26 14:24        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2014-04-14 16:12 . 2014-04-14 16:12        108968        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-14 16:12 . 2014-04-14 16:12        312744        ----a-w-        c:\windows\system32\javaws.exe
2014-04-14 16:12 . 2014-04-14 16:12        189352        ----a-w-        c:\windows\system32\javaw.exe
2014-04-14 16:12 . 2014-04-14 16:12        189352        ----a-w-        c:\windows\system32\java.exe
2014-03-31 20:46 . 2014-03-31 20:46        130712        ----a-w-        c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46        1070232        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 07:35 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-06 09:31 . 2014-04-08 23:35        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-08 23:35        66048        ----a-w-        c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-08 23:35        548352        ----a-w-        c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-08 23:35        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-08 23:34        2767360        ----a-w-        c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-08 23:35        51200        ----a-w-        c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-08 23:35        33792        ----a-w-        c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-08 23:35        574976        ----a-w-        c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-08 23:35        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-08 23:35        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-08 23:35        752640        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-08 23:35        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-08 23:34        5784064        ----a-w-        c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-08 23:35        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-08 23:35        586240        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-08 23:35        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-08 23:35        455168        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-08 23:35        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-08 23:35        38400        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-08 23:35        195584        ----a-w-        c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-08 23:34        4254720        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-08 23:35        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-08 23:35        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-08 23:35        592896        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-08 23:35        628736        ----a-w-        c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-08 23:35        32256        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-08 23:34        2043904        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-08 23:34        13551104        ----a-w-        c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-08 23:34        1967104        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-08 23:34        2260480        ----a-w-        c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-08 23:34        1400832        ----a-w-        c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-08 23:35        846336        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-08 23:34        1789440        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-08 23:31        362496        ----a-w-        c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 23:31        243712        ----a-w-        c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 23:31        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-08 23:31        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-08 23:31        1163264        ----a-w-        c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-08 23:31        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-08 23:31        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-08 23:31        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-08 23:31        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-08 23:31        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-08 23:31        2048        ----a-w-        c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"iCloudServices"="d:\apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="d:\apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-01-21 40448]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-01-28 907776]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5993216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1173712]
"AvastUI.exe"="d:\avast\AvastUI.exe" [2014-05-06 3873704]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2013-12-05 139776]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-12-27 4522496]
"BrHelp"="c:\program files (x86)\Brother\Brother Help\BrotherHelp.exe" [2013-01-18 2009088]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2014-02-21 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;d:\malwarebytes anti-malware\mbamscheduler.exe;d:\malwarebytes anti-malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;d:\malwarebytes anti-malware\mbamservice.exe;d:\malwarebytes anti-malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;d:\skype\Updater\Updater.exe;d:\skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CYDTV_SRV;cydtv Driver;c:\windows\system32\drivers\cydtv.sys;c:\windows\SYSNATIVE\drivers\cydtv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys;c:\windows\SYSNATIVE\drivers\hcw17bda.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\DRIVERS\Rockey4USB.sys;c:\windows\SYSNATIVE\DRIVERS\Rockey4USB.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH5F0D.sys [x]
R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU5F0D.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ttusb2bda_amd64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/12/15 16:40];d:\powerdvd13\PowerDVD13\Common\NavFilter\000.fcl;d:\powerdvd13\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe;c:\program files (x86)\AAVUpdateManager\aavus.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;d:\powerdvd13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;d:\powerdvd13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;d:\powerdvd13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;d:\powerdvd13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 DVBLinkServer2;DVBLink Server;d:\dvblogic\DVBLink2\DVBLinkServer.exe;d:\dvblogic\DVBLink2\DVBLinkServer.exe [x]
S2 HauppaugeTVServer;HauppaugeTVServer;d:\wintv\TVServer\HauppaugeTVServer.exe;d:\wintv\TVServer\HauppaugeTVServer.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UI Assistant Service;UI Assistant Service;d:\1&1 surf-stick\AssistantServices.exe;d:\1&1 surf-stick\AssistantServices.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 dvblinkcap;DVBLink Capture #1;c:\windows\system32\DRIVERS\dvblinkcap.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinkcap.sys [x]
S3 dvblinkcap2;DVBLink Capture #2;c:\windows\system32\DRIVERS\dvblinkcap2.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinkcap2.sys [x]
S3 dvblinkcap3;DVBLink Capture #3;c:\windows\system32\DRIVERS\dvblinkcap3.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinkcap3.sys [x]
S3 dvblinkcap4;DVBLink Capture #4;c:\windows\system32\DRIVERS\dvblinkcap4.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinkcap4.sys [x]
S3 dvblinktun;DVBLink Tuner #1;c:\windows\system32\DRIVERS\dvblinktun.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinktun.sys [x]
S3 dvblinktun2;DVBLink Tuner #2;c:\windows\system32\DRIVERS\dvblinktun2.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinktun2.sys [x]
S3 dvblinktun3;DVBLink Tuner #3;c:\windows\system32\DRIVERS\dvblinktun3.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinktun3.sys [x]
S3 dvblinktun4;DVBLink Tuner #4;c:\windows\system32\DRIVERS\dvblinktun4.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinktun4.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-06 22:44        290888        ----a-w-        d:\avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403688]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\
FF - prefs.js: browser.startup.homepage - hxxp://***/|hxxp://***
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\***\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\d:\powerdvd13\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-461601121-2454032722-3572995621-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3a,cf,53,18,0e,9a,85,7c,62,c9,16,cf,aa,68,73,5a,de,ff,42,dc,10,30,70,
  ba,18,f9,e1,91,2f,ff,1e,1d,f8,54,60,1f,67,3d,5f,e3,3a,32,a8,f4,07,9b,fb,55,\
"??"=hex:46,e3,4d,3a,22,cc,5a,fb,6a,9a,3d,ab,8f,cb,0e,51
.
[HKEY_USERS\S-1-5-21-461601121-2454032722-3572995621-1000\Software\SecuROM\License information*]
"datasecu"=hex:8c,22,38,27,cb,66,01,8a,6f,75,a2,b7,ac,37,ae,04,c0,bf,b7,04,77,
  1d,50,6f,4d,5d,b0,0a,b5,9d,6a,19,ec,b9,4c,cc,7b,be,6a,d3,95,19,40,ad,5f,b5,\
"rkeysecu"=hex:95,d4,32,79,72,4b,dd,84,6d,49,5d,d4,4a,8c,49,36
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-24  20:37:09
ComboFix-quarantined-files.txt  2014-05-24 18:37
.
Vor Suchlauf: 13 Verzeichnis(se), 24.682.729.472 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 24.462.536.704 Bytes frei
.
- - End Of File - - AD5412006B0FF805738BBBD256A5C0C5

cosinus 25.05.2014 22:38
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Latviel 26.05.2014 19:44
Ok, alles soweit durch.
Ich habe nach den Neustarts der Tools immer eine Meldung bekommen, dass ein Treiber geblockt wurde.
Es geht um den Treiber "Tages Protection" von "Tages SA" ohne Pfadangabe.
Der Treiber sagt mir nichts??

Hier die logs:

adwCleaner:
Code:
# AdwCleaner v3.211 - Bericht erstellt am 26/05/2014 um 19:46:47
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : *** - BLACK-STEALTH
# Gestartet von : C:\Users\***\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\savee nneT
Ordner Gelöscht : C:\ProgramData\YoutubeAdblocker
Ordner Gelöscht : C:\Program Files (x86)\savee nneT
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\***\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\***\AppData\Local\torch
Ordner Gelöscht : C:\Users\***\AppData\Roaming\SendSpace
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\torch
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak
Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak
Datei Gelöscht : C:\Users\***\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\***\AppData\Roaming\regsvr32.exe_log.txt

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_curse-client_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_curse-client_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xmedia-recode_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xmedia-recode_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5359 octets] - [26/05/2014 19:45:30]
AdwCleaner[S0].txt - [5118 octets] - [26/05/2014 19:46:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5178 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by *** on 26.05.2014 at 20:06:59,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}



~~~ Files

Successfully deleted: [File] "C:\Users\***\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2014 at 20:12:03,65
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST64:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by *** (administrator) on BLACK-STEALTH on 26-05-2014 20:22:21
Running from C:\Users\***\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) D:\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(DVBLogic) D:\DVBLogic\DVBLink2\DVBLinkServer.exe
(Hauppauge Computer Works) D:\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nero AG) D:\Nero 8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() D:\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) D:\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) D:\Apple\Internet Services\ApplePhotoStreams.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(AVAST Software) D:\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) D:\Apple\Internet Services\APSDaemon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-28] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [907776 2011-01-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5993216 2012-06-28] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2013-12-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {7885fa50-2fc3-11e1-af67-806e6f6e6963} - I:\InstAll.exe
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {8225242e-384b-11e1-b1f7-74f06dbf1989} - K:\Setup\rsrc\Autorun.exe
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {877fa340-2fe9-11e1-8ae5-806e6f6e6963} - J:\Autoplay.exe -auto

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC179616C8CD8CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724
FF Homepage: hxxp://***|hxxp://***
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: YouTube Unblocker - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\youtubeunblocker@unblocker.yt [2014-05-20]
FF Extension: DownThemAll! - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Avast\WebRep\FF [2011-12-26]
FF HKCU\...\Firefox\Extensions: [jid1-VZC3jSUSB1KxYw@jetpack] - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack\
FF Extension: skype_addon - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack\ []
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Browser Shope) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn [2014-05-18]
CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm [2014-05-18]
CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2014-05-18]
CHR Extension: (NeeXtuCouep) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec [2014-05-20]
CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak [2014-05-18]
CHR HKCU\...\Chrome\Extension: [bofpgnmdjnpjpegclhggphjeladaklnf] - C:\Users\***\AppData\Roaming\Steam\bofpgnmdjnpjpegclhggphjeladaklnf.crx [2012-02-02]

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; D:\Avast\AvastSvc.exe [50344 2014-05-07] (AVAST Software)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 DVBLinkServer2; D:\DVBLogic\DVBLink2\DVBLinkServer.exe [1991680 2010-10-21] (DVBLogic)
R2 HauppaugeTVServer; D:\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works)
S2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; D:\Nero 8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-19] ()
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
R2 UI Assistant Service; D:\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-07] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2014-05-18] ()
S3 CdaC15BA; C:\Windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-12-22] ()
S3 CYDTV_SRV; C:\Windows\System32\drivers\cydtv.sys [576480 2010-07-13] ( )
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-06] (DT Soft Ltd)
R3 dvblinkcap; C:\Windows\System32\DRIVERS\dvblinkcap.sys [18608 2010-07-19] (DVBLink)
R3 dvblinkcap2; C:\Windows\System32\DRIVERS\dvblinkcap2.sys [18608 2010-07-19] (DVBLink)
R3 dvblinkcap3; C:\Windows\System32\DRIVERS\dvblinkcap3.sys [18608 2010-07-19] (DVBLink)
R3 dvblinkcap4; C:\Windows\System32\DRIVERS\dvblinkcap4.sys [18608 2010-07-19] (DVBLink)
R3 dvblinktun; C:\Windows\System32\DRIVERS\dvblinktun.sys [20784 2010-07-19] (DVBLink)
R3 dvblinktun2; C:\Windows\System32\DRIVERS\dvblinktun2.sys [20784 2010-07-19] (DVBLink)
R3 dvblinktun3; C:\Windows\System32\DRIVERS\dvblinktun3.sys [20784 2010-07-19] (DVBLink)
R3 dvblinktun4; C:\Windows\System32\DRIVERS\dvblinktun4.sys [20784 2010-07-19] (DVBLink)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S4 ithsgt; C:\Windows\SysWOW64\DRIVERS\ithsgt.sys [162432 2012-08-16] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S2 lilsgt; C:\Windows\System32\DRIVERS\lilsgt.sys [21504 2012-08-16] ()
S2 lilsgt; C:\Windows\SysWOW64\DRIVERS\lilsgt.sys [12032 2012-08-16] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-05-18] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [31784 2012-03-29] (Feitian Technologies Co., Ltd.)
S3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [22696 2012-03-29] (Feitian Technologies Co., Ltd.)
S3 SaiH5F0D; C:\Windows\System32\DRIVERS\SaiH5F0D.sys [171144 2007-05-01] (Saitek)
S3 SaiU5F0D; C:\Windows\System32\DRIVERS\SaiU5F0D.sys [34304 2007-05-01] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-26] ()
S3 TTUSB2BDA_NTAMD64; C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [737312 2008-12-16] (TechnoTrend GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 20:22 - 2014-05-26 20:22 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion
2014-05-26 20:12 - 2014-05-26 20:12 - 00000885 _____ () C:\Users\***\Desktop\JRT.txt
2014-05-26 19:55 - 2014-05-26 19:55 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 19:53 - 2014-05-26 19:53 - 00005251 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-05-26 19:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-26 19:45 - 2014-05-26 19:46 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:42 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-05-26 19:41 - 2014-05-26 19:41 - 01327971 _____ () C:\Users\***\Desktop\adwcleaner_3.211.exe
2014-05-24 21:04 - 2014-05-24 21:07 - 00036265 _____ () C:\Users\***\Desktop\ComboFix.txt
2014-05-24 20:57 - 2014-05-26 19:48 - 00000866 _____ () C:\Windows\PFRO.log
2014-05-24 20:37 - 2014-05-24 20:37 - 00036351 _____ () C:\ComboFix.txt
2014-05-24 20:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-24 20:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-24 20:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-24 20:26 - 2014-05-24 20:37 - 00000000 ____D () C:\Qoobox
2014-05-24 20:26 - 2014-05-24 20:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 20:20 - 2014-05-19 13:03 - 05200426 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-05-24 20:11 - 2014-05-26 20:18 - 00000392 _____ () C:\Windows\setupact.log
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-24 09:11 - 2014-05-24 09:11 - 00000286 _____ () C:\Users\***\Desktop\Eset Online Scanner.txt
2014-05-24 00:18 - 2014-05-24 00:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-24 00:16 - 2014-05-24 09:40 - 00048309 _____ () C:\Users\***\Desktop\Addition.txt
2014-05-24 00:15 - 2014-05-26 20:22 - 00021251 _____ () C:\Users\***\Desktop\FRST.txt
2014-05-24 00:14 - 2014-05-24 09:54 - 00004582 _____ () C:\Users\***\Desktop\a2scan_140523-195951.txt
2014-05-21 07:49 - 2014-05-26 20:22 - 00000000 ____D () C:\FRST
2014-05-21 00:15 - 2014-05-26 20:22 - 02066944 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2014-05-21 00:12 - 2014-05-26 20:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 00:12 - 2014-05-21 00:12 - 00000617 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-21 00:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-21 00:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-21 00:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-20 22:27 - 2014-05-20 22:27 - 00000000 ____D () C:\Program Files (x86)\NeeXtuCouep
2014-05-20 22:26 - 2014-05-20 22:26 - 02118880 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-18 17:46 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-05-18 17:46 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-18 17:46 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-18 13:39 - 2014-05-18 13:39 - 00000000 ____D () C:\Users\***\AppData\Local\Broadcom
2014-05-18 13:39 - 2010-01-15 13:23 - 00132648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-05-18 13:39 - 2010-01-15 13:23 - 00098344 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-05-18 13:39 - 2010-01-15 13:23 - 00021288 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-05-18 13:39 - 2009-04-07 14:33 - 00035104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-05-18 13:38 - 2014-05-18 13:38 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\***\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator
2014-05-18 02:02 - 2014-05-18 02:02 - 00001745 _____ () C:\Users\Public\Desktop\Bulletstorm.lnk
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-05-17 02:57 - 2014-05-17 02:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-05-17 02:57 - 2014-05-17 02:57 - 00000000 ____D () C:\Program Files\Realtek
2014-05-17 02:57 - 2010-07-22 17:55 - 02032232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-05-17 02:57 - 2010-07-22 17:55 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-05-17 02:57 - 2010-07-22 17:41 - 02435816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-05-17 02:57 - 2010-07-22 17:41 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-05-17 02:57 - 2010-07-22 17:40 - 01210984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-05-17 02:57 - 2010-07-22 17:40 - 00476264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-05-17 02:57 - 2010-07-22 17:40 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-05-17 02:57 - 2010-07-22 17:40 - 00076904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2014-05-17 02:57 - 2010-07-20 16:43 - 01251944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-05-17 02:57 - 2010-07-12 15:31 - 00196704 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-05-17 02:57 - 2010-07-02 17:00 - 00309336 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2014-05-17 02:57 - 2010-05-06 16:43 - 02601816 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-05-17 02:57 - 2010-04-27 13:50 - 00330656 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-05-17 02:57 - 2010-04-14 17:56 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-05-17 02:57 - 2009-12-15 18:26 - 00372936 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-05-17 02:57 - 2009-12-15 18:26 - 00201928 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-05-17 02:57 - 2009-12-15 18:26 - 00099016 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-05-17 02:57 - 2009-12-15 18:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-05-17 02:57 - 2009-12-11 09:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-05-17 02:57 - 2009-12-11 09:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-05-17 02:57 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-05-17 02:57 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-05-17 02:57 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-05-17 02:57 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-05-17 02:57 - 2009-11-18 18:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-05-17 02:57 - 2009-11-18 07:12 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2014-05-17 02:57 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-05-17 02:13 - 2014-05-17 03:07 - 00000574 _____ () C:\Users\UpdatusUser\Desktop\Quake 4 multiplayer.lnk
2014-05-17 02:13 - 2014-05-17 03:07 - 00000538 _____ () C:\Users\UpdatusUser\Desktop\Quake 4.lnk
2014-05-17 01:41 - 2014-05-17 01:41 - 00000000 __SHD () C:\Windows\ftpcache
2014-05-15 20:48 - 2014-05-15 20:48 - 00000677 _____ () C:\Users\Public\Desktop\Die Gilde Gold-Edition T+L.lnk
2014-05-15 20:48 - 2014-05-15 20:48 - 00000662 _____ () C:\Users\Public\Desktop\Die Gilde Gold-Edition.lnk
2014-05-15 20:48 - 2014-05-15 20:48 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-05-14 00:46 - 2014-05-14 00:46 - 00001524 _____ () C:\Users\Public\Desktop\Hellgate London spielen .lnk
2014-05-13 23:00 - 2013-04-13 13:38 - 00000947 _____ () C:\Windows\system32\Drivers\etc\hosts - Kopie
2014-05-13 22:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-13 22:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-13 22:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-13 22:09 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-13 22:09 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-13 22:09 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-13 22:04 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 22:04 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-13 22:04 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 22:04 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 22:04 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 22:04 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 22:04 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 22:04 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 22:04 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-13 22:04 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-13 22:04 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-13 22:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 22:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 22:04 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 22:04 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 22:04 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 22:04 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-13 22:04 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-13 22:04 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-13 22:04 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 00:44 - 2014-05-07 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-07 00:44 - 2014-05-07 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

==================== One Month Modified Files and Folders =======

2014-05-26 20:22 - 2014-05-26 20:22 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion
2014-05-26 20:22 - 2014-05-24 00:15 - 00021251 _____ () C:\Users\***\Desktop\FRST.txt
2014-05-26 20:22 - 2014-05-21 07:49 - 00000000 ____D () C:\FRST
2014-05-26 20:22 - 2014-05-21 00:15 - 02066944 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2014-05-26 20:19 - 2014-05-21 00:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 20:18 - 2014-05-24 20:11 - 00000392 _____ () C:\Windows\setupact.log
2014-05-26 20:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 20:15 - 2011-12-26 15:25 - 00095927 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 20:13 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 20:13 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 20:13 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 20:13 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 20:13 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 20:12 - 2014-05-26 20:12 - 00000885 _____ () C:\Users\***\Desktop\JRT.txt
2014-05-26 19:55 - 2014-05-26 19:55 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 19:53 - 2014-05-26 19:53 - 00005251 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-05-26 19:48 - 2014-05-24 20:57 - 00000866 _____ () C:\Windows\PFRO.log
2014-05-26 19:46 - 2014-05-26 19:45 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:41 - 2014-05-26 19:41 - 01327971 _____ () C:\Users\***\Desktop\adwcleaner_3.211.exe
2014-05-25 21:52 - 2013-08-18 15:49 - 00000000 ____D () C:\Users\***\AppData\Local\20924801-609E-4B66-8071-BE0F0DC8EEC4.aplzod
2014-05-25 20:42 - 2012-01-01 01:46 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss
2014-05-25 17:55 - 2011-12-26 20:31 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-05-24 21:07 - 2014-05-24 21:04 - 00036265 _____ () C:\Users\***\Desktop\ComboFix.txt
2014-05-24 20:37 - 2014-05-24 20:37 - 00036351 _____ () C:\ComboFix.txt
2014-05-24 20:37 - 2014-05-24 20:26 - 00000000 ____D () C:\Qoobox
2014-05-24 20:37 - 2012-01-02 14:46 - 00000000 ____D () C:\Users\***\AppData\Local\Apps\2.0
2014-05-24 20:35 - 2014-05-24 20:26 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 20:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-24 20:14 - 2012-07-09 17:33 - 00004124 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-24 20:11 - 2012-09-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-24 20:09 - 2012-09-02 13:25 - 00000000 ____D () C:\Users\***\Documents\Anti-Malware
2014-05-24 18:35 - 2011-12-26 20:11 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-05-24 10:29 - 2014-03-22 19:43 - 00007891 _____ () C:\Windows\BRRBCOM.INI
2014-05-24 09:54 - 2014-05-24 00:14 - 00004582 _____ () C:\Users\***\Desktop\a2scan_140523-195951.txt
2014-05-24 09:40 - 2014-05-24 00:16 - 00048309 _____ () C:\Users\***\Desktop\Addition.txt
2014-05-24 09:11 - 2014-05-24 09:11 - 00000286 _____ () C:\Users\***\Desktop\Eset Online Scanner.txt
2014-05-24 00:18 - 2014-05-24 00:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-23 00:50 - 2011-12-26 17:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 19:57 - 2011-12-26 18:18 - 00142872 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 19:55 - 2009-07-14 06:45 - 06876320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-22 19:24 - 2012-09-03 23:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-22 19:17 - 2012-12-30 01:33 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-22 19:16 - 2011-12-26 16:55 - 00000000 ____D () C:\Users\***\AppData\Roaming\Adobe
2014-05-21 00:12 - 2014-05-21 00:12 - 00000617 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 22:35 - 2011-12-26 19:42 - 00000000 ____D () C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2014-05-20 22:27 - 2014-05-20 22:27 - 00000000 ____D () C:\Program Files (x86)\NeeXtuCouep
2014-05-20 22:26 - 2014-05-20 22:26 - 02118880 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-19 13:03 - 2014-05-24 20:20 - 05200426 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-05-18 22:17 - 2013-02-02 14:46 - 00311968 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-05-18 20:52 - 2013-02-02 14:46 - 00043168 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2014-05-18 13:39 - 2014-05-18 13:39 - 00000000 ____D () C:\Users\***\AppData\Local\Broadcom
2014-05-18 13:38 - 2014-05-18 13:38 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-05-18 02:31 - 2011-12-29 17:47 - 00000000 ____D () C:\Users\***\Documents\My Games
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\***\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator
2014-05-18 02:09 - 2013-05-24 00:05 - 00000000 ____D () C:\Users\***\AppData\Local\Google
2014-05-18 02:02 - 2014-05-18 02:02 - 00001745 _____ () C:\Users\Public\Desktop\Bulletstorm.lnk
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-05-17 03:07 - 2014-05-17 02:13 - 00000574 _____ () C:\Users\UpdatusUser\Desktop\Quake 4 multiplayer.lnk
2014-05-17 03:07 - 2014-05-17 02:13 - 00000538 _____ () C:\Users\UpdatusUser\Desktop\Quake 4.lnk
2014-05-17 02:57 - 2014-05-17 02:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-05-17 02:57 - 2014-05-17 02:57 - 00000000 ____D () C:\Program Files\Realtek
2014-05-17 02:57 - 2011-12-26 17:13 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-17 01:42 - 2011-12-29 12:46 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-17 01:41 - 2014-05-17 01:41 - 00000000 __SHD () C:\Windows\ftpcache
2014-05-15 20:48 - 2014-05-15 20:48 - 00000677 _____ () C:\Users\Public\Desktop\Die Gilde Gold-Edition T+L.lnk
2014-05-15 20:48 - 2014-05-15 20:48 - 00000662 _____ () C:\Users\Public\Desktop\Die Gilde Gold-Edition.lnk
2014-05-15 20:48 - 2014-05-15 20:48 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-05-15 12:44 - 2014-01-02 19:18 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 12:44 - 2011-12-26 16:24 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 12:44 - 2011-12-26 16:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 23:03 - 2011-12-26 20:03 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-05-14 23:02 - 2012-04-01 10:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 23:02 - 2011-12-26 16:55 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 18:12 - 2011-12-26 15:38 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 18:12 - 2011-12-26 15:38 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 00:57 - 2014-04-23 01:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 00:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 00:46 - 2014-05-14 00:46 - 00001524 _____ () C:\Users\Public\Desktop\Hellgate London spielen .lnk
2014-05-13 22:09 - 2013-07-10 18:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-13 22:06 - 2011-12-26 15:56 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:00 - 2013-10-13 02:50 - 00000000 ____D () C:\Users\***\AppData\Local\Battle.net
2014-05-12 07:26 - 2014-05-21 00:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-21 00:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-21 00:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:10 - 2014-03-15 11:12 - 00001648 _____ () C:\Users\***\Desktop\SteuerSparErklärung 2014.lnk
2014-05-09 08:14 - 2014-05-13 22:04 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-13 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 00:44 - 2014-05-07 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-07 00:44 - 2014-05-07 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-07 00:44 - 2013-03-16 14:15 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-07 00:44 - 2013-03-16 14:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-07 00:44 - 2012-02-25 13:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-07 00:44 - 2011-12-26 16:24 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400150681738
2014-05-07 00:44 - 2011-12-26 16:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400150681738
2014-05-07 00:44 - 2011-12-26 16:24 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-07 00:44 - 2011-12-26 16:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 06:40 - 2014-05-13 22:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-13 22:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-13 22:09 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-13 22:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-13 22:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-13 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 01:49 - 2011-12-26 15:38 - 00000000 ____D () C:\Users\***
2014-04-30 00:46 - 2011-12-26 19:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-04-26 22:51 - 2013-05-27 18:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\HandBrake

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 21:54

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 26.05.2014 22:02
Bitte auch ne neue Additions.txt machen. Haken setzen bei Addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Latviel 26.05.2014 23:04
Entschuldige! hier nochmal der komplette Scan

Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by *** at 2014-05-26 23:43:01
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - )
Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.42 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Avid Studio (HKLM-x32\...\{B35DC076-CEF2-4631-9EF7-45380E27C841}) (Version: 1.0.0.2804 - Avid)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Bulletstorm (HKLM-x32\...\GFWL_{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA)
Bulletstorm (x32 Version: 1.0.0000.130 - EA) Hidden
Cargo Commander (HKLM-x32\...\Steam App 220460) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
ContentMod2.4 (HKLM-x32\...\ContentMod_2.4) (Version:  - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Electronic Arts)
Curse Client (HKCU\...\090215de958f1060) (Version: 4.0.1.260 - Curse)
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.2720.57 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - Ihr Firmenname)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live PSG) (Version:  - Sony Online Entertainment)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Gilde Gold Update v. 2.06  (HKLM-x32\...\Die Gilde Gold Update v. 2.06 ) (Version:  - )
Die Gilde Gold-Edition (HKLM-x32\...\Die Gilde Gold-Edition) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DVBLink for WinTV (HKLM-x32\...\{6C43B336-1143-40DC-877B-A0D116060F4B}) (Version: 3.2.0001 - DVBLogic)
DVBLink Server (HKLM-x32\...\{0F863674-33BA-4714-8A2D-2281B3F99850}) (Version: 3.2.0001 - DVBLogic)
Earth 2160 (HKLM-x32\...\Earth 2160) (Version: 1.00 - Zuxxez Entertainment AG)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fahrenheit (HKLM-x32\...\{BA10AC78-E687-4523-8B93-540428FC256F}) (Version: 1.1 - Ihr Firmenname)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{F041F6B3-BA65-41DD-9747-AD0BD2129A0F}) (Version: 3.0.114.13 - Fresco Logic Inc.)
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.29304 (CD 2.4d) - Hauppauge Computer Works)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hellgate: London (HKLM\...\{A2B4455D-1046-4732-BFBC-0821BEFC07BC}) (Version: 1.10.180.3416 - Flagship Studios)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Logitech Gaming Software (Version: 8.20.74 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.04.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{9A5B876D-A900-4AAB-B557-DE827BE46E6C}) (Version: 8.3.500 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Overlord 2 (HKLM-x32\...\{F4B9D4A9-BDF9-437D-8E07-A96A837BD284}_is1) (Version:  - )
Painkiller: Black Edition (HKLM-x32\...\Steam App 39530) (Version:  - People Can Fly)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PlayClaw 4 (HKLM-x32\...\PlayClaw 4_is1) (Version: 4 - )
PlayClaw 5 (HKLM-x32\...\PlayClaw 5_is1) (Version: 5 - )
PlayClaw 5 fast codec (HKLM-x32\...\PlayClaw 5 fast codec_is1) (Version: 5 - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6162 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)
Serious Sam Double D (HKLM-x32\...\Steam App 111600) (Version:  - Mommy's Best Games)
Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam (HKLM-x32\...\{0CF89F99-308A-4E69-9251-D68167DB4DB2}) (Version: 1.0.0.0 - Alka Toys)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TEdit 3 (HKLM-x32\...\{2CB9AC0E-D125-454C-8BAC-0FCD683CE616}) (Version: 1.0.0.0 - BinaryConstruct)
Terrafirma (HKLM-x32\...\{72E80496-C446-4389-B4F2-CC46DF704A7F}) (Version: 1.9.8 - Sean Kasun)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
Thief Gold (HKLM-x32\...\Steam App 211600) (Version:  - )
THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.00 - Creative Technology Limited)
Tom Clancy's EndWar (HKLM-x32\...\{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}) (Version: 1.00.0000 - Ubisoft)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraStar Deluxe (HKLM-x32\...\UltraStar Deluxe) (Version: 1.1 - USDX Team)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version:  - )
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3 (HKLM-x32\...\UT3 CBP3 Vol 3) (Version:  - )
Unreal Tournament 3 (HKCU\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)
Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UT3 Domination (CBP Edition) (HKLM-x32\...\{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}) (Version: 3.1.0 - Brian 'Snake' Alexander)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Wolfenstein (HKLM-x32\...\InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.0 - Activision)
Wolfenstein (x32 Version: 1.0 - Activision) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

22-05-2014 17:09:40 Removed Adobe Premiere Elements 11.
22-05-2014 17:23:45 Removed Adobe Help Manager
22-05-2014 17:25:45 Removed Adobe Acrobat X Pro - English, Français, Deutsch.
22-05-2014 17:28:17 Removed Adobe Download Assistant
22-05-2014 17:29:38 Removed Fahrenheit
22-05-2014 17:33:32 Entfernt Tom Clancy's H.A.W.X
22-05-2014 17:37:33 Removed Prey
22-05-2014 22:48:17 Entfernt The Chronicles of Riddick - Assault on Dark Athena
24-05-2014 18:27:03 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-24 20:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {09DFC150-D178-4D54-8E7B-8604D5229844} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {1076A26D-190D-4A8F-AC64-1D1059ACDB04} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {6D202BA4-8F01-430A-B5B5-C64DCD8F8B3D} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-10] (ASUS)
Task: {AC745BE8-5188-4510-8FA1-9FB47C88651C} - System32\Tasks\CCleanerSkipUAC => D:\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {D4B38F67-D853-46AC-A1B8-CEA8ECDF24AA} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {F05B8861-FC0E-4E2A-97CA-73CA4F6B25BF} - System32\Tasks\avast! Emergency Update => D:\Avast\AvastEmUpdate.exe [2014-05-07] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2011-12-26 17:00 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\AAVUpdateManager\aavus.exe
2012-11-11 00:30 - 2013-09-19 00:11 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () D:\FileZilla FTP Client\fzshellext_64.dll
2010-03-11 20:14 - 2010-03-11 20:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-12-26 20:11 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2012-01-04 15:07 - 2010-12-08 11:45 - 00253264 _____ () D:\1&1 Surf-Stick\AssistantServices.exe
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-09-23 17:53 - 2010-09-23 17:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-05-26 19:37 - 2014-05-26 19:37 - 02255872 _____ () D:\Avast\defs\14052603\algo.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-21 14:17 - 2010-10-21 14:17 - 00605696 _____ () D:\DVBLogic\DVBLink2\Sinks\Local Tuner\BDASink.dll
2010-10-21 14:09 - 2010-10-21 14:09 - 01445888 _____ () D:\DVBLogic\DVBLink2\Sinks\MCRecorder\MCRecorder.dll
2012-06-28 17:58 - 2012-06-28 17:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2011-08-31 16:33 - 2011-08-31 16:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () D:\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () D:\Apple\Internet Services\libxml2.dll
2012-06-28 21:46 - 2012-06-28 21:46 - 13005184 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2013-11-27 19:57 - 2013-11-27 19:57 - 19336120 _____ () D:\Avast\libcef.dll
2014-03-22 19:42 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-06-28 18:34 - 2012-06-28 18:34 - 00018816 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
AlternateDataStreams: C:\Users\***\AppData\Local:sLWUoijCUpYCxd7Cix9uUGiFKqBmu6
AlternateDataStreams: C:\Users\***\AppData\Local\Temp:vaBFuTXLS0p06srpuyJsLkaZa

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DVBLink MediaCenter Launcher => D:\DVBLogic\DVBLink2\DVBLinkMCLauncher.exe
MSCONFIG\startupreg: emsisoft anti-malware => "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
MSCONFIG\startupreg: iTunesHelper => "D:\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PowerDVD13Agent => "D:\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: UIExec => "D:\1&1 Surf-Stick\UIExec.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2014 08:19:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/26/2014 08:19:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (05/26/2014 08:19:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (05/26/2014 08:19:02 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.


Microsoft Office Sessions:
=========================
Error: (10/21/2013 08:55:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/21/2013 08:55:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/18/2013 08:55:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3517 seconds with 1620 seconds of active time.  This session ended with a crash.

Error: (04/25/2013 09:50:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 913 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/19/2013 08:29:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4531 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/25/2012 10:01:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 420 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-26 20:19:17.900
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-26 20:19:17.822
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-26 20:05:54.799
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-26 20:05:54.721
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-26 19:49:28.288
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-26 19:49:28.195
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-26 19:37:36.132
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-26 19:37:35.836
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-25 15:37:23.603
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-25 15:37:23.259
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8169.17 MB
Available physical RAM: 6041.26 MB
Total Pagefile: 16336.52 MB
Available Pagefile: 14030.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Schaltzentrale) (Fixed) (Total:97.66 GB) (Free:22.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Apps) (Fixed) (Total:29.3 GB) (Free:19.92 GB) NTFS
Drive e: (Workspace) (Fixed) (Total:97.66 GB) (Free:56.18 GB) NTFS
Drive f: (Funzone) (Fixed) (Total:474.03 GB) (Free:46.48 GB) NTFS
Drive g: (Freespace) (Fixed) (Total:349.3 GB) (Free:43.83 GB) NTFS
Drive h: (Backup) (Fixed) (Total:349.33 GB) (Free:100.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: BC84E99F)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=474 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 699 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=349 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=349 GB) - (Type=07 NTFS)

==================== End Of Log ============================



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by *** (administrator) on BLACK-STEALTH on 26-05-2014 23:42:43
Running from C:\Users\***\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) D:\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(DVBLogic) D:\DVBLogic\DVBLink2\DVBLinkServer.exe
(Hauppauge Computer Works) D:\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nero AG) D:\Nero 8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() D:\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) D:\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) D:\Apple\Internet Services\ApplePhotoStreams.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(AVAST Software) D:\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) D:\Apple\Internet Services\APSDaemon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-28] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [907776 2011-01-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5993216 2012-06-28] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2013-12-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {7885fa50-2fc3-11e1-af67-806e6f6e6963} - I:\InstAll.exe
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {8225242e-384b-11e1-b1f7-74f06dbf1989} - K:\Setup\rsrc\Autorun.exe
HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {877fa340-2fe9-11e1-8ae5-806e6f6e6963} - J:\Autoplay.exe -auto

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC179616C8CD8CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724
FF Homepage: hxxp://***|hxxp://***
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: YouTube Unblocker - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\youtubeunblocker@unblocker.yt [2014-05-20]
FF Extension: DownThemAll! - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Avast\WebRep\FF [2011-12-26]
FF HKCU\...\Firefox\Extensions: [jid1-VZC3jSUSB1KxYw@jetpack] - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack\
FF Extension: skype_addon - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack\ []
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Browser Shope) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn [2014-05-18]
CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm [2014-05-18]
CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2014-05-18]
CHR Extension: (NeeXtuCouep) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec [2014-05-20]
CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak [2014-05-18]
CHR HKCU\...\Chrome\Extension: [bofpgnmdjnpjpegclhggphjeladaklnf] - C:\Users\***\AppData\Roaming\Steam\bofpgnmdjnpjpegclhggphjeladaklnf.crx [2012-02-02]

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; D:\Avast\AvastSvc.exe [50344 2014-05-07] (AVAST Software)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 DVBLinkServer2; D:\DVBLogic\DVBLink2\DVBLinkServer.exe [1991680 2010-10-21] (DVBLogic)
R2 HauppaugeTVServer; D:\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works)
S2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; D:\Nero 8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-19] ()
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
R2 UI Assistant Service; D:\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-07] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2014-05-18] ()
S3 CdaC15BA; C:\Windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-12-22] ()
S3 CYDTV_SRV; C:\Windows\System32\drivers\cydtv.sys [576480 2010-07-13] ( )
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-06] (DT Soft Ltd)
R3 dvblinkcap; C:\Windows\System32\DRIVERS\dvblinkcap.sys [18608 2010-07-19] (DVBLink)
R3 dvblinkcap2; C:\Windows\System32\DRIVERS\dvblinkcap2.sys [18608 2010-07-19] (DVBLink)
R3 dvblinkcap3; C:\Windows\System32\DRIVERS\dvblinkcap3.sys [18608 2010-07-19] (DVBLink)
R3 dvblinkcap4; C:\Windows\System32\DRIVERS\dvblinkcap4.sys [18608 2010-07-19] (DVBLink)
R3 dvblinktun; C:\Windows\System32\DRIVERS\dvblinktun.sys [20784 2010-07-19] (DVBLink)
R3 dvblinktun2; C:\Windows\System32\DRIVERS\dvblinktun2.sys [20784 2010-07-19] (DVBLink)
R3 dvblinktun3; C:\Windows\System32\DRIVERS\dvblinktun3.sys [20784 2010-07-19] (DVBLink)
R3 dvblinktun4; C:\Windows\System32\DRIVERS\dvblinktun4.sys [20784 2010-07-19] (DVBLink)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S4 ithsgt; C:\Windows\SysWOW64\DRIVERS\ithsgt.sys [162432 2012-08-16] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S2 lilsgt; C:\Windows\System32\DRIVERS\lilsgt.sys [21504 2012-08-16] ()
S2 lilsgt; C:\Windows\SysWOW64\DRIVERS\lilsgt.sys [12032 2012-08-16] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-05-18] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [31784 2012-03-29] (Feitian Technologies Co., Ltd.)
S3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [22696 2012-03-29] (Feitian Technologies Co., Ltd.)
S3 SaiH5F0D; C:\Windows\System32\DRIVERS\SaiH5F0D.sys [171144 2007-05-01] (Saitek)
S3 SaiU5F0D; C:\Windows\System32\DRIVERS\SaiU5F0D.sys [34304 2007-05-01] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-26] ()
S3 TTUSB2BDA_NTAMD64; C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [737312 2008-12-16] (TechnoTrend GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 20:12 - 2014-05-26 20:12 - 00000885 _____ () C:\Users\***\Desktop\JRT.txt
2014-05-26 19:55 - 2014-05-26 19:55 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 19:53 - 2014-05-26 19:53 - 00005251 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-05-26 19:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-26 19:45 - 2014-05-26 19:46 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:42 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-05-26 19:41 - 2014-05-26 19:41 - 01327971 _____ () C:\Users\***\Desktop\adwcleaner_3.211.exe
2014-05-24 21:04 - 2014-05-24 21:07 - 00036265 _____ () C:\Users\***\Desktop\ComboFix.txt
2014-05-24 20:57 - 2014-05-26 19:48 - 00000866 _____ () C:\Windows\PFRO.log
2014-05-24 20:37 - 2014-05-24 20:37 - 00036351 _____ () C:\ComboFix.txt
2014-05-24 20:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-24 20:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-24 20:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-24 20:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-24 20:26 - 2014-05-24 20:37 - 00000000 ____D () C:\Qoobox
2014-05-24 20:26 - 2014-05-24 20:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 20:20 - 2014-05-19 13:03 - 05200426 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-05-24 20:11 - 2014-05-26 20:18 - 00000392 _____ () C:\Windows\setupact.log
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-24 09:11 - 2014-05-24 09:11 - 00000286 _____ () C:\Users\***\Desktop\Eset Online Scanner.txt
2014-05-24 00:18 - 2014-05-24 00:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-24 00:16 - 2014-05-24 09:40 - 00048309 _____ () C:\Users\***\Desktop\Addition.txt
2014-05-24 00:15 - 2014-05-26 23:42 - 00021189 _____ () C:\Users\***\Desktop\FRST.txt
2014-05-24 00:14 - 2014-05-24 09:54 - 00004582 _____ () C:\Users\***\Desktop\a2scan_140523-195951.txt
2014-05-21 07:49 - 2014-05-26 23:42 - 00000000 ____D () C:\FRST
2014-05-21 00:15 - 2014-05-26 20:22 - 02066944 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2014-05-21 00:12 - 2014-05-26 20:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 00:12 - 2014-05-21 00:12 - 00000617 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-21 00:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-21 00:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-21 00:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-20 22:27 - 2014-05-20 22:27 - 00000000 ____D () C:\Program Files (x86)\NeeXtuCouep
2014-05-20 22:26 - 2014-05-20 22:26 - 02118880 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-18 17:46 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-05-18 17:46 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-18 17:46 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-18 13:39 - 2014-05-18 13:39 - 00000000 ____D () C:\Users\***\AppData\Local\Broadcom
2014-05-18 13:39 - 2010-01-15 13:23 - 00132648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-05-18 13:39 - 2010-01-15 13:23 - 00098344 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-05-18 13:39 - 2010-01-15 13:23 - 00021288 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-05-18 13:39 - 2009-04-07 14:33 - 00035104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-05-18 13:38 - 2014-05-18 13:38 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\***\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator
2014-05-18 02:02 - 2014-05-18 02:02 - 00001745 _____ () C:\Users\Public\Desktop\Bulletstorm.lnk
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-05-17 02:57 - 2014-05-17 02:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-05-17 02:57 - 2014-05-17 02:57 - 00000000 ____D () C:\Program Files\Realtek
2014-05-17 02:57 - 2010-07-22 17:55 - 02032232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-05-17 02:57 - 2010-07-22 17:55 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-05-17 02:57 - 2010-07-22 17:41 - 02435816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-05-17 02:57 - 2010-07-22 17:41 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-05-17 02:57 - 2010-07-22 17:40 - 01210984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-05-17 02:57 - 2010-07-22 17:40 - 00476264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-05-17 02:57 - 2010-07-22 17:40 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-05-17 02:57 - 2010-07-22 17:40 - 00076904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2014-05-17 02:57 - 2010-07-20 16:43 - 01251944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-05-17 02:57 - 2010-07-12 15:31 - 00196704 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-05-17 02:57 - 2010-07-02 17:00 - 00309336 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2014-05-17 02:57 - 2010-05-06 16:43 - 02601816 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-05-17 02:57 - 2010-04-27 13:50 - 00330656 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-05-17 02:57 - 2010-04-14 17:56 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-05-17 02:57 - 2009-12-15 18:26 - 00372936 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-05-17 02:57 - 2009-12-15 18:26 - 00201928 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-05-17 02:57 - 2009-12-15 18:26 - 00099016 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-05-17 02:57 - 2009-12-15 18:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-05-17 02:57 - 2009-12-11 09:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-05-17 02:57 - 2009-12-11 09:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-05-17 02:57 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-05-17 02:57 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-05-17 02:57 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-05-17 02:57 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-05-17 02:57 - 2009-11-18 18:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-05-17 02:57 - 2009-11-18 07:12 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2014-05-17 02:57 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-05-17 02:13 - 2014-05-17 03:07 - 00000574 _____ () C:\Users\UpdatusUser\Desktop\Quake 4 multiplayer.lnk
2014-05-17 02:13 - 2014-05-17 03:07 - 00000538 _____ () C:\Users\UpdatusUser\Desktop\Quake 4.lnk
2014-05-17 01:41 - 2014-05-17 01:41 - 00000000 __SHD () C:\Windows\ftpcache
2014-05-15 20:48 - 2014-05-15 20:48 - 00000677 _____ () C:\Users\Public\Desktop\Die Gilde Gold-Edition T+L.lnk
2014-05-15 20:48 - 2014-05-15 20:48 - 00000662 _____ () C:\Users\Public\Desktop\Die Gilde Gold-Edition.lnk
2014-05-15 20:48 - 2014-05-15 20:48 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-05-14 00:46 - 2014-05-14 00:46 - 00001524 _____ () C:\Users\Public\Desktop\Hellgate London spielen .lnk
2014-05-13 23:00 - 2013-04-13 13:38 - 00000947 _____ () C:\Windows\system32\Drivers\etc\hosts - Kopie
2014-05-13 22:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-13 22:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-13 22:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-13 22:09 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-13 22:09 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-13 22:09 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-13 22:04 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 22:04 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-13 22:04 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 22:04 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 22:04 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 22:04 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 22:04 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 22:04 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 22:04 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-13 22:04 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-13 22:04 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-13 22:04 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 22:04 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 22:04 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 22:04 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 22:04 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 22:04 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 22:04 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 22:04 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-13 22:04 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-13 22:04 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-13 22:04 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-13 22:04 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 00:44 - 2014-05-07 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-07 00:44 - 2014-05-07 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

==================== One Month Modified Files and Folders =======

2014-05-26 23:42 - 2014-05-24 00:15 - 00021189 _____ () C:\Users\***\Desktop\FRST.txt
2014-05-26 23:42 - 2014-05-21 07:49 - 00000000 ____D () C:\FRST
2014-05-26 20:26 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 20:26 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 20:24 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 20:24 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 20:24 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 20:22 - 2014-05-21 00:15 - 02066944 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2014-05-26 20:22 - 2011-12-26 15:25 - 00095927 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 20:19 - 2014-05-21 00:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 20:18 - 2014-05-24 20:11 - 00000392 _____ () C:\Windows\setupact.log
2014-05-26 20:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 20:12 - 2014-05-26 20:12 - 00000885 _____ () C:\Users\***\Desktop\JRT.txt
2014-05-26 19:55 - 2014-05-26 19:55 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 19:53 - 2014-05-26 19:53 - 00005251 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-05-26 19:48 - 2014-05-24 20:57 - 00000866 _____ () C:\Windows\PFRO.log
2014-05-26 19:46 - 2014-05-26 19:45 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:41 - 2014-05-26 19:41 - 01327971 _____ () C:\Users\***\Desktop\adwcleaner_3.211.exe
2014-05-25 21:52 - 2013-08-18 15:49 - 00000000 ____D () C:\Users\***\AppData\Local\20924801-609E-4B66-8071-BE0F0DC8EEC4.aplzod
2014-05-25 20:42 - 2012-01-01 01:46 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss
2014-05-25 17:55 - 2011-12-26 20:31 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-05-24 21:07 - 2014-05-24 21:04 - 00036265 _____ () C:\Users\***\Desktop\ComboFix.txt
2014-05-24 20:37 - 2014-05-24 20:37 - 00036351 _____ () C:\ComboFix.txt
2014-05-24 20:37 - 2014-05-24 20:26 - 00000000 ____D () C:\Qoobox
2014-05-24 20:37 - 2012-01-02 14:46 - 00000000 ____D () C:\Users\***\AppData\Local\Apps\2.0
2014-05-24 20:35 - 2014-05-24 20:26 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 20:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-24 20:14 - 2012-07-09 17:33 - 00004124 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-24 20:11 - 2012-09-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-24 20:09 - 2012-09-02 13:25 - 00000000 ____D () C:\Users\***\Documents\Anti-Malware
2014-05-24 18:35 - 2011-12-26 20:11 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-05-24 10:29 - 2014-03-22 19:43 - 00007891 _____ () C:\Windows\BRRBCOM.INI
2014-05-24 09:54 - 2014-05-24 00:14 - 00004582 _____ () C:\Users\***\Desktop\a2scan_140523-195951.txt
2014-05-24 09:40 - 2014-05-24 00:16 - 00048309 _____ () C:\Users\***\Desktop\Addition.txt
2014-05-24 09:11 - 2014-05-24 09:11 - 00000286 _____ () C:\Users\***\Desktop\Eset Online Scanner.txt
2014-05-24 00:18 - 2014-05-24 00:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-23 00:50 - 2011-12-26 17:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 19:57 - 2011-12-26 18:18 - 00142872 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 19:55 - 2009-07-14 06:45 - 06876320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-22 19:24 - 2012-09-03 23:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-22 19:17 - 2012-12-30 01:33 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-22 19:16 - 2011-12-26 16:55 - 00000000 ____D () C:\Users\***\AppData\Roaming\Adobe
2014-05-21 00:12 - 2014-05-21 00:12 - 00000617 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 22:35 - 2011-12-26 19:42 - 00000000 ____D () C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2014-05-20 22:27 - 2014-05-20 22:27 - 00000000 ____D () C:\Program Files (x86)\NeeXtuCouep
2014-05-20 22:26 - 2014-05-20 22:26 - 02118880 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-19 13:03 - 2014-05-24 20:20 - 05200426 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-05-18 22:17 - 2013-02-02 14:46 - 00311968 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-05-18 20:52 - 2013-02-02 14:46 - 00043168 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2014-05-18 13:39 - 2014-05-18 13:39 - 00000000 ____D () C:\Users\***\AppData\Local\Broadcom
2014-05-18 13:38 - 2014-05-18 13:38 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-05-18 02:31 - 2011-12-29 17:47 - 00000000 ____D () C:\Users\***\Documents\My Games
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\***\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Gast
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-18 02:09 - 2014-05-18 02:09 - 00000000 ____D () C:\Users\Administrator
2014-05-18 02:09 - 2013-05-24 00:05 - 00000000 ____D () C:\Users\***\AppData\Local\Google
2014-05-18 02:02 - 2014-05-18 02:02 - 00001745 _____ () C:\Users\Public\Desktop\Bulletstorm.lnk
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-05-18 01:55 - 2014-05-18 01:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-05-17 03:07 - 2014-05-17 02:13 - 00000574 _____ () C:\Users\UpdatusUser\Desktop\Quake 4 multiplayer.lnk
2014-05-17 03:07 - 2014-05-17 02:13 - 00000538 _____ () C:\Users\UpdatusUser\Desktop\Quake 4.lnk
2014-05-17 02:57 - 2014-05-17 02:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-05-17 02:57 - 2014-05-17 02:57 - 00000000 ____D () C:\Program Files\Realtek
2014-05-17 02:57 - 2011-12-26 17:13 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-17 01:42 - 2011-12-29 12:46 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-17 01:41 - 2014-05-17 01:41 - 00000000 __SHD () C:\Windows\ftpcache
2014-05-15 20:48 - 2014-05-15 20:48 - 00000677 _____ () C:\Users\Public\Desktop\Die Gilde Gold-Edition T+L.lnk
2014-05-15 20:48 - 2014-05-15 20:48 - 00000662 _____ () C:\Users\Public\Desktop\Die Gilde Gold-Edition.lnk
2014-05-15 20:48 - 2014-05-15 20:48 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-05-15 12:44 - 2014-01-02 19:18 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 12:44 - 2011-12-26 16:24 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 12:44 - 2011-12-26 16:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 23:03 - 2011-12-26 20:03 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-05-14 23:02 - 2012-04-01 10:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 23:02 - 2011-12-26 16:55 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 18:12 - 2011-12-26 15:38 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 18:12 - 2011-12-26 15:38 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 00:57 - 2014-04-23 01:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 00:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 00:46 - 2014-05-14 00:46 - 00001524 _____ () C:\Users\Public\Desktop\Hellgate London spielen .lnk
2014-05-13 22:09 - 2013-07-10 18:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-13 22:06 - 2011-12-26 15:56 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:00 - 2013-10-13 02:50 - 00000000 ____D () C:\Users\***\AppData\Local\Battle.net
2014-05-12 07:26 - 2014-05-21 00:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-21 00:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-21 00:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:10 - 2014-03-15 11:12 - 00001648 _____ () C:\Users\***\Desktop\SteuerSparErklärung 2014.lnk
2014-05-09 08:14 - 2014-05-13 22:04 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-13 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 00:44 - 2014-05-07 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-07 00:44 - 2014-05-07 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-07 00:44 - 2013-03-16 14:15 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-07 00:44 - 2013-03-16 14:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-07 00:44 - 2012-02-25 13:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-07 00:44 - 2011-12-26 16:24 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400150681738
2014-05-07 00:44 - 2011-12-26 16:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400150681738
2014-05-07 00:44 - 2011-12-26 16:24 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-07 00:44 - 2011-12-26 16:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 06:40 - 2014-05-13 22:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-13 22:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-13 22:09 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-13 22:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-13 22:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-13 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 01:49 - 2011-12-26 15:38 - 00000000 ____D () C:\Users\***
2014-04-30 00:46 - 2011-12-26 19:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-04-26 22:51 - 2013-05-27 18:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\HandBrake

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 21:54

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 27.05.2014 09:57
Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Latviel 27.05.2014 23:08
Hier die Logs:

mbam.txt:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 27.05.2014
Suchlauf-Zeit: 19:33:36
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.27.07
Rootkit Datenbank: v2014.05.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 343621
Verstrichene Zeit: 6 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Tarma.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\060783bc-b425-45bd-8530-c64ad448b5a8, In Quarantäne, [9bc8b4a2c8b30c2a8d53d2731de39f61],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.Tarma.A, C:\ProgramData\InstallMate\{2894100B-EBDA-4DDA-AF31-A3F8F37732FD}\Setup.exe, In Quarantäne, [9bc8b4a2c8b30c2a8d53d2731de39f61],
PUP.Optional.MultiPlug.A, C:\Windows\SysWOW64\setup.exe, In Quarantäne, [174cb4a2017a5fd77af484c12dd3ae52],

Physische Sektoren: 0
(No malicious items detected)


(end)
ESET OnlineScanner:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4a74434f1ad9644f8d4f0eac493bba5f
# engine=18432
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-27 09:35:04
# local_time=2014-05-27 11:35:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 363088 152856354 0 0
# scanned=373056
# found=3
# cleaned=0
# scan_time=11434
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoConverter\VideoConverter.exe"
sh=2C6BDB07BBA01186B59DBF1BA107BD27C2D9E00D ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{2894100B-EBDA-4DDA-AF31-A3F8F37732FD}\Custom.dll"

cosinus 28.05.2014 09:15
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files (x86)\VideoConverter
C:\ProgramData\InstallMate

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Latviel 28.05.2014 19:02
Hier
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by *** at 2014-05-28 19:57:32 Run:1
Running from C:\Users\***\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\VideoConverter
C:\ProgramData\InstallMate
       
*****************

C:\Program Files (x86)\VideoConverter => Moved successfully.
C:\ProgramData\InstallMate => Moved successfully.

==== End of Fixlog ====
Kleine Anmerkung: Bin nun leider bis Samstag Abend auf einem Lehrgang. Der Rechner ist bis dahin stillgelegt. Entschuldige für die Verzögerung!

cosinus 28.05.2014 19:53
TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Latviel 02.06.2014 18:05
OK besten Dank für deinen Aufwand!
Momentan sieht mal alles gut aus.

Die Tipps werde ich beherzigen und habe sie auch schon zum Teil umgesetzt.

Beste Grüße Latviel

cosinus 02.06.2014 21:20
Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:19 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27