Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 86Bit Firefox XML-Verarbeitungsfehler: nicht wohlgeformt & Problem bei einem download für online MMORPG (https://www.trojaner-board.de/154318-windows-7-86bit-firefox-xml-verarbeitungsfehler-wohlgeformt-problem-download-online-mmorpg.html)

Flexi2013 24.05.2014 22:31
Windows 7 86Bit Firefox XML-Verarbeitungsfehler: nicht wohlgeformt & Problem bei einem download für online MMORPG
 
Guten Abend,

Ich habe folgende Probleme mit meinen Rechner:

- Im firefox bekomme ich bei Aufruf einer Website folgenden Text angezeigt:
XML-Verarbeitungsfehler: nicht wohlgeformt Adresse:
hxxp://eu.battle.net/wow/de/
Zeile Nr. 64, Spalte 187:
dann kommt noch eine scriptanweisung vermutlich für Javascript

die selbe URL funktioniert auch nicht in IE und Chrome.

- dann wollte ich mein Spiel aktualisieren (Updaten) und stellte fest das das Programm eine Fehlermeldung brachte das das Update nicht möglich war.

Danach habe ich die Windowsupdates ausgeführt und stellte fest das ein sicherheitsupdate nie installiert wird.
Meine CPU wankt sehr stark zwischen 27% und kurzzeitig 40% (AMD Athlon II 2.6 GHz) obwohl ich nur diesen Beitrag schreibe und der Arbeitsspeicher liegt permanent bei 25 - 27 % (8GB gesant Arbeitsspeicher)

Ich habe mit einer bekannten gesprochen und ein programm heruntergeladen und nach Malware etc gesucht, da das standard programm nichts fand.
Gefunden wurden mehrere Trojaner und andere Sachen (Logdatei ist noch vorhanden und kann bei bedarf gepostet werden)

Der XML-Fehler ist aber immer noch da und das Update fürs Spiel geht auch nicht.
Meine Vermutung ist das es noch einige versteckte "Übertäter" im System gibt, weiß aber nicht weiter was ich noch machen könnte um meine Probleme zu beheben.

Hoffe das mir jemand helfen kann, da ich nur am Wochenende zeit habe, bin ich persönlich auch nur Samstag und Sonntag fähig an diesem zu sitzen und dann sowas :killpc:

Gleich vorweg: Ich habe auch nur am Wochenende die möglichkeit an meinen PC zu sitzen,..

Hoffe das mir jemand helfen kann, da ich nicht weiter weiß und auch sonst nur die Standardprogramme ausführe um "Shadsoftware" zu suchen und sonst keine große ahnung habe.

Vielen Danke

mfg

schrauber 25.05.2014 06:00
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Flexi2013 25.05.2014 09:24
Hallo, hier die Audition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014
Ran by Felix at 2014-05-25 10:20:22
Running from C:\Users\Felix\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.10.142.72249 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.10.142.72249 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (x32 Version: 4.4.17.01504 - Alcor Micro Corp.) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F2CE207D-C146-4BFD-A1C2-219483C58819}) (Version:  - Microsoft)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Free YouTube Download version 3.2.11.812 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - PriceMeter) Hidden <==== ATTENTION
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{D8057953-CCF0-48B3-B61D-762C580B2A10}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.242.0 - Advanced Micro Devices, Inc.) Hidden
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.69.304.2013 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SNT (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 2.1.0.1426 - SNT) <==== ATTENTION
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer)
TuneUp Utilities 2011 (HKLM-x32\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

24-05-2014 17:30:14 Windows Update
24-05-2014 18:55:53 Removed Skype Click to Call
24-05-2014 19:01:17 Removed Skype™ 6.16
24-05-2014 19:05:55 Windows Update
25-05-2014 00:08:44 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-12-06 16:53 - 00000864 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com

==================== Scheduled Tasks (whitelisted) =============

Task: {355EFFE8-BB93-4250-9F28-89D57D5F461B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-24] (Google Inc.)
Task: {3DDA12CC-34B1-4C14-B7A6-892F32F6D2FA} - System32\Tasks\Price Meter Updater => C:\Users\Felix\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5EF730B9-80DA-4987-83C6-FA5FFE338FA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {69FBF074-A2B9-4BB0-9F3C-85A03B16F725} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {7775E008-0888-4526-9238-D4461E2AB53F} - System32\Tasks\pricemeterdownloader => C:\Users\Felix\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: {78A90D2A-F6EB-4CBA-94EE-9F6D0B867AB2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {C32315C7-D80C-49CF-A86B-43DC62BD177A} - System32\Tasks\{27AB6E80-EB6B-41C2-970C-736023F01DE3} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {DEDA8B79-57A7-47CC-B1D7-C68E8112BC44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-24] (Google Inc.)
Task: {F2B90A7B-8C24-4076-8719-63BEC626ACB4} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Price Meter Updater.job => C:\Users\Felix\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-05-16 15:20 - 2014-05-08 11:45 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-16 15:20 - 2014-05-08 11:45 - 00061952 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-16 15:20 - 2014-05-08 11:45 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll
2014-05-16 15:20 - 2014-05-25 08:41 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll
2014-05-10 07:29 - 2014-05-10 07:30 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: TeamViewer8 => 2

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2014 10:01:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi

Error: (05/25/2014 09:30:02 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522

Error: (05/25/2014 09:01:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi

Error: (05/25/2014 02:10:10 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 (DEU) -- Fehler 1714. Die ältere Version von Microsoft .NET Framework 4.5.1 (DEU) konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.

Error: (05/25/2014 02:01:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi

Error: (05/25/2014 01:01:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi

Error: (05/25/2014 00:01:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi

Error: (05/24/2014 11:01:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi

Error: (05/24/2014 10:03:06 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522

Error: (05/24/2014 10:01:07 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi


System errors:
=============
Error: (05/25/2014 08:44:16 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (05/25/2014 08:40:27 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/25/2014 02:10:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft .NET Framework 4.5.1 Upgrade-Sprachpakete (KB2858725)

Error: (05/24/2014 10:10:47 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/24/2014 09:42:35 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/24/2014 09:42:03 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (05/24/2014 09:42:03 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (05/24/2014 09:32:42 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (05/24/2014 09:07:24 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (05/24/2014 09:06:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft .NET Framework 4.5.1 Upgrade-Sprachpakete (KB2858725)


Microsoft Office Sessions:
=========================
Error: (05/25/2014 10:01:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/25/2014 09:30:02 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (05/25/2014 09:01:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/25/2014 02:10:10 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.1 (DEU) -- Fehler 1714. Die ältere Version von Microsoft .NET Framework 4.5.1 (DEU) konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/25/2014 02:01:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/25/2014 01:01:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/25/2014 00:01:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2014 11:01:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/24/2014 10:03:06 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (05/24/2014 10:01:07 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\PriceMeterLiveUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2013-04-28 09:59:15.342
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 09:59:15.186
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-06 15:04:04.027
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Felix\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-06 15:04:04.012
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Felix\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-06 15:04:02.888
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-06 15:04:02.888
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 8189.55 MB
Available physical RAM: 6236.13 MB
Total Pagefile: 16377.29 MB
Available Pagefile: 14276.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:97.56 GB) (Free:28.35 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:833.85 GB) (Free:455.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F6992FE7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=834 GB) - (Type=07 NTFS)

==================== End Of Log ============================
und die FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
Ran by Felix (administrator) on FELIX-PC on 25-05-2014 10:19:14
Running from C:\Users\Felix\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-28] (Alcor Micro Corp.)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-09-28] (AMD)
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Felix\d1fz242761q21a\97994.vbs (No File)
GroupPolicyUsers\S-1-5-21-3942473469-3025678200-3895822530-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFE5E71907D22CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1398856569&from=cor&uid=ST31000524AS_5VPCLD1JXXXX5VPCLD1J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1398856569&from=cor&uid=ST31000524AS_5VPCLD1JXXXX5VPCLD1J&q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6XvwT60786OsN2fRsWr7MwcQfriIyhrOy9f7dYULw2l-f5zwYNKXg9y-bsz_UBEfzVFNazMkWvtqkyxjqmEUlzIO8iUtEVGn0G2g45PNxTXvtywRuaf3raDxkytQ97jmH7x_GfUc6CeDPZDscnmMHyyxL8ka-nOv6obJEaldGsnJUDg0VdrnR9P3uStA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6XvwT60786OsN2fRsWr7MwcQfriIyhrOy9f7dYULw2l-f5zwYNKXg9y-bsz_UBEfzVFNazMkWvtqkyxjqmEUlzIO8iUtEVGn0G2g45PNxTXvtywRuaf3raDxkytQ97jmH7x_GfUc6CeDPZDscnmMHyyxL8ka-nOv6obJEaldGsnJUDg0VdrnR9P3uStA,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6XvwT60786OsN2fRsWr7MwcQfriIyhrOy9f7dYULw2l-f5zwYNKXg9y-bsz_UBEfzVFNazMkWvtqkyxjqmEUlzIO8iUtEVGn0G2g45PNxTXvtywRuaf3raDxkytQ97jmH7x_GfUc6CeDPZDscnmMHyyxL8ka-nOv6obJEaldGsm6bCWYpDVj2WlDosWg,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6XvwT60786OsN2fRsWr7MwcQfriIyhrOy9f7dYULw2l-f5zwYNKXg9y-bsz_UBEfzVFNazMkWvtqkyxjqmEUlzIO8iUtEVGn0G2g45PNxTXvtywRuaf3raDxkytQ97jmH7x_GfUc6CeDPZDscnmMHyyxL8ka-nOv6obJEaldGsm6bCWYpDVj2WlDosWg,,&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Mozilla Firefox\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Mozilla Firefox\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default
FF user.js: detected! => C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\user.js
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://google.de/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Mozilla Firefox\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\ko3fql5q.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: safeeweb - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\vveoyou@grmkyiavs.net [2014-03-22]
FF Extension: SNT - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\y3gz@iuooeey.org [2014-03-22]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-24]
CHR Extension: (Google Drive) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-24]
CHR Extension: (Google-Suche) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-24]
CHR Extension: (Google Wallet) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24]
CHR Extension: (Google Mail) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-24]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28264 2009-11-24] (NVIDIA Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-06-06] (TuneUp Software)
R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 10:19 - 2014-05-25 10:19 - 00016163 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-05-25 10:18 - 2014-05-25 10:19 - 00000000 ____D () C:\FRST
2014-05-25 10:17 - 2014-05-25 10:18 - 02066432 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-05-24 22:33 - 2014-05-24 22:33 - 00209081 _____ () C:\Users\Felix\Desktop\malwarebytes.txt
2014-05-24 22:10 - 2014-05-25 08:40 - 00116690 _____ () C:\Windows\PFRO.log
2014-05-24 21:51 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 21:51 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-24 21:48 - 2014-05-24 22:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 21:47 - 2014-05-24 21:47 - 00000936 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\Users\Felix\Desktop\Malwarebyte
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 21:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 21:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 21:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 21:45 - 2014-05-24 21:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Felix\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 21:42 - 2014-05-25 08:40 - 00000168 _____ () C:\Windows\setupact.log
2014-05-24 21:27 - 2014-05-24 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 20:57 - 2014-05-24 20:57 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-24 20:57 - 2014-05-24 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-24 20:56 - 2014-05-25 10:16 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 20:56 - 2014-05-25 10:01 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 20:56 - 2014-05-24 20:56 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-24 20:56 - 2014-05-24 20:56 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-24 20:53 - 2014-05-24 20:56 - 39809104 _____ (Google Inc.) C:\Users\Felix\Downloads\ChromeStandaloneSetup_35.0.1916.114.exe
2014-05-24 20:43 - 2014-05-24 20:43 - 02907552 _____ (Blizzard Entertainment) C:\Users\Felix\Downloads\Battle.net-Setup-deDE.exe
2014-05-24 19:32 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-24 19:32 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-24 19:31 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-24 19:31 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-24 19:31 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-24 19:31 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-24 19:31 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-24 19:31 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-24 19:31 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-24 19:31 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-24 19:31 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-24 19:31 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-24 19:31 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-24 19:31 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-24 19:31 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-24 19:31 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-24 19:31 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-24 19:31 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-24 12:48 - 2014-05-24 19:38 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-05-24 12:48 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-05-20 14:42 - 2014-05-20 14:42 - 00462336 _____ (Dino Chiesa) C:\Users\Family\Downloads\Ionic.Zip.dll
2014-05-20 14:34 - 2014-05-20 14:36 - 11009536 _____ (Minecraft Installers) C:\Users\Family\Downloads\X Ray Mod Installer 1.7.4.exe
2014-05-17 19:10 - 2014-05-17 19:10 - 00000000 ____D () C:\Program Files (x86)\predm
2014-05-16 15:56 - 2014-05-16 15:56 - 00000000 _____ () C:\autoexec.bat
2014-05-16 15:55 - 2014-05-16 15:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-16 15:54 - 2014-05-16 16:07 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-16 15:50 - 2014-05-16 15:51 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Felix\Downloads\SpyHunter-Installer.exe
2014-05-16 15:27 - 2014-05-16 15:27 - 00001170 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Opera Software
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Users\Felix\AppData\Local\Opera Software
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-16 15:20 - 2014-05-16 15:20 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-16 15:18 - 2014-05-25 10:18 - 00000278 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-05-16 15:18 - 2014-05-16 15:18 - 00003216 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Uniblue
2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 19:33 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:33 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:33 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:33 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:33 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:33 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:03 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 14:03 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 14:03 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:03 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:02 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 14:02 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 14:02 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 14:02 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 14:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 14:02 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 14:02 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 14:02 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 14:02 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 14:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 14:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 14:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 14:02 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 10:15 - 2014-05-12 10:15 - 00000000 ____D () C:\Users\Family\Documents\arma 2
2014-05-12 10:12 - 2014-05-12 10:12 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Roaming\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\IsolatedStorage
2014-05-12 10:09 - 2014-05-12 10:09 - 00000000 ____D () C:\Users\Family\AppData\Local\Downloaded Installations
2014-05-12 09:11 - 2014-05-16 13:06 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Craften Terminal
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieUserList
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieSiteList
2014-05-10 07:29 - 2014-05-10 07:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 16:38 - 2014-05-07 16:39 - 00000000 ____D () C:\Users\Family\AppData\Roaming\skyz
2014-05-07 13:58 - 2014-05-07 13:58 - 00002502 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-07 13:53 - 2014-05-07 13:55 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-05-06 19:51 - 2014-05-16 11:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 14:50 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys
2014-04-30 13:32 - 2014-04-30 13:32 - 00000000 ____D () C:\Program Files (x86)\GameHitZone.com
2014-04-30 13:17 - 2014-05-24 22:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\SupTab
2014-04-30 13:17 - 2014-05-01 14:09 - 00000000 ____D () C:\ProgramData\WPM
2014-04-30 13:17 - 2014-05-01 14:08 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-30 13:16 - 2014-05-24 22:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Systweak
2014-04-30 13:16 - 2014-05-01 14:08 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\sweet-page
2014-04-29 19:26 - 2014-04-29 19:26 - 00000000 ____D () C:\Users\Felix\AppData\Local\LogMeIn
2014-04-29 19:06 - 2014-04-30 17:07 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn Hamachi
2014-04-29 19:06 - 2014-04-29 19:06 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn
2014-04-29 19:06 - 2014-04-29 19:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-29 18:19 - 2014-04-29 18:19 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\.minecraft
2014-04-29 17:58 - 2014-05-14 19:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-29 13:56 - 2014-05-24 22:09 - 00000000 __SHD () C:\Users\Family\kBh80A
2014-04-26 14:16 - 2014-04-26 14:16 - 00000000 _____ () C:\Users\Felix\daemonprocess.txt
2014-04-25 15:16 - 2014-04-26 14:16 - 00000292 _____ () C:\Windows\Tasks\Price Meter Updater.job
2014-04-25 15:16 - 2014-04-25 15:16 - 00003292 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-04-25 15:16 - 2014-04-25 15:16 - 00003232 _____ () C:\Windows\System32\Tasks\Price Meter Updater
2014-04-25 15:16 - 2014-04-25 15:16 - 00000000 ____D () C:\Users\Felix\AppData\Local\PriceMeterLiveUpdate
2014-04-25 15:16 - 2014-04-25 15:16 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-25 15:14 - 2014-04-26 14:17 - 00000000 ____D () C:\Users\Felix\AppData\Local\Mobogenie
2014-04-25 15:14 - 2014-04-25 15:14 - 00000000 ____D () C:\Users\Felix\Documents\Mobogenie
2014-04-25 15:14 - 2014-04-25 15:14 - 00000000 ____D () C:\Users\Felix\AppData\Local\cache
2014-04-25 15:14 - 2014-04-25 15:14 - 00000000 ____D () C:\Users\Felix\.android
2014-04-25 15:14 - 2014-04-25 15:14 - 00000000 _____ () C:\Users\Family\daemonprocess.txt
2014-04-25 09:51 - 2014-04-25 09:51 - 00000000 ____D () C:\Games

==================== One Month Modified Files and Folders =======

2014-05-25 10:19 - 2014-05-25 10:19 - 00016163 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-05-25 10:19 - 2014-05-25 10:18 - 00000000 ____D () C:\FRST
2014-05-25 10:18 - 2014-05-25 10:17 - 02066432 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-05-25 10:18 - 2014-05-16 15:18 - 00000278 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-05-25 10:16 - 2014-05-24 20:56 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 10:16 - 2012-12-06 15:42 - 02093352 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 10:01 - 2014-05-24 20:56 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 09:57 - 2012-12-16 13:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-25 08:48 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 08:48 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 08:46 - 2009-07-14 19:58 - 00821220 _____ () C:\Windows\system32\perfh007.dat
2014-05-25 08:46 - 2009-07-14 19:58 - 00193194 _____ () C:\Windows\system32\perfc007.dat
2014-05-25 08:46 - 2009-07-14 07:13 - 01919426 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 08:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-25 08:40 - 2014-05-24 22:10 - 00116690 _____ () C:\Windows\PFRO.log
2014-05-25 08:40 - 2014-05-24 21:42 - 00000168 _____ () C:\Windows\setupact.log
2014-05-25 08:40 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-25 08:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 02:10 - 2012-12-06 16:09 - 01892538 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-25 02:02 - 2012-12-09 19:16 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\TS3Client
2014-05-25 02:02 - 2012-12-06 16:12 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\vlc
2014-05-24 22:59 - 2014-01-15 13:38 - 00000552 _____ () C:\Users\Felix\Desktop\Passwörter.txt
2014-05-24 22:41 - 2012-12-23 13:27 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-24 22:40 - 2012-12-06 17:43 - 00000000 ____D () C:\Users\Family
2014-05-24 22:40 - 2012-12-06 15:42 - 00000000 ____D () C:\Users\Felix
2014-05-24 22:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-24 22:33 - 2014-05-24 22:33 - 00209081 _____ () C:\Users\Felix\Desktop\malwarebytes.txt
2014-05-24 22:27 - 2014-05-24 21:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 22:10 - 2012-12-06 15:36 - 00000000 ____D () C:\Windows\Panther
2014-05-24 22:09 - 2014-04-30 13:17 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\SupTab
2014-05-24 22:09 - 2014-04-30 13:16 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Systweak
2014-05-24 22:09 - 2014-04-29 13:56 - 00000000 __SHD () C:\Users\Family\kBh80A
2014-05-24 22:09 - 2014-03-17 15:24 - 00000000 __SHD () C:\Users\Family\VOKYV
2014-05-24 22:09 - 2014-02-22 16:22 - 00000000 _RSHD () C:\Users\Family\d1fz242761q21a
2014-05-24 22:09 - 2014-01-21 20:54 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Oxquev
2014-05-24 21:54 - 2012-12-08 16:38 - 00000141 _____ () C:\Users\Felix\Desktop\Neues Textdokument.txt
2014-05-24 21:47 - 2014-05-24 21:47 - 00000936 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\Users\Felix\Desktop\Malwarebyte
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 21:46 - 2014-05-24 21:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Felix\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 21:27 - 2014-05-24 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 21:01 - 2013-03-16 17:14 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 20:57 - 2014-05-24 20:57 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-24 20:57 - 2014-05-24 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-24 20:56 - 2014-05-24 20:56 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-24 20:56 - 2014-05-24 20:56 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-24 20:56 - 2014-05-24 20:53 - 39809104 _____ (Google Inc.) C:\Users\Felix\Downloads\ChromeStandaloneSetup_35.0.1916.114.exe
2014-05-24 20:56 - 2013-02-28 12:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-24 20:43 - 2014-05-24 20:43 - 02907552 _____ (Blizzard Entertainment) C:\Users\Felix\Downloads\Battle.net-Setup-deDE.exe
2014-05-24 20:31 - 2013-09-28 11:31 - 00000000 ____D () C:\Users\Felix\AppData\Local\._LiveCode_
2014-05-24 20:21 - 2014-03-02 04:50 - 00000000 ____D () C:\Users\Felix\AppData\Local\Battle.net
2014-05-24 19:38 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-05-24 12:48 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-05-24 11:09 - 2012-12-22 12:16 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.minecraft
2014-05-23 14:01 - 2013-03-16 17:14 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Skype
2014-05-21 18:34 - 2012-12-12 20:01 - 00000000 ____D () C:\Users\Family\Documents\My Games
2014-05-20 14:42 - 2014-05-20 14:42 - 00462336 _____ (Dino Chiesa) C:\Users\Family\Downloads\Ionic.Zip.dll
2014-05-20 14:36 - 2014-05-20 14:34 - 11009536 _____ (Minecraft Installers) C:\Users\Family\Downloads\X Ray Mod Installer 1.7.4.exe
2014-05-20 12:53 - 2013-01-14 16:28 - 00000000 ____D () C:\ProgramData\Firefly Studios
2014-05-20 12:53 - 2012-12-06 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-20 12:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-20 12:50 - 2013-08-28 13:48 - 00000000 ____D () C:\Users\Family\AppData\Local\WarThunder
2014-05-17 19:10 - 2014-05-17 19:10 - 00000000 ____D () C:\Program Files (x86)\predm
2014-05-16 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 16:07 - 2014-05-16 15:54 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-16 15:56 - 2014-05-16 15:56 - 00000000 _____ () C:\autoexec.bat
2014-05-16 15:55 - 2014-05-16 15:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-16 15:51 - 2014-05-16 15:50 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Felix\Downloads\SpyHunter-Installer.exe
2014-05-16 15:27 - 2014-05-16 15:27 - 00001170 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Opera Software
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Users\Felix\AppData\Local\Opera Software
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-16 15:26 - 2012-12-06 15:42 - 00001431 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 15:25 - 2014-03-16 19:05 - 00000680 __RSH () C:\Users\Felix\ntuser.pol
2014-05-16 15:25 - 2012-12-06 15:42 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 15:25 - 2012-12-06 15:42 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 15:20 - 2014-05-16 15:20 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-16 15:18 - 2014-05-16 15:18 - 00003216 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Uniblue
2014-05-16 13:55 - 2013-07-21 11:07 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.technic
2014-05-16 13:06 - 2014-05-12 09:11 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Craften Terminal
2014-05-16 11:44 - 2014-03-16 19:09 - 00001002 __RSH () C:\Users\Family\ntuser.pol
2014-05-16 11:44 - 2012-12-06 17:43 - 00000000 _RSHD () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 11:44 - 2012-12-06 17:43 - 00000000 ___RD () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 11:41 - 2014-05-06 19:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 19:34 - 2012-12-06 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 19:21 - 2013-08-07 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:20 - 2012-12-06 18:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:58 - 2014-04-29 17:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 19:58 - 2012-12-16 13:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:58 - 2012-12-08 23:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:58 - 2012-12-08 23:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 10:15 - 2014-05-12 10:15 - 00000000 ____D () C:\Users\Family\Documents\arma 2
2014-05-12 10:12 - 2014-05-12 10:12 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Roaming\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\IsolatedStorage
2014-05-12 10:09 - 2014-05-12 10:09 - 00000000 ____D () C:\Users\Family\AppData\Local\Downloaded Installations
2014-05-12 07:26 - 2014-05-24 21:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-24 21:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 21:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieUserList
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieSiteList
2014-05-10 07:30 - 2014-05-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 14:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 14:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 16:39 - 2014-05-07 16:38 - 00000000 ____D () C:\Users\Family\AppData\Roaming\skyz
2014-05-07 14:14 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-07 13:58 - 2014-05-07 13:58 - 00002502 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-07 13:55 - 2014-05-07 13:53 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-05-06 06:40 - 2014-05-15 19:33 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 19:33 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 19:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 19:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 14:39 - 2013-09-05 16:17 - 00000000 ____D () C:\Users\Family\AppData\Roaming\FileZilla
2014-05-02 10:01 - 2012-12-06 16:06 - 00003788 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-02 07:49 - 2014-03-22 15:17 - 00000000 ____D () C:\ProgramData\suaufEwEbb
2014-05-01 14:09 - 2014-04-30 13:17 - 00000000 ____D () C:\ProgramData\WPM
2014-05-01 14:09 - 2014-03-22 15:17 - 00000000 ____D () C:\ProgramData\2fcf538f17f7f4f4
2014-05-01 14:09 - 2014-03-22 15:17 - 00000000 ____D () C:\Program Files (x86)\suaufEwEbb
2014-05-01 14:08 - 2014-04-30 13:17 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-01 14:08 - 2014-04-30 13:16 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\sweet-page
2014-05-01 10:59 - 2013-01-14 16:28 - 00000000 ____D () C:\Users\Family\Documents\Stronghold Legends
2014-04-30 17:07 - 2014-04-29 19:06 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn Hamachi
2014-04-30 13:32 - 2014-04-30 13:32 - 00000000 ____D () C:\Program Files (x86)\GameHitZone.com
2014-04-29 19:26 - 2014-04-29 19:26 - 00000000 ____D () C:\Users\Felix\AppData\Local\LogMeIn
2014-04-29 19:06 - 2014-04-29 19:06 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn
2014-04-29 19:06 - 2014-04-29 19:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-29 18:19 - 2014-04-29 18:19 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\.minecraft
2014-04-29 15:23 - 2012-12-08 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-26 14:35 - 2012-12-26 16:29 - 00000000 ____D () C:\Users\Felix\Documents\WOW
2014-04-26 14:33 - 2014-04-04 13:50 - 00000000 ____D () C:\Ubisoft
2014-04-26 14:33 - 2014-04-04 13:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Deployment
2014-04-26 14:17 - 2014-04-25 15:14 - 00000000 ____D () C:\Users\Felix\AppData\Local\Mobogenie
2014-04-26 14:17 - 2013-02-11 19:55 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-26 14:16 - 2014-04-26 14:16 - 00000000 _____ () C:\Users\Felix\daemonprocess.txt
2014-04-26 14:16 - 2014-04-25 15:16 - 00000292 _____ () C:\Windows\Tasks\Price Meter Updater.job
2014-04-25 15:16 - 2014-04-25 15:16 - 00003292 _____ () C:\Windows\System32\Tasks\pricemeterdownloader
2014-04-25 15:16 - 2014-04-25 15:16 - 00003232 _____ () C:\Windows\System32\Tasks\Price Meter Updater
2014-04-25 15:16 - 2014-04-25 15:16 - 00000000 ____D () C:\Users\Felix\AppData\Local\PriceMeterLiveUpdate
2014-04-25 15:16 - 2014-04-25 15:16 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-25 15:14 - 2014-04-25 15:14 - 00000000 ____D () C:\Users\Felix\Documents\Mobogenie
2014-04-25 15:14 - 2014-04-25 15:14 - 00000000 ____D () C:\Users\Felix\AppData\Local\cache
2014-04-25 15:14 - 2014-04-25 15:14 - 00000000 ____D () C:\Users\Felix\.android
2014-04-25 15:14 - 2014-04-25 15:14 - 00000000 _____ () C:\Users\Family\daemonprocess.txt
2014-04-25 09:51 - 2014-04-25 09:51 - 00000000 ____D () C:\Games

Some content of TEMP:
====================
C:\Users\Family\AppData\Local\Temp\23280.exe
C:\Users\Family\AppData\Local\Temp\81631.exe
C:\Users\Family\AppData\Local\Temp\i4jdel0.exe
C:\Users\Family\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Family\AppData\Local\Temp\noncrypted.exe
C:\Users\Family\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Family\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Family\AppData\Local\Temp\_isAAA5.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:05

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 26.05.2014 11:24
Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Flexi2013 27.05.2014 09:13
Hallo,
Danke für die ausführliche anleitung.
Hier der Log von mbam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 27.05.2014
Suchlauf-Zeit: 09:32:17
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.27.04
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Felix

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 352604
Verstrichene Zeit: 10 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.Somoto, C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe, 2100, Löschen bei Neustart, [8cd4e6702655b4829e241f2e4eb6a65a]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.Somoto, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemUpdatekb70007, In Quarantäne, [8cd4e6702655b4829e241f2e4eb6a65a],
Malware.Trace, HKU\S-1-5-21-3942473469-3025678200-3895822530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, In Quarantäne, [19475ff797e45fd7dd907dcc986b3cc4],
Malware.Trace, HKU\S-1-5-21-3942473469-3025678200-3895822530-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID, In Quarantäne, [b6aa90c6512a68ce27cdae7259aa6d93],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
Stolen.Data, C:\Users\Family\AppData\Roaming\dclogs, In Quarantäne, [105057ff5328fc3af43b473131d28c74],

Dateien: 4
PUP.Optional.Somoto, C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe, Löschen bei Neustart, [8cd4e6702655b4829e241f2e4eb6a65a],
PUP.Optional.Somoto, C:\Windows\Installer\c783f7.msi, In Quarantäne, [61ffa9add8a34fe7eed460edb94b24dc],
Stolen.Data, C:\Users\Family\AppData\Roaming\dclogs\2014-05-25-1.dc, In Quarantäne, [105057ff5328fc3af43b473131d28c74],
Stolen.Data, C:\Users\Family\AppData\Roaming\dclogs\2014-05-26-2.dc, In Quarantäne, [105057ff5328fc3af43b473131d28c74],

Physische Sektoren: 0
(No malicious items detected)


(end)
-----------------------------------------------------------------------
AdwCleaner
Code:
# AdwCleaner v3.211 - Bericht erstellt am 27/05/2014 um 09:54:46
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Felix - FELIX-PC
# Gestartet von : C:\Users\Felix\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\PriceMeterLiveUpdate
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\suaufEwEbb
Ordner Gelöscht : C:\Program Files (x86)\driver-soft
Ordner Gelöscht : C:\Program Files (x86)\MediaPlayerplus
Ordner Gelöscht : C:\Program Files (x86)\MSR
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SNT
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\suaufEwEbb
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Family\AppData\Local\torch
Ordner Gelöscht : C:\Users\Felix\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Felix\AppData\Local\PriceMeterLiveUpdate
Ordner Gelöscht : C:\Users\Felix\AppData\Local\torch
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Temp\WiseEnhance
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Felix\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\gg7ksvvx.Standard\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vob40cpr.default-1390655600171\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\x8ux9v7e.default-1396269680952\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\vveoyou@grmkyiavs.net
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Family\daemonprocess.txt
Datei Gelöscht : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
Datei Gelöscht : C:\Users\Felix\daemonprocess.txt
Datei Gelöscht : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\gg7ksvvx.Standard\user.js
Datei Gelöscht : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\qjifd0fy.default-1395485257055\user.js
Datei Gelöscht : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vob40cpr.default-1390655600171\user.js
Datei Gelöscht : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\x8ux9v7e.default-1396269680952\user.js
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\user.js
Datei Gelöscht : C:\Windows\Tasks\Price Meter Updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\Price Meter Updater
Datei Gelöscht : C:\Windows\System32\Tasks\pricemeterdownloader
Datei Gelöscht : C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
Datei Gelöscht : C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Schlüssel Gelöscht : HKCU\Software\f578dd9b03beb14
Schlüssel Gelöscht : HKLM\SOFTWARE\f578dd9b03beb14
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft-x-ray_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft-x-ray_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Driver-Soft
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\gg7ksvvx.Standard\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");

[ Datei : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\qjifd0fy.default-1395485257055\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

[ Datei : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vob40cpr.default-1390655600171\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");

[ Datei : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\x8ux9v7e.default-1396269680952\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");

[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.exitingsearch.info/?pid=1273&r=2014/03/22&hid=15462118363641989461&lg=EN&cc=DE&unqvl=50&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("extensions.ShM.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorob[...]
Zeile gelöscht : user_pref("extensions.b8Ps_hK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 7);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1399292107601");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "139905");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "yahoovt_pkr");
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "c9ff3fa3-b9ba-4a7a-b7e1-0e30f19d9502");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "07/05/2014");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1399464907");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "yahoovt");

*************************

AdwCleaner[R0].txt - [12880 octets] - [27/05/2014 09:52:58]
AdwCleaner[S0].txt - [11691 octets] - [27/05/2014 09:54:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11752 octets] ##########
------------------------------------------------------------------------
JRT Log

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Felix on 27.05.2014 at  9:58:56,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3942473469-3025678200-3895822530-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"



~~~ FireFox

Emptied folder: C:\Users\Felix\AppData\Roaming\mozilla\firefox\profiles\102m12jj.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2014 at 10:04:52,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------
frisches FRST Log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
Ran by Felix (administrator) on FELIX-PC on 27-05-2014 10:08:41
Running from C:\Users\Felix\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-28] (Alcor Micro Corp.)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-09-28] (AMD)
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Felix\d1fz242761q21a\97994.vbs (No File)
GroupPolicyUsers\S-1-5-21-3942473469-3025678200-3895822530-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFE5E71907D22CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Mozilla Firefox\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Mozilla Firefox\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default
FF Homepage: hxxp://google.de/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Mozilla Firefox\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\ko3fql5q.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SNT - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\y3gz@iuooeey.org [2014-03-22]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-09]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28264 2009-11-24] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-06-06] (TuneUp Software)
R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 10:08 - 2014-05-27 10:08 - 00000000 ____D () C:\Users\Felix\Desktop\alter scan 24-05-2014
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Downloads\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 09:52 - 2014-05-27 09:54 - 00000000 ____D () C:\AdwCleaner
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Downloads\adwcleaner_3.211.exe
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Desktop\adwcleaner_3.211.exe
2014-05-27 09:50 - 2014-05-27 10:06 - 00000000 ____D () C:\Users\Felix\Desktop\Neuer Suchlauf
2014-05-27 09:18 - 2014-05-27 09:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Felix\Downloads\revosetup95.exe
2014-05-27 09:18 - 2014-05-27 09:18 - 00001274 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-25 10:25 - 2014-05-27 10:08 - 00011520 _____ () C:\Users\Felix\Desktop\FRST.txt
2014-05-25 10:25 - 2014-05-25 10:18 - 02066432 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2014-05-25 10:20 - 2014-05-25 10:20 - 00035357 _____ () C:\Users\Felix\Downloads\Addition.txt
2014-05-25 10:19 - 2014-05-25 10:20 - 00048891 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-05-25 10:18 - 2014-05-27 10:08 - 00000000 ____D () C:\FRST
2014-05-25 10:17 - 2014-05-25 10:18 - 02066432 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-05-24 22:10 - 2014-05-27 09:56 - 00118712 _____ () C:\Windows\PFRO.log
2014-05-24 21:51 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 21:51 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-24 21:48 - 2014-05-27 09:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 21:47 - 2014-05-24 21:47 - 00000936 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\Users\Felix\Desktop\Malwarebyte
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 21:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 21:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 21:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 21:42 - 2014-05-27 09:56 - 00000448 _____ () C:\Windows\setupact.log
2014-05-24 21:27 - 2014-05-24 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:32 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-24 19:32 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-24 19:31 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-24 19:31 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-24 19:31 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-24 19:31 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-24 19:31 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-24 19:31 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-24 19:31 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-24 19:31 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-24 19:31 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-24 19:31 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-24 19:31 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-24 19:31 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-24 19:31 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-24 19:31 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-24 19:31 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-24 19:31 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-24 12:48 - 2014-05-24 19:38 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-05-24 12:48 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-05-20 14:42 - 2014-05-20 14:42 - 00462336 _____ (Dino Chiesa) C:\Users\Family\Downloads\Ionic.Zip.dll
2014-05-20 14:34 - 2014-05-20 14:36 - 11009536 _____ (Minecraft Installers) C:\Users\Family\Downloads\X Ray Mod Installer 1.7.4.exe
2014-05-16 15:56 - 2014-05-16 15:56 - 00000000 _____ () C:\autoexec.bat
2014-05-16 15:55 - 2014-05-16 15:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-16 15:54 - 2014-05-16 16:07 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-16 15:27 - 2014-05-16 15:27 - 00001170 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Opera Software
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Users\Felix\AppData\Local\Opera Software
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 19:33 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:33 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:33 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:33 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:33 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:33 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:03 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 14:03 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 14:03 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:03 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:02 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 14:02 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 14:02 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 14:02 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 14:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 14:02 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 14:02 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 14:02 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 14:02 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 14:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 14:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 14:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 14:02 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 10:15 - 2014-05-12 10:15 - 00000000 ____D () C:\Users\Family\Documents\arma 2
2014-05-12 10:12 - 2014-05-12 10:12 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Roaming\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\IsolatedStorage
2014-05-12 10:09 - 2014-05-12 10:09 - 00000000 ____D () C:\Users\Family\AppData\Local\Downloaded Installations
2014-05-12 09:11 - 2014-05-16 13:06 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Craften Terminal
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieUserList
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieSiteList
2014-05-10 07:29 - 2014-05-10 07:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 16:38 - 2014-05-07 16:39 - 00000000 ____D () C:\Users\Family\AppData\Roaming\skyz
2014-05-07 13:58 - 2014-05-27 09:54 - 00001089 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-06 19:51 - 2014-05-16 11:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 14:50 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys
2014-04-30 13:32 - 2014-04-30 13:32 - 00000000 ____D () C:\Program Files (x86)\GameHitZone.com
2014-04-29 19:26 - 2014-04-29 19:26 - 00000000 ____D () C:\Users\Felix\AppData\Local\LogMeIn
2014-04-29 19:06 - 2014-04-30 17:07 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn Hamachi
2014-04-29 19:06 - 2014-04-29 19:06 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn
2014-04-29 19:06 - 2014-04-29 19:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-29 18:19 - 2014-04-29 18:19 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\.minecraft
2014-04-29 17:58 - 2014-05-14 19:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-29 13:56 - 2014-05-24 22:09 - 00000000 __SHD () C:\Users\Family\kBh80A

==================== One Month Modified Files and Folders =======

2014-05-27 10:09 - 2014-05-25 10:25 - 00011520 _____ () C:\Users\Felix\Desktop\FRST.txt
2014-05-27 10:08 - 2014-05-27 10:08 - 00000000 ____D () C:\Users\Felix\Desktop\alter scan 24-05-2014
2014-05-27 10:08 - 2014-05-25 10:18 - 00000000 ____D () C:\FRST
2014-05-27 10:06 - 2014-05-27 09:50 - 00000000 ____D () C:\Users\Felix\Desktop\Neuer Suchlauf
2014-05-27 10:03 - 2009-07-14 19:58 - 00821220 _____ () C:\Windows\system32\perfh007.dat
2014-05-27 10:03 - 2009-07-14 19:58 - 00193194 _____ () C:\Windows\system32\perfc007.dat
2014-05-27 10:03 - 2009-07-14 07:13 - 01919426 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 10:03 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 10:03 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Downloads\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 09:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-27 09:57 - 2012-12-16 13:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 09:56 - 2014-05-24 22:10 - 00118712 _____ () C:\Windows\PFRO.log
2014-05-27 09:56 - 2014-05-24 21:42 - 00000448 _____ () C:\Windows\setupact.log
2014-05-27 09:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 09:55 - 2012-12-06 15:42 - 01156207 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 09:54 - 2014-05-27 09:52 - 00000000 ____D () C:\AdwCleaner
2014-05-27 09:54 - 2014-05-07 13:58 - 00001089 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-27 09:54 - 2012-12-06 17:43 - 00000000 ____D () C:\Users\Family
2014-05-27 09:54 - 2012-12-06 15:42 - 00000000 ____D () C:\Users\Felix
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Downloads\adwcleaner_3.211.exe
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Desktop\adwcleaner_3.211.exe
2014-05-27 09:46 - 2014-05-24 21:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 09:27 - 2014-03-22 15:17 - 00000000 ____D () C:\ProgramData\2fcf538f17f7f4f4
2014-05-27 09:23 - 2013-02-28 12:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-27 09:22 - 2013-02-28 12:59 - 00000000 ____D () C:\Users\Felix\AppData\Local\Google
2014-05-27 09:18 - 2014-05-27 09:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Felix\Downloads\revosetup95.exe
2014-05-27 09:18 - 2014-05-27 09:18 - 00001274 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-26 19:49 - 2012-12-06 16:09 - 01892538 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-26 14:57 - 2012-12-22 12:16 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.minecraft
2014-05-25 17:45 - 2012-12-06 16:12 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\vlc
2014-05-25 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-25 10:20 - 2014-05-25 10:20 - 00035357 _____ () C:\Users\Felix\Downloads\Addition.txt
2014-05-25 10:20 - 2014-05-25 10:19 - 00048891 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-05-25 10:18 - 2014-05-25 10:25 - 02066432 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2014-05-25 10:18 - 2014-05-25 10:17 - 02066432 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-05-25 08:40 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-25 02:02 - 2012-12-09 19:16 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\TS3Client
2014-05-24 22:59 - 2014-01-15 13:38 - 00000552 _____ () C:\Users\Felix\Desktop\Passwörter.txt
2014-05-24 22:41 - 2012-12-23 13:27 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-24 22:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-24 22:10 - 2012-12-06 15:36 - 00000000 ____D () C:\Windows\Panther
2014-05-24 22:09 - 2014-04-29 13:56 - 00000000 __SHD () C:\Users\Family\kBh80A
2014-05-24 22:09 - 2014-03-17 15:24 - 00000000 __SHD () C:\Users\Family\VOKYV
2014-05-24 22:09 - 2014-02-22 16:22 - 00000000 _RSHD () C:\Users\Family\d1fz242761q21a
2014-05-24 22:09 - 2014-01-21 20:54 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Oxquev
2014-05-24 21:54 - 2012-12-08 16:38 - 00000141 _____ () C:\Users\Felix\Desktop\Neues Textdokument.txt
2014-05-24 21:47 - 2014-05-24 21:47 - 00000936 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\Users\Felix\Desktop\Malwarebyte
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 21:27 - 2014-05-24 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 21:01 - 2013-03-16 17:14 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 20:31 - 2013-09-28 11:31 - 00000000 ____D () C:\Users\Felix\AppData\Local\._LiveCode_
2014-05-24 20:21 - 2014-03-02 04:50 - 00000000 ____D () C:\Users\Felix\AppData\Local\Battle.net
2014-05-24 19:38 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-05-24 12:48 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-05-23 14:01 - 2013-03-16 17:14 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Skype
2014-05-21 18:34 - 2012-12-12 20:01 - 00000000 ____D () C:\Users\Family\Documents\My Games
2014-05-20 14:42 - 2014-05-20 14:42 - 00462336 _____ (Dino Chiesa) C:\Users\Family\Downloads\Ionic.Zip.dll
2014-05-20 14:36 - 2014-05-20 14:34 - 11009536 _____ (Minecraft Installers) C:\Users\Family\Downloads\X Ray Mod Installer 1.7.4.exe
2014-05-20 12:53 - 2013-01-14 16:28 - 00000000 ____D () C:\ProgramData\Firefly Studios
2014-05-20 12:53 - 2012-12-06 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-20 12:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-20 12:50 - 2013-08-28 13:48 - 00000000 ____D () C:\Users\Family\AppData\Local\WarThunder
2014-05-16 16:07 - 2014-05-16 15:54 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-16 15:56 - 2014-05-16 15:56 - 00000000 _____ () C:\autoexec.bat
2014-05-16 15:55 - 2014-05-16 15:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-16 15:27 - 2014-05-16 15:27 - 00001170 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Opera Software
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Users\Felix\AppData\Local\Opera Software
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-16 15:26 - 2012-12-06 15:42 - 00001431 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 15:25 - 2014-03-16 19:05 - 00000680 __RSH () C:\Users\Felix\ntuser.pol
2014-05-16 15:25 - 2012-12-06 15:42 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 15:25 - 2012-12-06 15:42 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 13:55 - 2013-07-21 11:07 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.technic
2014-05-16 13:06 - 2014-05-12 09:11 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Craften Terminal
2014-05-16 11:44 - 2014-03-16 19:09 - 00001002 __RSH () C:\Users\Family\ntuser.pol
2014-05-16 11:44 - 2012-12-06 17:43 - 00000000 _RSHD () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 11:44 - 2012-12-06 17:43 - 00000000 ___RD () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 11:41 - 2014-05-06 19:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 19:34 - 2012-12-06 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 19:21 - 2013-08-07 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:20 - 2012-12-06 18:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:58 - 2014-04-29 17:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 19:58 - 2012-12-16 13:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:58 - 2012-12-08 23:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:58 - 2012-12-08 23:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 10:15 - 2014-05-12 10:15 - 00000000 ____D () C:\Users\Family\Documents\arma 2
2014-05-12 10:12 - 2014-05-12 10:12 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Roaming\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\IsolatedStorage
2014-05-12 10:09 - 2014-05-12 10:09 - 00000000 ____D () C:\Users\Family\AppData\Local\Downloaded Installations
2014-05-12 07:26 - 2014-05-24 21:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-24 21:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 21:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieUserList
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieSiteList
2014-05-10 07:30 - 2014-05-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 14:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 14:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 16:39 - 2014-05-07 16:38 - 00000000 ____D () C:\Users\Family\AppData\Roaming\skyz
2014-05-07 14:14 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 06:40 - 2014-05-15 19:33 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 19:33 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 19:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 19:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 14:39 - 2013-09-05 16:17 - 00000000 ____D () C:\Users\Family\AppData\Roaming\FileZilla
2014-05-02 10:01 - 2012-12-06 16:06 - 00003788 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-01 10:59 - 2013-01-14 16:28 - 00000000 ____D () C:\Users\Family\Documents\Stronghold Legends
2014-04-30 17:07 - 2014-04-29 19:06 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn Hamachi
2014-04-30 13:32 - 2014-04-30 13:32 - 00000000 ____D () C:\Program Files (x86)\GameHitZone.com
2014-04-29 19:26 - 2014-04-29 19:26 - 00000000 ____D () C:\Users\Felix\AppData\Local\LogMeIn
2014-04-29 19:06 - 2014-04-29 19:06 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn
2014-04-29 19:06 - 2014-04-29 19:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-29 18:19 - 2014-04-29 18:19 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\.minecraft
2014-04-29 15:23 - 2012-12-08 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Family\AppData\Local\Temp\23280.exe
C:\Users\Family\AppData\Local\Temp\81631.exe
C:\Users\Family\AppData\Local\Temp\i4jdel0.exe
C:\Users\Family\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Family\AppData\Local\Temp\noncrypted.exe
C:\Users\Family\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Family\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Family\AppData\Local\Temp\_isAAA5.exe
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:05

==================== End Of Log ============================
--- --- ---

schrauber 28.05.2014 09:24

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Flexi2013 30.05.2014 19:06
Hier der Eset-Log
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4636776ba20d9e40aa8b1d89f1f86f7f
# engine=18456
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-29 12:05:59
# local_time=2014-05-29 02:05:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4753185 95542769 0 0
# scanned=217761
# found=36
# cleaned=0
# scan_time=10011
sh=4F51A608AF5851E356396544CD037385332D3351 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.xpi.vir"
sh=3219F086D00E68523D1C984357D69ECA71F00A41 ft=1 fh=790d6a2e7ee6d35b vn="Variante von Win32/Toolbar.CrossRider.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\f05c1e2c-347c-417e-9c60-5b3052056acf-4.exe.vir"
sh=E12820C3C449E8DF12132666647822B9FE266BA3 ft=1 fh=661cdf041cef5cb3 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\Installer.dll.vir"
sh=E99D65BD24FAF328D7314F02B98EE8C3BD793B77 ft=1 fh=8661b13c20727ec0 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\InstallerLibrary.dll.vir"
sh=B11B91F706EA1AFD3D4D625201192EAB850FD3CE ft=1 fh=04b2478a5da86198 vn="MSIL/Adware.Proxomoto.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.dll.vir"
sh=5BD97BEAE0E1E79B233B821DA6813A831B5075FB ft=1 fh=5310de0062903084 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe.vir"
sh=49DEEED4E6B0E6134D47A582E209511FCBFD2B72 ft=1 fh=14e2fb72d7f3d82c vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe.vir"
sh=E99D65BD24FAF328D7314F02B98EE8C3BD793B77 ft=1 fh=8661b13c20727ec0 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\backup\InstallerLibrary.dll.vir"
sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=118A4DC06B1D72BF20A2CE2D032C6A7877EB9D03 ft=1 fh=9793f5eabdc39909 vn="Win32/OutBrowse.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C42DA5K3\setup[2].exe"
sh=3126927899F0BD562729B79CB3B48A172146EE4E ft=1 fh=ee825c4a2a3e0ae9 vn="Variante von Win32/InstalleRex.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UG6HIKRG\minecraftdl_9027[1].exe"
sh=68426761418768D57E453BC29045B9D28A7334B6 ft=0 fh=0000000000000000 vn="VBS/Runner.NBV Trojaner" ac=I fn="C:\Users\Family\AppData\Local\Temp\nhgak\52499.vbs"
sh=20B5D96475838F3E22A816FE7E7C5A81CE0EE12D ft=0 fh=0000000000000000 vn="VBS/Starter.NAQ Trojaner" ac=I fn="C:\Users\Family\AppData\Local\Temp\nhgak\zlIWSLIc.vbs"
sh=67FC7C0978BB918FA79A188827D38F40A0A2C0EE ft=0 fh=0000000000000000 vn="VBS/Runner.NBV Trojaner" ac=I fn="C:\Users\Family\AppData\Local\Temp\pbdzr\29298.vbs"
sh=AF8737B3709A28626061693A81709F5E4ED22AB0 ft=0 fh=0000000000000000 vn="VBS/Starter.NAQ Trojaner" ac=I fn="C:\Users\Family\AppData\Local\Temp\pbdzr\bqofUDC.vbs"
sh=D50C2143665F3EAACE57F73C64EEB93C0133590A ft=0 fh=0000000000000000 vn="Win32/Injector.Autoit.ACP Trojaner" ac=I fn="C:\Users\Family\AppData\Local\Temp\pbdzr\OKwGdiWH.MXP"
sh=10082FF0261915634089E0A90778470CEA4A265E ft=0 fh=0000000000000000 vn="VBS/Runner.NBV Trojaner" ac=I fn="C:\Users\Family\AppData\Local\Temp\prsqc\43832.vbs"
sh=DB327DA2201DDDC308E478EB55DCDBD2DDB64AEB ft=0 fh=0000000000000000 vn="VBS/Starter.NAQ Trojaner" ac=I fn="C:\Users\Family\AppData\Local\Temp\prsqc\nslWv.vbs"
sh=43437FBB96BAF7DD484A591581B271BD4C7F71BF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4e94d768-37600152"
sh=21DE526D64F6FC89C97240627DFED7D4CC1FC51C ft=1 fh=33a360cb1c3dc27f vn="VBS/Starter.NAQ Trojaner" ac=I fn="C:\Users\Family\AppData\Roaming\A65BUJBSlast.exe"
sh=6CCBF7F01C52EFD9C485B713A3FFDCCB8ED4972A ft=1 fh=4c4f2594640e58e0 vn="Variante von MSIL/Injector.CMT Trojaner" ac=I fn="C:\Users\Family\AppData\Roaming\firefox5497.exe"
sh=96202DFC096BFFCFDB06F25E32B6F0F906E1335C ft=1 fh=9a91781a1404eeaa vn="RAR/Agent.L Trojaner" ac=I fn="C:\Users\Family\AppData\Roaming\Glaset.exe"
sh=D8D9DB0C14BAEFF6135087516EE3FA112F5064EC ft=1 fh=ee79193b4ca8d7bd vn="VBS/Starter.NAQ Trojaner" ac=I fn="C:\Users\Family\AppData\Roaming\HDA4LDCtest2.exe"
sh=710F706D8F2D102945CD40AB5A3676A42494CEF0 ft=1 fh=9565a8a4c21645a3 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Family\AppData\Roaming\T1ASLRAL6CUasd.exe"
sh=710F706D8F2D102945CD40AB5A3676A42494CEF0 ft=1 fh=9565a8a4c21645a3 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Family\AppData\Roaming\XZXCA5YXTasd.exe"
sh=8558A166EDC8032671686CDFE656DD25095D0D43 ft=1 fh=22c5f311905b95c8 vn="Variante von MSIL/Injector.BLX Trojaner" ac=I fn="C:\Users\Family\AppData\Roaming\Microsoft\ms_helper95.exe"
sh=7DB7E9699283BDD2C2BD2C85A9B0CC3B991F180B ft=1 fh=881135eeeafde43d vn="Variante von Win32/ExpressDownloader.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Family\Pictures\2012-12-23 Fotos falko\Flans_Mod_1.6.4_downloader.exe"
sh=60195448567B495B037926D7E0EC88E87F48E35D ft=1 fh=29b73169366a2bfd vn="Variante von Win32/FirseriaInstaller.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Family\Pictures\2012-12-23 Fotos falko\Roblox.exe"
sh=564CA23AC2B47468735D8948777E9ACAE7F8FAE4 ft=1 fh=6fb127f585d12382 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Family\Pictures\2012-12-23 Fotos falko\SoftonicDownloader_fuer_minecaft-modinstaller.exe"
sh=9C7DF85D155CF0E8A13FB9A3DC92591FF5AF7FD2 ft=0 fh=0000000000000000 vn="VBS/Starter.NAQ Trojaner" ac=I fn="C:\Users\Family\VOKYV\setup.vbs"
sh=1473B48E6BEEB45669E71DB734AB7B77F7A372C9 ft=0 fh=0000000000000000 vn="BAT/Starter.NBI Trojaner" ac=I fn="C:\Users\Family\VOKYV\start.cmd"
sh=AAE926B975C0E06C405308D2C317BF965AD1F1BF ft=0 fh=0000000000000000 vn="VBS/Runner.NBV Trojaner" ac=I fn="C:\Users\Family\VOKYV\start.vbs"
sh=45A985CDD5B020F977EE3E5A45DB4F9EEACEC97A ft=1 fh=9b7c296a3897aa0b vn="Variante von Win32/AdWare.MultiPlug.R Anwendung" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XF50KTN\TZL9XiPs[1].exe"
sh=E12820C3C449E8DF12132666647822B9FE266BA3 ft=1 fh=661cdf041cef5cb3 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll"
sh=E99D65BD24FAF328D7314F02B98EE8C3BD793B77 ft=1 fh=8661b13c20727ec0 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll"
----------------------------------------------------------------------------
Security_Check_log
Code:
Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
[b][u]``````````````AntivirusFirewall Check``````````````[b][u]
Microsoft Security Essentials 
  (On Access scanning [b]disabled[b]!)
 [color=red]Error obtaining update status for antivirus![color] 
[b][u]`````````Anti-malwareOther Utilities Check`````````[b][u]
 TuneUp Utilities 2011 
 TuneUp Utilities Language Pack (de-DE)
 [color=red][b]Java version out of Date![b][color]
 Adobe Flash Player 13.0.0.214 
 Adobe Reader XI 
 Mozilla Firefox (29.0.1)
[b][u]````````Process Check objlist.exe by Laurent````````[b][u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
[b][u]`````````````````System Health check`````````````````[b][u]
 Total Fragmentation on Drive C 
[b][u]````````````````````End of Log``````````````````````[b][u]
-----------------------------------------------------------------------
frischer FRST-Log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Felix (administrator) on FELIX-PC on 30-05-2014 20:02:25
Running from C:\Users\Felix\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-28] (Alcor Micro Corp.)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-09-28] (AMD)
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Felix\d1fz242761q21a\97994.vbs (No File)
GroupPolicyUsers\S-1-5-21-3942473469-3025678200-3895822530-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFE5E71907D22CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Mozilla Firefox\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Mozilla Firefox\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default
FF Homepage: hxxp://google.de/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Mozilla Firefox\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\ko3fql5q.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SNT - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\y3gz@iuooeey.org [2014-03-22]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-09]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28264 2009-11-24] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-06-06] (TuneUp Software)
R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 20:02 - 2014-05-30 20:02 - 00000000 ____D () C:\Users\Felix\Desktop\FRST-OlderVersion
2014-05-30 19:50 - 2014-05-30 19:50 - 00854367 _____ () C:\Users\Felix\Downloads\SecurityCheck.exe
2014-05-30 19:50 - 2014-05-30 19:50 - 00854367 _____ () C:\Users\Felix\Desktop\SecurityCheck.exe
2014-05-30 19:49 - 2014-05-30 20:02 - 00000000 ____D () C:\Users\Felix\Desktop\Scan29-05-2014
2014-05-29 11:06 - 2014-05-29 11:06 - 02347384 _____ (ESET) C:\Users\Felix\Downloads\esetsmartinstaller_deu.exe
2014-05-29 11:06 - 2014-05-29 11:06 - 02347384 _____ (ESET) C:\Users\Felix\Desktop\esetsmartinstaller_deu.exe
2014-05-27 10:08 - 2014-05-27 10:08 - 00000000 ____D () C:\Users\Felix\Desktop\alter scan 24-05-2014
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Downloads\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 09:52 - 2014-05-27 09:54 - 00000000 ____D () C:\AdwCleaner
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Downloads\adwcleaner_3.211.exe
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Desktop\adwcleaner_3.211.exe
2014-05-27 09:50 - 2014-05-27 10:09 - 00000000 ____D () C:\Users\Felix\Desktop\Neuer Suchlauf
2014-05-27 09:18 - 2014-05-27 09:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Felix\Downloads\revosetup95.exe
2014-05-27 09:18 - 2014-05-27 09:18 - 00001274 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-25 10:25 - 2014-05-30 20:02 - 02066944 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2014-05-25 10:25 - 2014-05-30 20:02 - 00011470 _____ () C:\Users\Felix\Desktop\FRST.txt
2014-05-25 10:20 - 2014-05-25 10:20 - 00035357 _____ () C:\Users\Felix\Downloads\Addition.txt
2014-05-25 10:19 - 2014-05-25 10:20 - 00048891 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-05-25 10:18 - 2014-05-30 20:02 - 00000000 ____D () C:\FRST
2014-05-25 10:17 - 2014-05-25 10:18 - 02066432 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-05-24 22:10 - 2014-05-27 09:56 - 00118712 _____ () C:\Windows\PFRO.log
2014-05-24 21:51 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 21:51 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-24 21:48 - 2014-05-27 09:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 21:47 - 2014-05-24 21:47 - 00000936 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\Users\Felix\Desktop\Malwarebyte
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 21:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 21:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 21:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 21:42 - 2014-05-30 16:47 - 00000952 _____ () C:\Windows\setupact.log
2014-05-24 21:27 - 2014-05-24 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:32 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-24 19:32 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-24 19:31 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-24 19:31 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-24 19:31 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-24 19:31 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-24 19:31 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-24 19:31 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-24 19:31 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-24 19:31 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-24 19:31 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-24 19:31 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-24 19:31 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-24 19:31 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-24 19:31 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-24 19:31 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-24 19:31 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-24 19:31 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-24 12:48 - 2014-05-24 19:38 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-05-24 12:48 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-05-20 14:42 - 2014-05-20 14:42 - 00462336 _____ (Dino Chiesa) C:\Users\Family\Downloads\Ionic.Zip.dll
2014-05-20 14:34 - 2014-05-20 14:36 - 11009536 _____ (Minecraft Installers) C:\Users\Family\Downloads\X Ray Mod Installer 1.7.4.exe
2014-05-16 15:56 - 2014-05-16 15:56 - 00000000 _____ () C:\autoexec.bat
2014-05-16 15:55 - 2014-05-16 15:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-16 15:54 - 2014-05-16 16:07 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-16 15:27 - 2014-05-16 15:27 - 00001170 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Opera Software
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Users\Felix\AppData\Local\Opera Software
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 19:33 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:33 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:33 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:33 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:33 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:33 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:03 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 14:03 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 14:03 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:03 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:02 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 14:02 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 14:02 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 14:02 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 14:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 14:02 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 14:02 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 14:02 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 14:02 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 14:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 14:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 14:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 14:02 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 10:15 - 2014-05-12 10:15 - 00000000 ____D () C:\Users\Family\Documents\arma 2
2014-05-12 10:12 - 2014-05-12 10:12 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Roaming\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\IsolatedStorage
2014-05-12 10:09 - 2014-05-12 10:09 - 00000000 ____D () C:\Users\Family\AppData\Local\Downloaded Installations
2014-05-12 09:11 - 2014-05-16 13:06 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Craften Terminal
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieUserList
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieSiteList
2014-05-10 07:29 - 2014-05-10 07:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 16:38 - 2014-05-07 16:39 - 00000000 ____D () C:\Users\Family\AppData\Roaming\skyz
2014-05-07 13:58 - 2014-05-27 09:54 - 00001089 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-06 19:51 - 2014-05-16 11:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 14:50 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys
2014-04-30 13:32 - 2014-04-30 13:32 - 00000000 ____D () C:\Program Files (x86)\GameHitZone.com

==================== One Month Modified Files and Folders =======

2014-05-30 20:02 - 2014-05-30 20:02 - 00000000 ____D () C:\Users\Felix\Desktop\FRST-OlderVersion
2014-05-30 20:02 - 2014-05-30 19:49 - 00000000 ____D () C:\Users\Felix\Desktop\Scan29-05-2014
2014-05-30 20:02 - 2014-05-25 10:25 - 02066944 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2014-05-30 20:02 - 2014-05-25 10:25 - 00011470 _____ () C:\Users\Felix\Desktop\FRST.txt
2014-05-30 20:02 - 2014-05-25 10:18 - 00000000 ____D () C:\FRST
2014-05-30 20:02 - 2012-12-06 15:42 - 00000000 ____D () C:\Users\Felix\AppData\Local\Temp
2014-05-30 20:01 - 2014-04-22 11:56 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Notepad++
2014-05-30 19:57 - 2012-12-16 13:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 19:50 - 2014-05-30 19:50 - 00854367 _____ () C:\Users\Felix\Downloads\SecurityCheck.exe
2014-05-30 19:50 - 2014-05-30 19:50 - 00854367 _____ () C:\Users\Felix\Desktop\SecurityCheck.exe
2014-05-30 19:47 - 2012-12-06 15:42 - 01417980 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 19:11 - 2012-12-06 17:43 - 00000000 ____D () C:\Users\Family\AppData\Local\Temp
2014-05-30 16:54 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 16:54 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 16:51 - 2009-07-14 19:58 - 00821220 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 16:51 - 2009-07-14 19:58 - 00193194 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 16:51 - 2009-07-14 07:13 - 01919426 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 16:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-30 16:47 - 2014-05-24 21:42 - 00000952 _____ () C:\Windows\setupact.log
2014-05-30 16:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 17:28 - 2012-12-06 16:09 - 01892538 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-29 11:06 - 2014-05-29 11:06 - 02347384 _____ (ESET) C:\Users\Felix\Downloads\esetsmartinstaller_deu.exe
2014-05-29 11:06 - 2014-05-29 11:06 - 02347384 _____ (ESET) C:\Users\Felix\Desktop\esetsmartinstaller_deu.exe
2014-05-28 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 18:28 - 2012-12-15 14:13 - 00000000 ____D () C:\Users\Family\AppData\Local\Microsoft Games
2014-05-27 14:21 - 2012-12-22 12:16 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.minecraft
2014-05-27 10:09 - 2014-05-27 09:50 - 00000000 ____D () C:\Users\Felix\Desktop\Neuer Suchlauf
2014-05-27 10:08 - 2014-05-27 10:08 - 00000000 ____D () C:\Users\Felix\Desktop\alter scan 24-05-2014
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Downloads\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 09:56 - 2014-05-24 22:10 - 00118712 _____ () C:\Windows\PFRO.log
2014-05-27 09:54 - 2014-05-27 09:52 - 00000000 ____D () C:\AdwCleaner
2014-05-27 09:54 - 2014-05-07 13:58 - 00001089 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-27 09:54 - 2012-12-06 17:43 - 00000000 ____D () C:\Users\Family
2014-05-27 09:54 - 2012-12-06 15:42 - 00000000 ____D () C:\Users\Felix
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Downloads\adwcleaner_3.211.exe
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Desktop\adwcleaner_3.211.exe
2014-05-27 09:46 - 2014-05-24 21:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 09:27 - 2014-03-22 15:17 - 00000000 ____D () C:\ProgramData\2fcf538f17f7f4f4
2014-05-27 09:23 - 2013-02-28 12:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-27 09:22 - 2013-02-28 12:59 - 00000000 ____D () C:\Users\Felix\AppData\Local\Google
2014-05-27 09:18 - 2014-05-27 09:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Felix\Downloads\revosetup95.exe
2014-05-27 09:18 - 2014-05-27 09:18 - 00001274 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-25 17:45 - 2012-12-06 16:12 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\vlc
2014-05-25 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-25 10:20 - 2014-05-25 10:20 - 00035357 _____ () C:\Users\Felix\Downloads\Addition.txt
2014-05-25 10:20 - 2014-05-25 10:19 - 00048891 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-05-25 10:18 - 2014-05-25 10:17 - 02066432 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-05-25 08:40 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-25 02:02 - 2012-12-09 19:16 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\TS3Client
2014-05-24 22:59 - 2014-01-15 13:38 - 00000552 _____ () C:\Users\Felix\Desktop\Passwörter.txt
2014-05-24 22:41 - 2012-12-23 13:27 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-24 22:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-24 22:10 - 2012-12-06 15:36 - 00000000 ____D () C:\Windows\Panther
2014-05-24 22:09 - 2014-04-29 13:56 - 00000000 __SHD () C:\Users\Family\kBh80A
2014-05-24 22:09 - 2014-03-17 15:24 - 00000000 __SHD () C:\Users\Family\VOKYV
2014-05-24 22:09 - 2014-02-22 16:22 - 00000000 _RSHD () C:\Users\Family\d1fz242761q21a
2014-05-24 22:09 - 2014-01-21 20:54 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Oxquev
2014-05-24 21:54 - 2012-12-08 16:38 - 00000141 _____ () C:\Users\Felix\Desktop\Neues Textdokument.txt
2014-05-24 21:47 - 2014-05-24 21:47 - 00000936 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\Users\Felix\Desktop\Malwarebyte
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 21:27 - 2014-05-24 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 21:01 - 2013-03-16 17:14 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 20:31 - 2013-09-28 11:31 - 00000000 ____D () C:\Users\Felix\AppData\Local\._LiveCode_
2014-05-24 20:21 - 2014-03-02 04:50 - 00000000 ____D () C:\Users\Felix\AppData\Local\Battle.net
2014-05-24 19:38 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-05-24 12:48 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-05-23 14:01 - 2013-03-16 17:14 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Skype
2014-05-21 18:34 - 2012-12-12 20:01 - 00000000 ____D () C:\Users\Family\Documents\My Games
2014-05-20 14:42 - 2014-05-20 14:42 - 00462336 _____ (Dino Chiesa) C:\Users\Family\Downloads\Ionic.Zip.dll
2014-05-20 14:36 - 2014-05-20 14:34 - 11009536 _____ (Minecraft Installers) C:\Users\Family\Downloads\X Ray Mod Installer 1.7.4.exe
2014-05-20 12:53 - 2013-01-14 16:28 - 00000000 ____D () C:\ProgramData\Firefly Studios
2014-05-20 12:53 - 2012-12-06 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-20 12:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-20 12:50 - 2013-08-28 13:48 - 00000000 ____D () C:\Users\Family\AppData\Local\WarThunder
2014-05-16 16:07 - 2014-05-16 15:54 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-16 15:56 - 2014-05-16 15:56 - 00000000 _____ () C:\autoexec.bat
2014-05-16 15:55 - 2014-05-16 15:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-16 15:27 - 2014-05-16 15:27 - 00001170 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Opera Software
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Users\Felix\AppData\Local\Opera Software
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-16 15:26 - 2012-12-06 15:42 - 00001431 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 15:25 - 2014-03-16 19:05 - 00000680 __RSH () C:\Users\Felix\ntuser.pol
2014-05-16 15:25 - 2012-12-06 15:42 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 15:25 - 2012-12-06 15:42 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 13:55 - 2013-07-21 11:07 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.technic
2014-05-16 13:06 - 2014-05-12 09:11 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Craften Terminal
2014-05-16 11:44 - 2014-03-16 19:09 - 00001002 __RSH () C:\Users\Family\ntuser.pol
2014-05-16 11:44 - 2012-12-06 17:43 - 00000000 _RSHD () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 11:44 - 2012-12-06 17:43 - 00000000 ___RD () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 11:41 - 2014-05-06 19:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 19:34 - 2012-12-06 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 19:21 - 2013-08-07 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:20 - 2012-12-06 18:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:58 - 2014-04-29 17:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 19:58 - 2012-12-16 13:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:58 - 2012-12-08 23:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:58 - 2012-12-08 23:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 10:15 - 2014-05-12 10:15 - 00000000 ____D () C:\Users\Family\Documents\arma 2
2014-05-12 10:12 - 2014-05-12 10:12 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Roaming\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\IsolatedStorage
2014-05-12 10:09 - 2014-05-12 10:09 - 00000000 ____D () C:\Users\Family\AppData\Local\Downloaded Installations
2014-05-12 07:26 - 2014-05-24 21:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-24 21:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 21:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieUserList
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieSiteList
2014-05-10 07:30 - 2014-05-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 14:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 14:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 16:39 - 2014-05-07 16:38 - 00000000 ____D () C:\Users\Family\AppData\Roaming\skyz
2014-05-07 14:14 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 06:40 - 2014-05-15 19:33 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 19:33 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 19:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 19:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 14:39 - 2013-09-05 16:17 - 00000000 ____D () C:\Users\Family\AppData\Roaming\FileZilla
2014-05-02 10:01 - 2012-12-06 16:06 - 00003788 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-01 10:59 - 2013-01-14 16:28 - 00000000 ____D () C:\Users\Family\Documents\Stronghold Legends
2014-04-30 17:07 - 2014-04-29 19:06 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn Hamachi
2014-04-30 13:32 - 2014-04-30 13:32 - 00000000 ____D () C:\Program Files (x86)\GameHitZone.com

Some content of TEMP:
====================
C:\Users\Family\AppData\Local\Temp\23280.exe
C:\Users\Family\AppData\Local\Temp\81631.exe
C:\Users\Family\AppData\Local\Temp\i4jdel0.exe
C:\Users\Family\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Family\AppData\Local\Temp\noncrypted.exe
C:\Users\Family\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Family\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Family\AppData\Local\Temp\_isAAA5.exe
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 14:56

==================== End Of Log ============================
--- --- ---

schrauber 31.05.2014 15:22
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Family\VOKYV
C:\Windows\Microsoft\SystemUpdatekb70007
C:\Users\Family\AppData\Local\Temp\nhgak
C:\Users\Family\AppData\Local\Temp\pbdzr
C:\Users\Family\AppData\Roaming\A65BUJBSlast.exe
C:\Users\Family\AppData\Roaming\firefox5497.exe
C:\Users\Family\AppData\Roaming\Glaset.exe
C:\Users\Family\AppData\Roaming\HDA4LDCtest2.exe
C:\Users\Family\AppData\Roaming\T1ASLRAL6CUasd.exe
C:\Users\Family\AppData\Roaming\XZXCA5YXTasd.exe
C:\Users\Family\AppData\Roaming\Microsoft\ms_helper95.exe
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Felix\d1fz242761q21a\97994.vbs (No File)
GroupPolicyUsers\S-1-5-21-3942473469-3025678200-3895822530-1002\User: Group Policy restriction detected <======= ATTENTION
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
Hosts: 127.0.0.1 validation.sls.microsoft.com
FF Homepage: hxxp://google.de/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte. Noch Probleme?

Flexi2013 31.05.2014 18:20
Hallo,

Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by Felix at 2014-05-31 19:14:25 Run:1
Running from C:\Users\Felix\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Family\VOKYV
C:\Windows\Microsoft\SystemUpdatekb70007
C:\Users\Family\AppData\Local\Temp\nhgak
C:\Users\Family\AppData\Local\Temp\pbdzr
C:\Users\Family\AppData\Roaming\A65BUJBSlast.exe
C:\Users\Family\AppData\Roaming\firefox5497.exe
C:\Users\Family\AppData\Roaming\Glaset.exe
C:\Users\Family\AppData\Roaming\HDA4LDCtest2.exe
C:\Users\Family\AppData\Roaming\T1ASLRAL6CUasd.exe
C:\Users\Family\AppData\Roaming\XZXCA5YXTasd.exe
C:\Users\Family\AppData\Roaming\Microsoft\ms_helper95.exe
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Felix\d1fz242761q21a\97994.vbs (No File)
GroupPolicyUsers\S-1-5-21-3942473469-3025678200-3895822530-1002\User: Group Policy restriction detected <======= ATTENTION
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
Hosts: 127.0.0.1 validation.sls.microsoft.com
FF Homepage: hxxp://google.de/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys
       
*****************

C:\Users\Family\VOKYV => Moved successfully.
C:\Windows\Microsoft\SystemUpdatekb70007 => Moved successfully.
C:\Users\Family\AppData\Local\Temp\nhgak => Moved successfully.
C:\Users\Family\AppData\Local\Temp\pbdzr => Moved successfully.
C:\Users\Family\AppData\Roaming\A65BUJBSlast.exe => Moved successfully.
C:\Users\Family\AppData\Roaming\firefox5497.exe => Moved successfully.
C:\Users\Family\AppData\Roaming\Glaset.exe => Moved successfully.
C:\Users\Family\AppData\Roaming\HDA4LDCtest2.exe => Moved successfully.
C:\Users\Family\AppData\Roaming\T1ASLRAL6CUasd.exe => Moved successfully.
C:\Users\Family\AppData\Roaming\XZXCA5YXTasd.exe => Moved successfully.
C:\Users\Family\AppData\Roaming\Microsoft\ms_helper95.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MsmqIntCert => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk => Moved successfully.
C:\Users\Felix\d1fz242761q21a\97994.vbs not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3942473469-3025678200-3895822530-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
Firefox homepage deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64 => Service stopped successfully.
{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====
----------------------------------------------------------------------------
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Felix (administrator) on FELIX-PC on 31-05-2014 19:16:40
Running from C:\Users\Felix\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-28] (Alcor Micro Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-09-28] (AMD)
HKU\S-1-5-21-3942473469-3025678200-3895822530-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-05-15] (Raptr, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFE5E71907D22CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Mozilla Firefox\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Mozilla Firefox\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Mozilla Firefox\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\ko3fql5q.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SNT - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\y3gz@iuooeey.org [2014-03-22]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\102m12jj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-09]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28264 2009-11-24] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-06-06] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 19:16 - 2014-05-31 19:16 - 00010828 _____ () C:\Users\Felix\Desktop\FRST.txt
2014-05-31 19:14 - 2014-05-31 19:16 - 00000000 ____D () C:\Users\Felix\Desktop\31-05-2014
2014-05-30 22:09 - 2014-05-30 22:09 - 00000000 ____D () C:\ProgramData\ATI
2014-05-30 22:05 - 2014-05-30 22:05 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-05-30 22:05 - 2014-05-30 22:05 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\library_dir
2014-05-30 22:01 - 2014-05-31 19:17 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Raptr
2014-05-30 22:01 - 2014-05-30 22:05 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-05-30 22:01 - 2014-05-30 22:01 - 00061648 _____ () C:\Windows\SysWOW64\CCCInstall_201405302201383015.log
2014-05-30 22:01 - 2014-05-30 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-30 22:01 - 2014-05-30 22:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-30 21:56 - 2014-05-30 21:56 - 00000000 ____D () C:\Program Files\AMD
2014-05-30 21:54 - 2014-05-30 21:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-30 21:22 - 2014-05-30 21:50 - 269338400 _____ (AMD Inc.) C:\Users\Felix\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
2014-05-30 20:44 - 2014-05-30 20:45 - 02907552 _____ (Blizzard Entertainment) C:\Users\Felix\Downloads\Battle.net-Setup-deDE.exe
2014-05-30 20:02 - 2014-05-30 20:02 - 00000000 ____D () C:\Users\Felix\Desktop\FRST-OlderVersion
2014-05-30 19:50 - 2014-05-30 19:50 - 00854367 _____ () C:\Users\Felix\Desktop\SecurityCheck.exe
2014-05-30 19:49 - 2014-05-30 20:03 - 00000000 ____D () C:\Users\Felix\Desktop\Scan29-05-2014
2014-05-29 11:06 - 2014-05-29 11:06 - 02347384 _____ (ESET) C:\Users\Felix\Desktop\esetsmartinstaller_deu.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 09:52 - 2014-05-27 09:54 - 00000000 ____D () C:\AdwCleaner
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Desktop\adwcleaner_3.211.exe
2014-05-27 09:18 - 2014-05-27 09:18 - 00001274 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-25 10:25 - 2014-05-30 20:02 - 02066944 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2014-05-25 10:18 - 2014-05-31 19:16 - 00000000 ____D () C:\FRST
2014-05-24 22:10 - 2014-05-30 22:07 - 00119538 _____ () C:\Windows\PFRO.log
2014-05-24 21:51 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-24 21:51 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-24 21:48 - 2014-05-27 09:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 21:47 - 2014-05-24 21:47 - 00000936 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\Users\Felix\Desktop\Malwarebyte
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 21:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 21:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 21:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 21:42 - 2014-05-31 19:15 - 00001391 _____ () C:\Windows\setupact.log
2014-05-24 21:27 - 2014-05-24 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:32 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-24 19:32 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-24 19:31 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-24 19:31 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-24 19:31 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-24 19:31 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-24 19:31 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-24 19:31 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-24 19:31 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-24 19:31 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-24 19:31 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-24 19:31 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-24 19:31 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-24 19:31 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-24 19:31 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-24 19:31 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-24 19:31 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-24 19:31 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-24 12:48 - 2014-05-24 19:38 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-05-24 12:48 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-05-20 14:42 - 2014-05-20 14:42 - 00462336 _____ (Dino Chiesa) C:\Users\Family\Downloads\Ionic.Zip.dll
2014-05-20 14:34 - 2014-05-20 14:36 - 11009536 _____ (Minecraft Installers) C:\Users\Family\Downloads\X Ray Mod Installer 1.7.4.exe
2014-05-16 15:56 - 2014-05-16 15:56 - 00000000 _____ () C:\autoexec.bat
2014-05-16 15:55 - 2014-05-16 15:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-16 15:54 - 2014-05-16 16:07 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-16 15:27 - 2014-05-16 15:27 - 00001170 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Opera Software
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Users\Felix\AppData\Local\Opera Software
2014-05-16 15:20 - 2014-05-16 15:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 19:33 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:33 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:33 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:33 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:33 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:33 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:03 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 14:03 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 14:03 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:03 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:02 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 14:02 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 14:02 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 14:02 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 14:02 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 14:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 14:02 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 14:02 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 14:02 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 14:02 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 14:02 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 14:02 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 14:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 14:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 14:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 14:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 14:02 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 10:15 - 2014-05-12 10:15 - 00000000 ____D () C:\Users\Family\Documents\arma 2
2014-05-12 10:12 - 2014-05-12 10:12 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Roaming\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\IsolatedStorage
2014-05-12 10:09 - 2014-05-12 10:09 - 00000000 ____D () C:\Users\Family\AppData\Local\Downloaded Installations
2014-05-12 09:11 - 2014-05-16 13:06 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Craften Terminal
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieUserList
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieSiteList
2014-05-10 07:29 - 2014-05-10 07:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 16:38 - 2014-05-07 16:39 - 00000000 ____D () C:\Users\Family\AppData\Roaming\skyz
2014-05-07 13:58 - 2014-05-27 09:54 - 00001089 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-06 19:51 - 2014-05-16 11:41 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-31 19:17 - 2014-05-31 19:16 - 00010828 _____ () C:\Users\Felix\Desktop\FRST.txt
2014-05-31 19:17 - 2014-05-30 22:01 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Raptr
2014-05-31 19:17 - 2012-12-06 15:42 - 00000000 ____D () C:\Users\Felix\AppData\Local\Temp
2014-05-31 19:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-31 19:16 - 2014-05-31 19:14 - 00000000 ____D () C:\Users\Felix\Desktop\31-05-2014
2014-05-31 19:16 - 2014-05-25 10:18 - 00000000 ____D () C:\FRST
2014-05-31 19:15 - 2014-05-24 21:42 - 00001391 _____ () C:\Windows\setupact.log
2014-05-31 19:15 - 2014-03-16 19:05 - 00000008 __RSH () C:\Users\Felix\ntuser.pol
2014-05-31 19:15 - 2012-12-06 15:42 - 00000000 ____D () C:\Users\Felix
2014-05-31 19:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 19:14 - 2012-12-06 17:43 - 00000000 _RSHD () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 19:14 - 2012-12-06 17:43 - 00000000 ____D () C:\Users\Family\AppData\Local\Temp
2014-05-31 19:14 - 2012-12-06 17:43 - 00000000 ____D () C:\Users\Family
2014-05-31 19:14 - 2012-12-06 15:42 - 01498144 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 19:14 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 19:14 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 19:14 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-31 16:30 - 2012-12-06 16:09 - 01892538 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-31 16:30 - 2009-07-14 19:58 - 00821220 _____ () C:\Windows\system32\perfh007.dat
2014-05-31 16:30 - 2009-07-14 19:58 - 00193194 _____ () C:\Windows\system32\perfc007.dat
2014-05-31 16:29 - 2009-07-14 07:13 - 01892538 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 15:57 - 2012-12-16 13:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 23:16 - 2012-12-06 16:12 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\vlc
2014-05-30 22:09 - 2014-05-30 22:09 - 00000000 ____D () C:\ProgramData\ATI
2014-05-30 22:07 - 2014-05-24 22:10 - 00119538 _____ () C:\Windows\PFRO.log
2014-05-30 22:05 - 2014-05-30 22:05 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-05-30 22:05 - 2014-05-30 22:05 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\library_dir
2014-05-30 22:05 - 2014-05-30 22:01 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-05-30 22:01 - 2014-05-30 22:01 - 00061648 _____ () C:\Windows\SysWOW64\CCCInstall_201405302201383015.log
2014-05-30 22:01 - 2014-05-30 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-30 22:01 - 2014-05-30 22:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-30 22:01 - 2012-12-11 19:03 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-30 22:01 - 2012-12-06 16:28 - 00000000 ____D () C:\ProgramData\AMD
2014-05-30 21:56 - 2014-05-30 21:56 - 00000000 ____D () C:\Program Files\AMD
2014-05-30 21:54 - 2014-05-30 21:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-30 21:50 - 2014-05-30 21:22 - 269338400 _____ (AMD Inc.) C:\Users\Felix\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
2014-05-30 21:07 - 2013-09-28 11:31 - 00000000 ____D () C:\Users\Felix\AppData\Local\._LiveCode_
2014-05-30 20:47 - 2012-12-26 16:29 - 00000000 ____D () C:\Users\Felix\Documents\WOW
2014-05-30 20:45 - 2014-05-30 20:44 - 02907552 _____ (Blizzard Entertainment) C:\Users\Felix\Downloads\Battle.net-Setup-deDE.exe
2014-05-30 20:03 - 2014-05-30 19:49 - 00000000 ____D () C:\Users\Felix\Desktop\Scan29-05-2014
2014-05-30 20:02 - 2014-05-30 20:02 - 00000000 ____D () C:\Users\Felix\Desktop\FRST-OlderVersion
2014-05-30 20:02 - 2014-05-25 10:25 - 02066944 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2014-05-30 20:01 - 2014-04-22 11:56 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Notepad++
2014-05-30 19:50 - 2014-05-30 19:50 - 00854367 _____ () C:\Users\Felix\Desktop\SecurityCheck.exe
2014-05-29 11:06 - 2014-05-29 11:06 - 02347384 _____ (ESET) C:\Users\Felix\Desktop\esetsmartinstaller_deu.exe
2014-05-28 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 18:28 - 2012-12-15 14:13 - 00000000 ____D () C:\Users\Family\AppData\Local\Microsoft Games
2014-05-27 14:21 - 2012-12-22 12:16 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.minecraft
2014-05-27 09:58 - 2014-05-27 09:58 - 01016261 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-05-27 09:58 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 09:54 - 2014-05-27 09:52 - 00000000 ____D () C:\AdwCleaner
2014-05-27 09:54 - 2014-05-07 13:58 - 00001089 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-27 09:51 - 2014-05-27 09:51 - 01327971 _____ () C:\Users\Felix\Desktop\adwcleaner_3.211.exe
2014-05-27 09:46 - 2014-05-24 21:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 09:27 - 2014-03-22 15:17 - 00000000 ____D () C:\ProgramData\2fcf538f17f7f4f4
2014-05-27 09:23 - 2013-02-28 12:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-27 09:22 - 2013-02-28 12:59 - 00000000 ____D () C:\Users\Felix\AppData\Local\Google
2014-05-27 09:18 - 2014-05-27 09:18 - 00001274 _____ () C:\Users\Felix\Desktop\Revo Uninstaller.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-25 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-25 08:40 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-25 02:02 - 2012-12-09 19:16 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\TS3Client
2014-05-24 22:59 - 2014-01-15 13:38 - 00000552 _____ () C:\Users\Felix\Desktop\Passwörter.txt
2014-05-24 22:41 - 2012-12-23 13:27 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-24 22:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-24 22:10 - 2012-12-06 15:36 - 00000000 ____D () C:\Windows\Panther
2014-05-24 22:09 - 2014-04-29 13:56 - 00000000 __SHD () C:\Users\Family\kBh80A
2014-05-24 22:09 - 2014-02-22 16:22 - 00000000 _RSHD () C:\Users\Family\d1fz242761q21a
2014-05-24 22:09 - 2014-01-21 20:54 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Oxquev
2014-05-24 21:54 - 2012-12-08 16:38 - 00000141 _____ () C:\Users\Felix\Desktop\Neues Textdokument.txt
2014-05-24 21:47 - 2014-05-24 21:47 - 00000936 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\Users\Felix\Desktop\Malwarebyte
2014-05-24 21:47 - 2014-05-24 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 21:27 - 2014-05-24 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 21:01 - 2013-03-16 17:14 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 20:21 - 2014-03-02 04:50 - 00000000 ____D () C:\Users\Felix\AppData\Local\Battle.net
2014-05-24 19:38 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-05-24 12:48 - 2014-05-24 12:48 - 00000000 ____D () C:\Users\Felix\AppData\Local\Skype
2014-05-23 14:01 - 2013-03-16 17:14 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Skype
2014-05-21 18:34 - 2012-12-12 20:01 - 00000000 ____D () C:\Users\Family\Documents\My Games
2014-05-20 14:42 - 2014-05-20 14:42 - 00462336 _____ (Dino Chiesa) C:\Users\Family\Downloads\Ionic.Zip.dll
2014-05-20 14:36 - 2014-05-20 14:34 - 11009536 _____ (Minecraft Installers) C:\Users\Family\Downloads\X Ray Mod Installer 1.7.4.exe
2014-05-20 12:53 - 2013-01-14 16:28 - 00000000 ____D () C:\ProgramData\Firefly Studios
2014-05-20 12:53 - 2012-12-06 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-20 12:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-20 12:50 - 2013-08-28 13:48 - 00000000 ____D () C:\Users\Family\AppData\Local\WarThunder
2014-05-16 16:07 - 2014-05-16 15:54 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-16 15:56 - 2014-05-16 15:56 - 00000000 _____ () C:\autoexec.bat
2014-05-16 15:55 - 2014-05-16 15:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-16 15:27 - 2014-05-16 15:27 - 00001170 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Opera Software
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Users\Felix\AppData\Local\Opera Software
2014-05-16 15:26 - 2014-05-16 15:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-16 15:26 - 2012-12-06 15:42 - 00001431 _____ () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 15:25 - 2012-12-06 15:42 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 15:25 - 2012-12-06 15:42 - 00000000 ___RD () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 13:55 - 2013-07-21 11:07 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.technic
2014-05-16 13:06 - 2014-05-12 09:11 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Craften Terminal
2014-05-16 11:44 - 2014-03-16 19:09 - 00001002 __RSH () C:\Users\Family\ntuser.pol
2014-05-16 11:44 - 2012-12-06 17:43 - 00000000 ___RD () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 11:41 - 2014-05-06 19:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 19:34 - 2012-12-06 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:33 - 2014-05-15 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 19:21 - 2013-08-07 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:20 - 2012-12-06 18:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:58 - 2014-04-29 17:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 19:58 - 2012-12-16 13:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:58 - 2012-12-08 23:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:58 - 2012-12-08 23:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 10:15 - 2014-05-12 10:15 - 00000000 ____D () C:\Users\Family\Documents\arma 2
2014-05-12 10:12 - 2014-05-12 10:12 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Roaming\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\SIX Networks
2014-05-12 10:10 - 2014-05-12 10:10 - 00000000 ____D () C:\Users\Family\AppData\Local\IsolatedStorage
2014-05-12 10:09 - 2014-05-12 10:09 - 00000000 ____D () C:\Users\Family\AppData\Local\Downloaded Installations
2014-05-12 07:26 - 2014-05-24 21:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-24 21:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 21:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieUserList
2014-05-10 17:53 - 2014-05-10 17:53 - 00000000 __SHD () C:\Users\Felix\AppData\Local\EmieSiteList
2014-05-10 07:30 - 2014-05-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 14:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 14:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 16:39 - 2014-05-07 16:38 - 00000000 ____D () C:\Users\Family\AppData\Roaming\skyz
2014-05-07 14:14 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 06:40 - 2014-05-15 19:33 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 19:33 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 19:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 19:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 14:39 - 2013-09-05 16:17 - 00000000 ____D () C:\Users\Family\AppData\Roaming\FileZilla
2014-05-02 10:01 - 2012-12-06 16:06 - 00003788 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-01 10:59 - 2013-01-14 16:28 - 00000000 ____D () C:\Users\Family\Documents\Stronghold Legends

Some content of TEMP:
====================
C:\Users\Family\AppData\Local\Temp\23280.exe
C:\Users\Family\AppData\Local\Temp\81631.exe
C:\Users\Family\AppData\Local\Temp\i4jdel0.exe
C:\Users\Family\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Family\AppData\Local\Temp\noncrypted.exe
C:\Users\Family\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Family\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Family\AppData\Local\Temp\_isAAA5.exe
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe
C:\Users\Felix\AppData\Local\Temp\raptrpatch.exe
C:\Users\Felix\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 14:56

==================== End Of Log ============================
--- --- ---

schrauber 01.06.2014 14:14
meine Frage?

Flexi2013 01.06.2014 15:10
Hallo,

achso übersehen sorry ;)

Also jetzt läuft es erst mal wieder, habe nichts mehr festgestellt.
Vielen Dank für die Hilfe und die ausführliche Anleitung.

mfg

schrauber 02.06.2014 12:11
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131