Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   worm.Zhelatin in C:\Windows\System32\fsvk.exe.exe (https://www.trojaner-board.de/155035-worm-zhelatin-c-windows-system32-fsvk-exe-exe.html)

Faaabiiio 10.06.2014 22:42
worm.Zhelatin in C:\Windows\System32\fsvk.exe.exe
 
Guten Abend,

Ich habe heute mit Hilfe eines Freundes festgestellt (über Malwarebytes), dass ich einen
worm.Zhelatin in C:\Windows\System32\fsvk.exe.exe
auf meinem System mit Windows 7 Home Premium 64bit habe.
:headbang:

In einem anderen Thread habe ich bereits etwas darüber gelesen, jedoch bin ich daraus auch nicht wirklich schlauer geworden. Dort stand nur, dass man den PC neu aufsetzen soll, was ich aber, sofern dies möglich ist verhindern möchte, da ich erstens sehr viele Dateien habe, die dadurch verloren gehen würden und zweitens beim Kauf des PCs keine Windows CD erhalten habe, sondern nur einen Key (falls Neuinstallation nicht zu verhindern wäre ich froh, wenn mir jemand erklären kann, wie das ohne eine CD funktioniert).

Hier noch das Log:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.06.2014
Scan Time: 13:51:01
Logfile: worm_zhelatin_test.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.10.04
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Fabio

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286029
Time Elapsed: 7 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe, 4644, Delete-on-Reboot, [04c83f37adce5adc86146fbbb34e1ae6]
PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe, 4656, Delete-on-Reboot, [705ce294354641f5465258d2956c7f81]

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.OptimizerPro, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\70e6ca8c, Quarantined, [ddef3c3a6318f3430fdbd365e61e17e9],

Registry Values: 0
(No malicious items detected)

Registry Data: 10
PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Replaced,[1eaebbbbf6850d29e22986e140c458a8]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[428a6e087506e4528589b4b39371e31d]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (hxxp://www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[686444323546d46237c07cf4c4409f61]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[2f9dc9ad2952b284f31a9bccf50fcf31]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (hxxp://www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[08c45521a2d99a9c9e588fe19b6951af]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[f2da294d6c0f122468a87deaaf55f20e]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (hxxp://www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[ab21aacc75060f276d8c9ed2f21212ee]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[dcf0344279021125c64bf0779470728e]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (hxxp://www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[b616e88ee19ae84e04f6610f7490c53b]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1135877238-1570040499-2305132942-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000),Delete-on-Reboot,[616b591ded8e191db9530067be46867a]

Folders: 3
PUP.Optional.OpenCandy, C:\Users\Fabio\AppData\Roaming\OpenCandy, Quarantined, [b3194e28334853e351346223a55df40c],
PUP.Optional.OpenCandy, C:\Users\Fabio\AppData\Roaming\OpenCandy\EEB2EBA2411B4197833F9FAA22CB5138, Quarantined, [b3194e28334853e351346223a55df40c],
PUP.Optional.OpenCandy, C:\Users\Fabio\AppData\Roaming\OpenCandy\F74DD1FA2D9C4A6D82AE42E0BF7B59AC, Quarantined, [b3194e28334853e351346223a55df40c],

Files: 6
PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe, Delete-on-Reboot, [ddef3c3a6318f3430fdbd365e61e17e9],
PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe, Delete-on-Reboot, [04c83f37adce5adc86146fbbb34e1ae6],
PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe, Delete-on-Reboot, [705ce294354641f5465258d2956c7f81],
PUP.Optional.Linkury.A, C:\Users\Fabio\AppData\Roaming\OpenCandy\EEB2EBA2411B4197833F9FAA22CB5138\Installer.exe, Quarantined, [547883f39be07cba3e24f446828212ee],
Worm.Zhelatin, C:\Windows\System32\fsvk.exe.exe, Quarantined, [ebe16c0ae19aac8a0517dc2733d044bc],
PUP.Optional.OpenCandy, C:\Users\Fabio\AppData\Roaming\OpenCandy\F74DD1FA2D9C4A6D82AE42E0BF7B59AC\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, Quarantined, [b3194e28334853e351346223a55df40c],

Physical Sectors: 0
(No malicious items detected)


(end)
Ich bin leider nicht sehr erfahren was solche Dinge betrifft und hoffe, dass ihr mir dabei helfen könnt. Dies ist mein erster Beitrag hier ;)

Vielen Dank im Voraus,
Fabio

schrauber 11.06.2014 06:56
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Faaabiiio 11.06.2014 10:05
Hallo,
vielen Dank für die Antwort ;D

Die FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Fabio (administrator) on FABIO-COMPUTER on 10-06-2014 23:04:21
Running from C:\Users\Fabio\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Fabio\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [34432 2013-04-23] (Creative Technology Ltd.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-08-13] (MSI)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-14] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1135877238-1570040499-2305132942-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
HKU\S-1-5-21-1135877238-1570040499-2305132942-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1135877238-1570040499-2305132942-1000\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs: C:\Program Files (x86)\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2603312 2014-02-28] ()
AppInit_DLLs-x32: c:\program files (x86)\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2869720 2013-10-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.giga.de/androidnews/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fd6126cd-f1c2-e4e3-1556-2aff212d63b5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/02/2014&type=hp1000
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: https://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14]
CHR Extension: (Google Drive) - C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14]
CHR Extension: (YouTube) - C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14]
CHR Extension: (Google-Suche) - C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14]
CHR Extension: (avast! Online Security) - C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-14]
CHR Extension: (Amazon-Icon) - C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-02-28]
CHR Extension: (Google Wallet) - C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Google Mail) - C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-14]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Fabio\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-02-28]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-15] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-14] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-08-19] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-14] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-14] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-06-10] (Symantec Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 23:04 - 2014-06-10 23:04 - 00018059 _____ () C:\Users\Fabio\Desktop\FRST.txt
2014-06-10 23:04 - 2014-06-10 23:04 - 00000000 ____D () C:\FRST
2014-06-10 23:03 - 2014-06-10 23:03 - 02080768 _____ (Farbar) C:\Users\Fabio\Desktop\FRST64.exe
2014-06-10 23:02 - 2014-06-10 23:02 - 00050477 _____ () C:\Users\Fabio\Desktop\Defogger.exe
2014-06-10 23:02 - 2014-06-10 23:02 - 00000472 _____ () C:\Users\Fabio\Desktop\defogger_disable.log
2014-06-10 23:02 - 2014-06-10 23:02 - 00000000 _____ () C:\Users\Fabio\defogger_reenable
2014-06-10 21:23 - 2014-06-10 21:23 - 00602112 _____ (OldTimer Tools) C:\Users\Fabio\Downloads\OTL.exe
2014-06-10 21:15 - 2014-06-10 21:15 - 00008916 _____ () C:\worm_zhelatin_test.txt
2014-06-10 20:52 - 2014-06-10 20:52 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-06-10 20:52 - 2014-06-10 20:52 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-06-10 20:43 - 2014-06-10 20:44 - 00000000 ____D () C:\NPE
2014-06-10 20:42 - 2014-06-10 20:52 - 00000000 ____D () C:\Users\Fabio\AppData\Local\NPE
2014-06-10 20:41 - 2014-06-10 20:41 - 03081712 ____N (Symantec Corporation) C:\Users\Fabio\Downloads\NPE.exe
2014-06-10 15:57 - 2014-06-10 15:57 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Fabio\Downloads\SpyHunter-Installer (1).exe
2014-06-10 15:23 - 2014-06-10 15:23 - 00000000 _____ () C:\autoexec.bat
2014-06-10 15:20 - 2014-06-10 15:23 - 00002268 _____ () C:\Users\Fabio\Desktop\SpyHunter.lnk
2014-06-10 15:20 - 2014-06-10 15:23 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-10 15:20 - 2014-06-10 15:23 - 00000000 ____D () C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-06-10 15:20 - 2014-06-10 15:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-10 15:18 - 2014-06-10 15:19 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Fabio\Downloads\SpyHunter-Installer.exe
2014-06-10 14:01 - 2014-06-10 14:01 - 00001194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-10 14:01 - 2014-06-10 14:01 - 00001182 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-10 14:01 - 2014-06-10 14:01 - 00001182 _____ () C:\ProgramData\Desktop\TeamViewer 9.lnk
2014-06-10 14:01 - 2014-06-10 14:01 - 00000000 ____D () C:\Users\Fabio\AppData\Roaming\TeamViewer
2014-06-10 14:01 - 2014-06-10 14:01 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-10 14:00 - 2014-06-10 14:00 - 06247128 _____ (TeamViewer GmbH) C:\Users\Fabio\Downloads\TeamViewer_Setup_de_9.0.29327.exe
2014-06-10 13:50 - 2014-06-10 22:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 13:50 - 2014-06-10 13:50 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 13:50 - 2014-06-10 13:50 - 00001122 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 13:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 13:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 13:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 13:49 - 2014-06-10 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fabio\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 13:35 - 2014-06-10 13:35 - 00000000 ____D () C:\Users\Fabio\Desktop\Sicherheitskopien
2014-06-10 13:26 - 2014-06-10 13:26 - 00000000 ____D () C:\Users\Default\AppData\Local\Overwolf
2014-06-10 13:26 - 2014-06-10 13:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\Overwolf
2014-06-10 10:14 - 2014-06-10 10:14 - 00064709 _____ () C:\Users\Fabio\Downloads\FSXWX (1).zip
2014-06-08 20:01 - 2014-06-08 20:01 - 00001374 _____ () C:\Users\Fabio\Downloads\Hamster2103Josh.ham
2014-06-08 19:39 - 2014-06-08 19:39 - 00122484 _____ () C:\Users\Fabio\Downloads\1.2.11.6 Übungsaufgaben.pages
2014-06-08 19:39 - 2014-06-08 19:39 - 00120576 _____ () C:\Users\Fabio\Downloads\1.2.10.11 Übungsaufgaben.pages
2014-06-06 21:56 - 2014-06-06 21:56 - 02680496 _____ () C:\Users\Fabio\Downloads\SBPS.rar
2014-06-01 08:41 - 2014-06-01 08:41 - 00000460 _____ () C:\Users\Fabio\Downloads\Croatia_ivao_flightplan (3).fpl
2014-06-01 08:39 - 2014-06-01 08:39 - 00000340 _____ () C:\Users\Fabio\Downloads\Croatia_ivao_flightplan (2).fpl
2014-05-28 19:02 - 2014-05-28 19:02 - 00010555 _____ () C:\Users\Fabio\AppData\Local\recently-used.xbel
2014-05-28 18:10 - 2014-05-30 22:31 - 00006796 _____ () C:\Users\Fabio\Documents\NECAboutUs.odt
2014-05-28 17:31 - 2014-05-30 22:31 - 00013122 _____ () C:\Users\Fabio\Documents\NECRulesAndReg.odt
2014-05-26 21:54 - 2014-05-26 21:54 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 21:54 - 2014-05-19 23:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-26 21:52 - 2014-05-20 02:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 21:52 - 2014-05-20 02:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-26 21:52 - 2014-05-20 02:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-26 21:52 - 2014-05-20 02:44 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-26 21:51 - 2014-05-26 21:51 - 00000000 ____D () C:\NVIDIA
2014-05-26 20:50 - 2014-03-31 16:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-26 20:50 - 2014-03-31 16:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-25 21:21 - 2014-05-25 21:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-25 21:21 - 2014-05-04 17:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-24 09:54 - 2014-05-24 09:54 - 00000340 _____ () C:\Users\Fabio\Downloads\Croatia_ivao_flightplan.fpl
2014-05-19 19:17 - 2014-05-19 19:18 - 36542816 _____ () C:\Users\Fabio\Downloads\51008-UKOR-KulbakinoFSX.zip
2014-05-19 19:16 - 2014-05-19 19:20 - 257047186 _____ () C:\Users\Fabio\Downloads\52496-URMM-FSX.zip
2014-05-19 16:32 - 2014-05-21 11:57 - 00000000 ____D () C:\Users\Fabio\Desktop\A320 NEC
2014-05-19 11:57 - 2014-05-19 11:57 - 25842955 _____ () C:\Users\Fabio\Downloads\pmdgneckarairways738wl.zip
2014-05-19 11:57 - 2014-05-19 11:57 - 09335121 _____ () C:\Users\Fabio\Downloads\AerosoftExtended X (1).zip
2014-05-16 21:36 - 2014-05-16 21:39 - 260514741 _____ () C:\Users\Fabio\Downloads\52771-UWGG.zip
2014-05-15 18:42 - 2014-05-15 18:43 - 36647737 _____ () C:\Users\Fabio\Downloads\mjc8-400-Pilot-patch1_009-inst.exe
2014-05-15 11:59 - 2014-05-06 04:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 11:59 - 2014-05-06 04:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 11:59 - 2014-05-06 03:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 11:59 - 2014-05-06 03:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 11:59 - 2014-05-06 03:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 11:59 - 2014-05-06 02:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:33 - 2014-05-09 06:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 12:33 - 2014-05-09 06:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 12:33 - 2014-03-25 02:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:33 - 2014-03-25 02:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:28 - 2014-04-12 02:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:28 - 2014-04-12 02:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:28 - 2014-04-12 02:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:28 - 2014-04-12 02:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:28 - 2014-04-12 02:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:28 - 2014-04-12 02:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:28 - 2014-04-12 02:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:28 - 2014-04-12 02:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:28 - 2014-04-12 02:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:28 - 2014-03-04 09:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:28 - 2014-03-04 09:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:28 - 2014-03-04 09:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:28 - 2014-03-04 09:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:28 - 2014-03-04 09:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:28 - 2014-03-04 09:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:28 - 2014-03-04 09:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:28 - 2014-03-04 09:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:28 - 2014-03-04 09:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:28 - 2014-03-04 09:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:28 - 2014-03-04 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:28 - 2014-03-04 09:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:28 - 2014-03-04 09:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:28 - 2014-03-04 09:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:28 - 2014-03-04 09:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:28 - 2014-03-04 09:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:28 - 2014-03-04 09:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:28 - 2014-03-04 09:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:28 - 2014-03-04 09:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:28 - 2014-03-04 09:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:28 - 2014-03-04 09:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 18:12 - 2014-05-12 18:12 - 02887780 _____ () C:\Users\Fabio\Downloads\VSJan14en.zip

==================== One Month Modified Files and Folders =======

2014-06-10 23:04 - 2014-06-10 23:04 - 00018059 _____ () C:\Users\Fabio\Desktop\FRST.txt
2014-06-10 23:04 - 2014-06-10 23:04 - 00000000 ____D () C:\FRST
2014-06-10 23:04 - 2014-01-14 16:55 - 00000000 ____D () C:\Users\Fabio\AppData\Local\Temp
2014-06-10 23:03 - 2014-06-10 23:03 - 02080768 _____ (Farbar) C:\Users\Fabio\Desktop\FRST64.exe
2014-06-10 23:02 - 2014-06-10 23:02 - 00050477 _____ () C:\Users\Fabio\Desktop\Defogger.exe
2014-06-10 23:02 - 2014-06-10 23:02 - 00000472 _____ () C:\Users\Fabio\Desktop\defogger_disable.log
2014-06-10 23:02 - 2014-06-10 23:02 - 00000000 _____ () C:\Users\Fabio\defogger_reenable
2014-06-10 23:02 - 2014-01-14 16:55 - 00000000 ____D () C:\Users\Fabio
2014-06-10 23:01 - 2014-01-14 17:48 - 00000000 ____D () C:\Users\Fabio\Documents\Flight Simulator X-Dateien
2014-06-10 22:51 - 2014-01-14 17:11 - 00000000 ____D () C:\Users\Fabio\AppData\Roaming\Skype
2014-06-10 22:35 - 2014-01-14 20:09 - 00000000 ____D () C:\Users\Fabio\AppData\Roaming\TS3Client
2014-06-10 22:17 - 2014-01-14 15:51 - 01259343 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 22:15 - 2014-01-14 17:12 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 22:15 - 2014-01-14 17:12 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 22:08 - 2014-06-10 13:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 21:23 - 2014-06-10 21:23 - 00602112 _____ (OldTimer Tools) C:\Users\Fabio\Downloads\OTL.exe
2014-06-10 21:15 - 2014-06-10 21:15 - 00008916 _____ () C:\worm_zhelatin_test.txt
2014-06-10 21:15 - 2014-02-03 21:48 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-10 20:58 - 2009-07-14 04:45 - 00024288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 20:58 - 2009-07-14 04:45 - 00024288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 20:52 - 2014-06-10 20:52 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-06-10 20:52 - 2014-06-10 20:52 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-06-10 20:52 - 2014-06-10 20:42 - 00000000 ____D () C:\Users\Fabio\AppData\Local\NPE
2014-06-10 20:50 - 2014-01-14 20:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-10 20:50 - 2013-12-18 12:56 - 00028792 _____ () C:\Windows\setupact.log
2014-06-10 20:50 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 20:45 - 2014-01-14 21:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-10 20:44 - 2014-06-10 20:43 - 00000000 ____D () C:\NPE
2014-06-10 20:43 - 2010-11-21 03:47 - 00813318 _____ () C:\Windows\PFRO.log
2014-06-10 20:42 - 2014-01-14 20:43 - 00000000 ____D () C:\ProgramData\Norton
2014-06-10 20:41 - 2014-06-10 20:41 - 03081712 ____N (Symantec Corporation) C:\Users\Fabio\Downloads\NPE.exe
2014-06-10 19:53 - 2014-02-22 19:27 - 00000936 _____ () C:\Users\Fabio\Desktop\GIMP 2.lnk
2014-06-10 19:53 - 2014-02-06 21:11 - 00000909 _____ () C:\Users\Fabio\Desktop\IvAi - IVAO Interface.lnk
2014-06-10 19:22 - 2011-04-12 07:43 - 00699726 _____ () C:\Windows\system32\perfh007.dat
2014-06-10 19:22 - 2011-04-12 07:43 - 00149364 _____ () C:\Windows\system32\perfc007.dat
2014-06-10 19:22 - 2009-07-14 05:13 - 01621742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 19:16 - 2009-07-14 04:45 - 00427344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-10 16:03 - 2014-02-28 20:08 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-10 15:57 - 2014-06-10 15:57 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Fabio\Downloads\SpyHunter-Installer (1).exe
2014-06-10 15:23 - 2014-06-10 15:23 - 00000000 _____ () C:\autoexec.bat
2014-06-10 15:23 - 2014-06-10 15:20 - 00002268 _____ () C:\Users\Fabio\Desktop\SpyHunter.lnk
2014-06-10 15:23 - 2014-06-10 15:20 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-10 15:23 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-06-10 15:20 - 2014-06-10 15:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-10 15:19 - 2014-06-10 15:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Fabio\Downloads\SpyHunter-Installer.exe
2014-06-10 14:28 - 2014-01-14 16:56 - 00113672 _____ () C:\Users\Fabio\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-10 14:27 - 2014-01-25 00:36 - 00000000 ____D () C:\Users\Fabio\Desktop\FSXsicherungskopien
2014-06-10 14:01 - 2014-06-10 14:01 - 00001194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-10 14:01 - 2014-06-10 14:01 - 00001182 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-10 14:01 - 2014-06-10 14:01 - 00001182 _____ () C:\ProgramData\Desktop\TeamViewer 9.lnk
2014-06-10 14:01 - 2014-06-10 14:01 - 00000000 ____D () C:\Users\Fabio\AppData\Roaming\TeamViewer
2014-06-10 14:01 - 2014-06-10 14:01 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-10 14:00 - 2014-06-10 14:00 - 06247128 _____ (TeamViewer GmbH) C:\Users\Fabio\Downloads\TeamViewer_Setup_de_9.0.29327.exe
2014-06-10 13:50 - 2014-06-10 13:50 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 13:50 - 2014-06-10 13:50 - 00001122 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 13:50 - 2014-06-10 13:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fabio\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 13:44 - 2014-03-29 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery
2014-06-10 13:41 - 2014-01-14 20:10 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-06-10 13:35 - 2014-06-10 13:35 - 00000000 ____D () C:\Users\Fabio\Desktop\Sicherheitskopien
2014-06-10 13:26 - 2014-06-10 13:26 - 00000000 ____D () C:\Users\Default\AppData\Local\Overwolf
2014-06-10 13:26 - 2014-06-10 13:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\Overwolf
2014-06-10 10:14 - 2014-06-10 10:14 - 00064709 _____ () C:\Users\Fabio\Downloads\FSXWX (1).zip
2014-06-10 10:00 - 2014-01-14 17:11 - 00000000 ____D () C:\Users\Fabio\AppData\Local\Deployment
2014-06-10 09:59 - 2014-01-15 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft
2014-06-08 20:01 - 2014-06-08 20:01 - 00001374 _____ () C:\Users\Fabio\Downloads\Hamster2103Josh.ham
2014-06-08 19:39 - 2014-06-08 19:39 - 00122484 _____ () C:\Users\Fabio\Downloads\1.2.11.6 Übungsaufgaben.pages
2014-06-08 19:39 - 2014-06-08 19:39 - 00120576 _____ () C:\Users\Fabio\Downloads\1.2.10.11 Übungsaufgaben.pages
2014-06-06 21:56 - 2014-06-06 21:56 - 02680496 _____ () C:\Users\Fabio\Downloads\SBPS.rar
2014-06-01 11:59 - 2014-01-19 10:09 - 00000000 ____D () C:\Users\Fabio\Documents\CAVacars
2014-06-01 08:41 - 2014-06-01 08:41 - 00000460 _____ () C:\Users\Fabio\Downloads\Croatia_ivao_flightplan (3).fpl
2014-06-01 08:39 - 2014-06-01 08:39 - 00000340 _____ () C:\Users\Fabio\Downloads\Croatia_ivao_flightplan (2).fpl
2014-05-30 22:31 - 2014-05-28 18:10 - 00006796 _____ () C:\Users\Fabio\Documents\NECAboutUs.odt
2014-05-30 22:31 - 2014-05-28 17:31 - 00013122 _____ () C:\Users\Fabio\Documents\NECRulesAndReg.odt
2014-05-28 19:02 - 2014-05-28 19:02 - 00010555 _____ () C:\Users\Fabio\AppData\Local\recently-used.xbel
2014-05-28 19:02 - 2014-02-22 19:27 - 00000000 ____D () C:\Users\Fabio\.gimp-2.8
2014-05-26 21:54 - 2014-05-26 21:54 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 21:54 - 2014-01-14 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-26 21:54 - 2014-01-10 06:50 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-26 21:54 - 2014-01-10 06:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-26 21:51 - 2014-05-26 21:51 - 00000000 ____D () C:\NVIDIA
2014-05-26 21:44 - 2014-03-07 13:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-26 20:51 - 2014-01-14 20:53 - 00000000 ____D () C:\Users\Fabio\AppData\Local\NVIDIA Corporation
2014-05-25 22:36 - 2014-02-03 15:26 - 00000000 ____D () C:\Users\Fabio\AppData\Local\Windows Live
2014-05-25 21:22 - 2014-05-25 21:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-24 10:34 - 2014-01-14 21:00 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-05-24 09:54 - 2014-05-24 09:54 - 00000340 _____ () C:\Users\Fabio\Downloads\Croatia_ivao_flightplan.fpl
2014-05-23 19:18 - 2014-01-14 17:13 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 19:18 - 2014-01-14 17:13 - 00002191 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-05-21 11:57 - 2014-05-19 16:32 - 00000000 ____D () C:\Users\Fabio\Desktop\A320 NEC
2014-05-21 11:57 - 2014-02-22 19:29 - 00000000 ____D () C:\Users\Fabio\AppData\Local\gtk-2.0
2014-05-21 11:41 - 2014-02-17 20:42 - 00000000 ____D () C:\Users\Fabio\AppData\Local\Paint.NET
2014-05-20 02:44 - 2014-05-26 21:52 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 02:44 - 2014-05-26 21:52 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-20 02:44 - 2014-05-26 21:52 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 02:44 - 2014-05-26 21:52 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-20 02:44 - 2014-01-14 20:51 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 - 2014-01-14 20:50 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 02:44 - 2014-01-14 20:50 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 02:44 - 2014-01-14 20:49 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 02:44 - 2014-01-14 20:49 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 02:44 - 2014-01-14 20:49 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 02:44 - 2013-11-28 12:37 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 02:44 - 2013-11-28 12:36 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 01:25 - 2014-01-14 20:50 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 01:25 - 2014-01-14 20:50 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 01:25 - 2014-01-14 20:50 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 01:25 - 2014-01-14 20:50 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 01:25 - 2014-01-14 20:50 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 01:25 - 2014-01-14 20:50 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-19 23:10 - 2014-05-26 21:54 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 19:20 - 2014-05-19 19:16 - 257047186 _____ () C:\Users\Fabio\Downloads\52496-URMM-FSX.zip
2014-05-19 19:18 - 2014-05-19 19:17 - 36542816 _____ () C:\Users\Fabio\Downloads\51008-UKOR-KulbakinoFSX.zip
2014-05-19 16:33 - 2014-04-22 11:03 - 00000000 ____D () C:\Users\Fabio\Desktop\A320NEO white
2014-05-19 11:57 - 2014-05-19 11:57 - 25842955 _____ () C:\Users\Fabio\Downloads\pmdgneckarairways738wl.zip
2014-05-19 11:57 - 2014-05-19 11:57 - 09335121 _____ () C:\Users\Fabio\Downloads\AerosoftExtended X (1).zip
2014-05-16 21:39 - 2014-05-16 21:36 - 260514741 _____ () C:\Users\Fabio\Downloads\52771-UWGG.zip
2014-05-15 18:43 - 2014-05-15 18:42 - 36647737 _____ () C:\Users\Fabio\Downloads\mjc8-400-Pilot-patch1_009-inst.exe
2014-05-15 18:27 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 17:47 - 2014-01-18 11:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 17:43 - 2014-01-14 16:55 - 00000000 ___RD () C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:43 - 2014-01-14 16:55 - 00000000 ___RD () C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:41 - 2014-05-01 18:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 12:00 - 2014-02-23 19:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 11:58 - 2014-01-14 21:05 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-15 11:58 - 2014-01-14 21:05 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-14 23:49 - 2014-01-14 20:50 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-12 18:12 - 2014-05-12 18:12 - 02887780 _____ () C:\Users\Fabio\Downloads\VSJan14en.zip
2014-05-12 07:26 - 2014-06-10 13:50 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-10 13:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-10 13:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Fabio\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Fabio\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Fabio\AppData\Local\Temp\avgnt.exe
C:\Users\Fabio\AppData\Local\Temp\bdfilters.dll
C:\Users\Fabio\AppData\Local\Temp\devcon64.exe
C:\Users\Fabio\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Fabio\AppData\Local\Temp\nvStInst.exe
C:\Users\Fabio\AppData\Local\Temp\oi_{255CDC3F-83E3-421A-BECC-C2FCBCAFD9A4}.exe
C:\Users\Fabio\AppData\Local\Temp\OptimizerPro_20140120.exe
C:\Users\Fabio\AppData\Local\Temp\ose00000.exe
C:\Users\Fabio\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Fabio\AppData\Local\Temp\sdapskill.exe
C:\Users\Fabio\AppData\Local\Temp\sdaspwn.exe
C:\Users\Fabio\AppData\Local\Temp\SHSetup.exe
C:\Users\Fabio\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Fabio\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 02:25

==================== End Of Log ============================
--- --- ---

--- --- ---


Und hier noch die Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014
Ran by Fabio at 2014-06-10 23:04:41
Running from C:\Users\Fabio\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Airbus X Extended - FSX (HKLM-x32\...\Airbus X Extended - FSX) (Version: 1.15 - )
Aerosoft's - German Airfields FREE - Wasserkuppe (HKLM-x32\...\{8F702E8C-D01F-4128-AD93-4A9AE07603A9}) (Version: 1.00 - Aerosoft)
aerosoft's - German Airports 1 - Stuttgart X (HKLM-x32\...\{E4298CF5-9C36-4519-9089-FF7A43EA5C5D}) (Version: 1.02 - aerosoft)
aerosoft's - German Airports 3 - 2012 (FSX) (HKLM-x32\...\{857D0DD6-42D4-4BD7-B299-EA70A064302D}) (Version: 1.04 - aerosoft)
aerosoft's - Mega Airport Amsterdam FSX (HKLM-x32\...\{0A297C87-BF52-43FD-AD75-EE72228E4457}) (Version: 1.04 - aerosoft)
Aerosoft's - Mega Airport Athen X (HKLM-x32\...\{3457FE8A-A557-491A-9E3A-0699FEAB10C3}) (Version: 1.00 - Aerosoft)
aerosoft's - Mega Airport Barcelona X (HKLM-x32\...\{A8736347-B854-400E-A060-19321AD85B98}) (Version: 1.03 - aerosoft)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2011 - Avast Software)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
B200 King Air HD SERIES FSX/P3D (HKLM-x32\...\B200 King Air HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.4.505 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version:  - )
Carenado CT182T SKYLANE HD SERIES FSX/P3D (HKLM-x32\...\Carenado CT182T SKYLANE HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
Carenado SR22T HD SERIES FSX/P3D (HKLM-x32\...\Carenado SR22T HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
CAVacars (HKLM-x32\...\{B55B6870-069D-43B5-92AC-AE68F03C399E}) (Version: 2.0.0.8 - Croatia Airlines Virtual)
D17 Staggerwing FSX/P3D (HKLM-x32\...\D17 Staggerwing FSX/P3D) (Version: 1.00.00.00 - ALABEO)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
EFASS - Electronic Flight Assistant version 1.0.1606.5877 (HKLM-x32\...\{6B1F09C0-85C2-4C7B-90F0-D02D32A739A1}_is1) (Version: 1.0.1606.5877 - Froom)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
FS Water Configurator 3.15 (HKLM\...\FS Water Configurator) (Version:  - )
FSX Scenery ISTANBUL ATATURK AIRPORT (LTBA) (HKCU\...\FSX Scenery ISTANBUL ATATURK AIRPORT (LTBA)) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
IvAc v1.2.4 (b225) (HKLM-x32\...\IvAc_is1) (Version:  - IVAO)
IvAi v1.0.0 b150 (HKLM\...\IvAi_is1) (Version:  - IVAO)
IvAp v1.9.8 (build 2138) (HKLM-x32\...\IvAp-v2_is1) (Version:  - IVAO)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
JbindX 1.3.1 (HKLM-x32\...\JbindX 1.3.1_is1) (Version:  - FragThe.Net)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
kACARS - Landing Rate (HKLM-x32\...\{FD1DE517-419E-4AD1-A791-72214057E3AD}) (Version: 1.0.0000 - FS-Products)
kACARS_Free (HKLM-x32\...\{EB7C076C-719C-4030-8864-AB20F326E714}) (Version: 1.0.1011 - FS-Products)
Majestic MJC8Q400 Version 1.008 (HKLM-x32\...\MJC8Q400) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maps2Bgl 2.6b Beta FSX-Version (HKLM-x32\...\Maps2Bgl_X_is1) (Version:  - Gunnar Daehling)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - PC Utilities Software Limited) <==== ATTENTION
P46T Malibu JetProp DL HD SERIES FSX (HKLM-x32\...\P46T Malibu JetProp DL HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PicNic (HKLM-x32\...\PicNic) (Version:  - )
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.02 - Creative Technology Limited)
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
SpyHunter (HKLM\...\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.019 - MSI)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29327 - TeamViewer)
The Eye v1.0.8 (b367) (HKLM-x32\...\IvAe_is1) (Version:  - International Virtual Aviation Organisation VZW/ASBL)
TreeX V2 (HKLM-x32\...\TreeX_is1) (Version:  - Aimé Leclercq)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.6 - MSI)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

03-06-2014 21:43:01 Geplanter Prüfpunkt
10-06-2014 13:40:57 Removed Overwolf Old
10-06-2014 15:20:38 Installed SpyHunter
10-06-2014 20:48:57 Norton_Power_Eraser_20140610204854839
10-06-2014 21:37:00 OTL Restore Point - 10.06.2014 21:36:58

==================== Hosts content: ==========================

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04548052-55D9-4E8D-A953-1D44300912E8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-14] (AVAST Software)
Task: {65A3B09E-5836-459A-B7D6-D668DCC23474} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1135877238-1570040499-2305132942-1000
Task: {D0F2588E-B01F-45D9-AF86-B1115EE33953} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {E8A4EC3C-D818-4CFA-8025-CBD7899275E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-14 20:50 - 2014-05-20 01:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-18 15:24 - 2012-06-18 15:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-01-14 20:42 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-05-24 10:34 - 2014-05-24 10:34 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-05-24 10:34 - 2014-05-24 10:34 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-05-24 10:34 - 2014-05-24 10:34 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-10-23 12:15 - 2014-05-24 10:34 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-10-23 12:15 - 2014-05-24 10:34 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-05-24 10:34 - 2014-05-24 10:34 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-05-24 10:34 - 2014-05-24 10:34 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-10-23 12:15 - 2014-05-24 10:34 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-10-23 12:15 - 2014-05-24 10:34 - 00577480 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-05-24 10:34 - 2014-05-24 10:34 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-06-10 12:49 - 2014-06-10 09:14 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061001\algo.dll
2014-06-10 20:52 - 2014-06-10 19:47 - 02774528 _____ () C:\Program Files\AVAST Software\Avast\defs\14061002\algo.dll
2014-01-14 20:42 - 2012-10-31 15:00 - 00991232 _____ () C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\de-DE\SBCinema.resources.dll
2014-01-14 21:10 - 2014-01-14 21:10 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-23 19:18 - 2014-05-13 23:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-23 19:18 - 2014-05-13 23:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-23 19:18 - 2014-05-13 23:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 19:18 - 2014-05-13 23:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 19:18 - 2014-05-13 23:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-23 19:18 - 2014-05-13 23:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 09:47:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 444

Startzeit: 01cf84f3e8f6f627

Endzeit: 3

Anwendungspfad: C:\Users\Fabio\Downloads\OTL.exe

Berichts-ID:

Error: (06/10/2014 09:35:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 470

Startzeit: 01cf84f25c5db787

Endzeit: 2

Anwendungspfad: C:\Users\Fabio\Downloads\OTL.exe

Berichts-ID:

Error: (06/10/2014 08:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 08:45:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 07:18:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:20:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Optimizer Pro Crash Monitor since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/10/2014 01:27:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm fsx.exe, Version 10.0.61637.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b0

Startzeit: 01cf84af90686e12

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe

Berichts-ID: eb21382e-f0a2-11e3-97e8-448a5b24be9f

Error: (06/10/2014 01:25:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 05:30:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm fsx.exe, Version 10.0.61637.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8cc

Startzeit: 01cf83f9e0d6dc6a

Endzeit: 51

Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe

Berichts-ID: b8081195-effb-11e3-b852-448a5b24be9f

Error: (06/07/2014 07:16:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61637.0, Zeitstempel: 0x46fadb14
Name des fehlerhaften Moduls: window.dll, Version: 10.0.61637.0, Zeitstempel: 0x46fadb59
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004e5b
ID des fehlerhaften Prozesses: 0x18c0
Startzeit der fehlerhaften Anwendung: 0xfsx.exe0
Pfad der fehlerhaften Anwendung: fsx.exe1
Pfad des fehlerhaften Moduls: fsx.exe2
Berichtskennung: fsx.exe3


System errors:
=============
Error: (06/10/2014 10:45:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0C05E72B-85D2-4314-83F9-7702D5DDF536}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/10/2014 10:06:56 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0C05E72B-85D2-4314-83F9-7702D5DDF536}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/10/2014 09:21:52 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0C05E72B-85D2-4314-83F9-7702D5DDF536}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/10/2014 08:42:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/10/2014 05:18:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/10/2014 04:54:42 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (06/10/2014 04:54:32 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (06/10/2014 04:03:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Optimizer Pro Crash Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/10/2014 01:21:14 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0C05E72B-85D2-4314-83F9-7702D5DDF536}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/10/2014 11:24:04 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0C05E72B-85D2-4314-83F9-7702D5DDF536}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (06/10/2014 09:47:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.044401cf84f3e8f6f6273C:\Users\Fabio\Downloads\OTL.exe

Error: (06/10/2014 09:35:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.047001cf84f25c5db7872C:\Users\Fabio\Downloads\OTL.exe

Error: (06/10/2014 08:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 08:45:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 07:18:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:20:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Optimizer Pro Crash Monitor since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/10/2014 01:27:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: fsx.exe10.0.61637.0b001cf84af90686e125C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeeb21382e-f0a2-11e3-97e8-448a5b24be9f

Error: (06/10/2014 01:25:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 05:30:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: fsx.exe10.0.61637.08cc01cf83f9e0d6dc6a51C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeb8081195-effb-11e3-b852-448a5b24be9f

Error: (06/07/2014 07:16:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsx.exe10.0.61637.046fadb14window.dll10.0.61637.046fadb59c000000500004e5b18c001cf82828191910dC:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exeC:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\window.dll46f180e5-ee78-11e3-b852-448a5b24be9f


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 16328.06 MB
Available physical RAM: 12317.52 MB
Total Pagefile: 32654.3 MB
Available Pagefile: 28423.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:160 GB) (Free:35.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:771.51 GB) (Free:750.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C67AB4E)
Partition 1: (Active) - (Size=160 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=772 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 12.06.2014 05:55
Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19