Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Security Essentials durch Gruppenrichtlinie blockiert (https://www.trojaner-board.de/159657-security-essentials-gruppenrichtlinie-blockiert.html)

Malte.Hommes 12.10.2014 10:16
Security Essentials durch Gruppenrichtlinie blockiert
 
Guten Tag,

neuerdings wird mein Security Essentials durch eine Gruppenrichtlinie blockiert.

FRST.txt
Code:
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Windows\DAODx.exe
() C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Everything\Everything.exe
() C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe
() C:\Program Files\Sublime Text 3\sublime_text.exe
() C:\Program Files\Sublime Text 3\plugin_host.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [SmartPower Idle Monitor] => C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe [44544 2013-06-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKU\S-1-5-21-3451941310-4175689731-257133520-1000\...\MountPoints2: {60bf899a-c7ff-11e3-a01d-60a44c2b3db4} - D:\AutoRun.exe
HKU\S-1-5-21-3451941310-4175689731-257133520-1000\...\MountPoints2: {7196264c-9982-11e2-abe8-806e6f6e6963} - G:\BlueBirds.exe
HKU\S-1-5-21-3451941310-4175689731-257133520-1000\...\MountPoints2: {87d7c03e-9951-11e2-95e3-60a44c2b3db4} - H:\setup.exe /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: 127.0.0.1 secure.applian.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{06669229-3373-4909-A052-AD1F3A472F25}: [NameServer] 192.168.150.1
Tcpip\..\Interfaces\{146D51C1-8851-4C4B-B1CA-8522C0BDA0E0}: [NameServer] 192.168.150.1
Tcpip\..\Interfaces\{76B2A96F-DAC8-423A-9021-5F2FDA6DF455}: [NameServer] 192.168.99.1
Tcpip\..\Interfaces\{C6DD2EFD-6FDB-4D05-AE8F-6F99B4629911}: [NameServer] 192.168.150.1

FireFox:
========
FF ProfilePath: C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: DuckDuckGo
FF Homepage: hxxp://www.linuxmint.com/start/nadia
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\h3ll-r4z0r\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: German Dictionary - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-09]
FF Extension: LastPass - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\support@lastpass.com [2014-08-31]
FF Extension: feedly - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\feedly@devhd.xpi [2013-05-17]
FF Extension: Firebug - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-21]
FF Extension: YouTube Center - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-12-03]
FF Extension: Adblock Edge - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.linuxmint.com/start/nadia
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Profile: C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-10]
CHR Extension: (Google Drive) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-10]
CHR Extension: (Google Search) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-10]
CHR Extension: (AdBlock) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-06-03]
CHR Extension: (Fauxbar) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibkhcnpkakjniplpfblaoikiggkopka [2014-09-29]
CHR Extension: (LastPass Vault) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2013-07-12]
CHR Extension: (Google Wallet) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-05-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2014-04-20] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SmartPower; C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe [32768 2013-06-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
S3 cpuz137; \??\C:\Users\H3LL-R~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 10:53 - 2014-10-12 10:53 - 00027194 _____ () C:\Users\h3ll-r4z0r\Downloads\Addition.txt
2014-10-12 10:52 - 2014-10-12 11:11 - 00013825 _____ () C:\Users\h3ll-r4z0r\Downloads\FRST.txt
2014-10-12 10:52 - 2014-10-12 11:10 - 00000000 ____D () C:\FRST
2014-10-12 10:51 - 2014-10-12 10:51 - 02109952 _____ (Farbar) C:\Users\h3ll-r4z0r\Downloads\FRST64.exe
2014-10-12 10:37 - 2014-10-12 10:37 - 00000823 _____ () C:\Users\h3ll-r4z0r\Desktop\JRT.txt
2014-10-12 10:34 - 2014-10-12 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-10-12 10:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-12 10:31 - 2014-10-12 10:32 - 00000000 ____D () C:\AdwCleaner
2014-10-12 10:31 - 2014-10-12 10:31 - 01705755 _____ (Thisisu) C:\Users\h3ll-r4z0r\Downloads\JRT.exe
2014-10-12 10:31 - 2014-10-12 10:31 - 01375089 _____ () C:\Users\h3ll-r4z0r\Downloads\AdwCleaner_3.311.exe
2014-10-12 10:23 - 2014-10-12 10:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-10-12 10:22 - 2014-10-12 10:22 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-12 10:22 - 2014-10-12 10:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-12 10:21 - 2014-10-12 10:22 - 14087848 _____ (Microsoft Corporation) C:\Users\h3ll-r4z0r\Downloads\mseinstall.exe
2014-10-11 18:38 - 2014-10-11 18:38 - 00275760 _____ () C:\Windows\Minidump\101114-16707-01.dmp
2014-10-11 14:30 - 2014-10-11 14:30 - 00275760 _____ () C:\Windows\Minidump\101114-14913-01.dmp
2014-10-09 19:56 - 2014-10-09 19:56 - 00062096 _____ () C:\Windows\SysWOW64\CCCInstall_201410091956357447.log
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\ProgramData\ATI
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-08 20:19 - 2014-10-08 20:19 - 00275760 _____ () C:\Windows\Minidump\100814-16707-01.dmp
2014-09-27 22:24 - 2014-09-27 22:24 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-09-27 22:24 - 2014-09-27 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-27 22:23 - 2014-09-27 22:25 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Riot Games
2014-09-27 22:23 - 2014-09-27 22:23 - 30668968 _____ (Riot Games) C:\Users\h3ll-r4z0r\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2014-09-24 22:10 - 2014-09-24 22:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-24 22:10 - 2014-09-24 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 16:53 - 2014-09-21 16:53 - 00275760 _____ () C:\Windows\Minidump\092114-14461-01.dmp
2014-09-19 22:03 - 2014-09-19 23:20 - 00000655 _____ () C:\Users\h3ll-r4z0r\Documents\AutoHotkey.ahk
2014-09-19 22:03 - 2014-09-19 22:03 - 02047357 _____ () C:\Users\h3ll-r4z0r\Downloads\AutoHotkey104805_Install.exe
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-09-19 21:05 - 2014-09-19 21:05 - 00275760 _____ () C:\Windows\Minidump\091914-13572-01.dmp
2014-09-16 00:32 - 2014-09-16 00:32 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-09-16 00:29 - 2014-09-16 00:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-16 00:26 - 2014-09-16 00:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-16 00:18 - 2014-09-16 00:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-09-16 00:18 - 2014-09-16 00:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-16 00:16 - 2014-09-16 00:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-16 00:16 - 2014-09-16 00:16 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-16 00:13 - 2014-09-16 00:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-16 00:08 - 2014-09-16 00:08 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-16 00:07 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-16 00:07 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-16 00:07 - 2014-09-16 00:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-16 00:07 - 2014-09-16 00:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-16 00:06 - 2014-09-16 00:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-16 00:05 - 2014-09-16 00:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-16 00:03 - 2014-09-16 00:03 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-09-16 00:03 - 2014-09-16 00:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-09-16 00:03 - 2014-09-16 00:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-16 00:00 - 2014-09-16 00:00 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-15 23:59 - 2014-09-15 23:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-15 23:58 - 2014-09-15 23:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-15 18:21 - 2014-09-15 18:21 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-09-15 18:19 - 2014-09-15 18:19 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2014-09-13 17:39 - 2014-09-13 17:39 - 00000000 ____D () C:\Users\h3ll-r4z0r\Desktop\LUFTRAUSERSWIN32_1395159852
2014-09-13 17:38 - 2014-09-13 16:50 - 63112102 _____ () C:\Users\h3ll-r4z0r\Desktop\LUFTRAUSERSWIN32_1395159852.zip
2014-09-13 16:50 - 2014-09-13 16:50 - 63112102 _____ () C:\Users\h3ll-r4z0r\Downloads\LUFTRAUSERSWIN32_1395159852.zip
2014-09-12 00:28 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:28 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:28 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:28 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:28 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:28 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:28 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:28 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:28 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:28 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:28 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:28 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:28 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:28 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:28 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:28 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:28 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:28 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:28 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:28 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:28 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:28 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:28 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:28 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:28 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:28 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:28 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:28 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:28 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:28 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:28 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:28 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:28 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:28 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:28 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:28 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:28 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:28 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:28 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:28 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:28 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:28 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:28 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:28 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:28 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:28 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:28 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:28 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:28 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 11:04 - 2013-07-25 21:30 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\TS3Client
2014-10-12 10:41 - 2014-03-24 21:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 10:41 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 10:41 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 10:39 - 2013-03-30 17:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 10:37 - 2013-03-30 16:50 - 01771175 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 10:33 - 2013-04-10 20:20 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 10:33 - 2010-11-21 05:47 - 00123938 _____ () C:\Windows\PFRO.log
2014-10-12 10:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-12 10:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 10:33 - 2009-07-14 06:51 - 00101840 _____ () C:\Windows\setupact.log
2014-10-12 10:32 - 2013-06-25 22:39 - 00001327 _____ () C:\Users\Public\Desktop\Pro Pinball - Timeshock!.lnk
2014-10-12 10:26 - 2014-09-07 00:19 - 00000000 ____D () C:\ProgramData\OwboZehpo
2014-10-12 10:26 - 2013-04-10 20:20 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 10:22 - 2013-04-04 01:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-12 10:12 - 2014-07-31 10:36 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Raptr
2014-10-12 00:43 - 2013-03-30 18:03 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Skype
2014-10-12 00:09 - 2013-04-07 18:11 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\DC++
2014-10-12 00:09 - 2013-04-07 18:11 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\DC++
2014-10-11 18:39 - 2013-03-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Everything
2014-10-11 18:38 - 2013-06-20 08:04 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 19:56 - 2013-03-30 17:28 - 00000000 ____D () C:\ProgramData\AMD
2014-10-09 19:56 - 2013-03-30 17:22 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-09 19:52 - 2014-05-01 01:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-09 19:50 - 2013-04-03 21:37 - 00000000 ____D () C:\AMD
2014-10-07 20:34 - 2013-06-20 21:16 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\JDownloader v2.0
2014-10-05 13:20 - 2013-03-30 17:56 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\vlc
2014-10-05 11:58 - 2013-12-16 20:29 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\Battle.net
2014-10-04 19:57 - 2014-08-04 23:39 - 00001746 _____ () C:\Users\h3ll-r4z0r\Desktop\MPC-HC x64.lnk
2014-10-04 19:57 - 2014-07-28 19:17 - 00000974 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2014-10-04 19:57 - 2013-10-12 13:56 - 00002090 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-10-04 19:57 - 2013-07-25 21:13 - 00001011 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-10-03 11:31 - 2013-12-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-28 22:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-28 20:37 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-28 20:37 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-28 20:37 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 19:31 - 2013-04-10 20:20 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 22:10 - 2014-03-05 15:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-24 22:10 - 2013-03-30 18:02 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 20:16 - 2014-09-04 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 15:02 - 2013-03-30 17:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-20 15:02 - 2013-03-30 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-20 15:02 - 2013-03-30 17:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-20 14:38 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 22:03 - 2011-04-12 09:55 - 00000000 ____D () C:\Windows\ShellNew
2014-09-17 23:02 - 2013-12-07 21:10 - 00000000 ____D () C:\Users\h3ll-r4z0r\Documents\NCSOFT
2014-09-17 23:02 - 2013-12-06 01:09 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\NCSOFT
2014-09-16 00:32 - 2014-04-18 04:43 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-09-16 00:31 - 2012-11-07 00:08 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-09-16 00:31 - 2012-11-06 23:29 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-16 00:31 - 2012-11-06 23:27 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-09-16 00:31 - 2012-11-06 23:25 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-16 00:31 - 2012-11-06 23:09 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-09-16 00:31 - 2012-11-06 23:05 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-09-16 00:00 - 2014-04-18 03:08 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-09-12 00:28 - 2013-05-12 09:21 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:27 - 2013-08-15 00:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:24 - 2013-03-30 23:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\h3ll-r4z0r\AppData\Local\Temp\cbfe539f1369ca2b276ecd04dcc8a157.dll
C:\Users\h3ll-r4z0r\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\h3ll-r4z0r\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\msvcr71.dll
C:\Users\h3ll-r4z0r\AppData\Local\Temp\MyRouter.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\NoUAC.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\proxy_vole736070538240284474.dll
C:\Users\h3ll-r4z0r\AppData\Local\Temp\Quarantine.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\raptrpatch.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\raptr_stub.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\SkypeSetup.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\tmp4EF.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\unicows.dll
C:\Users\h3ll-r4z0r\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\x2blapi.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 21:52

==================== End Of Log ============================
Addition.txt
Code:
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33394 - BitTorrent Inc.)
10,000,000 (HKLM-x32\...\Steam App 227580) (Version:  - EightyEightGames)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A.V.A - Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - RED DUCK Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71106.1646 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - )
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - )
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)
Borderlands 2  Game of the Year Edition Incl. All DLCs and Updates MULTI-2 1.8.1 (HKLM-x32\...\Borderlands 2  Game of the Year Edition Incl. All DLCs and Updates MULTI-2 1.8.1) (Version:  - )
Borderlands 2 Update 23 (v1.8.2) v1.8.2 (HKLM-x32\...\Borderlands 2 Update 23 (v1.8.2) v1.8.2) (Version:  - )
Burnout(TM) Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
calibre (HKLM-x32\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
Capsized (HKLM-x32\...\Steam App 95300) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - Nicalis)
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Darwinia (HKLM-x32\...\Steam App 1500) (Version:  - Introversion Software)
DC++ 0.843 (HKLM-x32\...\DC++) (Version: 0.843 - Jacek Sieka)
DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Devil May Cry 3: Special Edition (HKLM-x32\...\Steam App 6550) (Version:  - CAPCOM Co., Ltd.)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PhpStorm 7.1.3 (HKLM-x32\...\PhpStorm 7.1.3) (Version: 133.982 - JetBrains s.r.o.)
Joe Danger 2: The Movie (HKLM-x32\...\Steam App 242110) (Version:  - Hello Games)
La-Mulana (HKLM-x32\...\Steam App 230700) (Version:  - NIGORO)
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - )
Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version:  - Jasper Byrne)
LUFTRAUSERS (HKLM-x32\...\Steam App 233150) (Version:  - Vlambeer)
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)
Magic: The Gathering — Duels of the Planeswalkers 2012 (HKLM-x32\...\Steam App 49470) (Version:  - Stainless Games Ltd)
Magic: The Gathering - Duels of the Planeswalkers 2013 (HKLM-x32\...\Steam App 97330) (Version:  - Stainless Games)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
McPixel (HKLM-x32\...\Steam App 220860) (Version:  - Sos)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 6.2.0 (HKLM-x32\...\MKVToolNix) (Version: 6.2.0 - Moritz Bunkus)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.10.00.03 - Huawei Technologies Co.,Ltd)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
Multiwinia (HKLM-x32\...\Steam App 1530) (Version:  - Introversion Software)
My Game Long Name (HKLM\...\UDK-5a70fb9a-cd05-4ee8-ae69-3e1a7541b142) (Version:  - Epic Games, Inc.)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oil Rush (HKLM-x32\...\Steam App 200390) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.6.28352 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version:  - )
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version:  - Zen Studios)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Pro Pinball - Timeshock! (HKLM-x32\...\Pro Pinball - Timeshock!_is1) (Version:  - GOG.com)
Proteus (HKLM-x32\...\Steam App 219680) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Really Big Sky (HKLM-x32\...\Steam App 201570) (Version:  - Boss Baddie)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Runespell: Overture (HKLM-x32\...\Steam App 102200) (Version:  - Mystic Box)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version:  - DPad Studios)
Shadow Warrior Classic (1997) (HKLM-x32\...\Steam App 238070) (Version:  - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartPower (HKLM-x32\...\{E5DFADB4-AECD-49E9-BAF3-ED7AD6393CBE}) (Version: 1.5.2 - James Chiffey (Ignatu Software))
SpaceChem (HKLM-x32\...\Steam App 92800) (Version:  - Zachtronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.445.23476 - SteelSeries)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - )
Syder Arcade (HKLM-x32\...\Steam App 252310) (Version:  - Studio Evil)
Tales from Space: Mutant Blobs Attack (HKLM-x32\...\Steam App 206370) (Version:  - DrinkBox Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - )
Turba (HKLM-x32\...\Steam App 58400) (Version:  - Binary Takeover)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WM Recorder (HKLM-x32\...\WM Recorder14.10) (Version: 14.10 - AllAlex, Inc)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-09-2014 23:03:16 Windows Update
03-10-2014 20:20:07 Windows Update
07-10-2014 22:11:02 Windows Update
09-10-2014 17:51:51 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
09-10-2014 17:52:31 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
12-10-2014 08:26:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-04-12 22:40 - 00000854 ___RH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 secure.applian.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1452E015-8874-41B5-B58A-9EC975B8D1C3} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {6F086F56-9C7F-4FC9-B3D2-2AAECE433DF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {9944BF9C-4729-4EC5-8C51-8666D9834351} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-20] (Adobe Systems Incorporated)
Task: {E4827331-7AE0-4B14-8BEB-BDE559D5191D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-20 16:23 - 2014-04-20 16:23 - 00230240 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2013-06-11 18:21 - 2013-06-11 18:21 - 00032768 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe
2009-03-13 03:18 - 2009-03-13 03:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe
2013-06-11 18:21 - 2013-06-11 18:21 - 00044544 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 05502720 _____ () C:\Program Files\Sublime Text 3\sublime_text.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 00595456 _____ () C:\Program Files\Sublime Text 3\plugin_host.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 01065472 _____ () C:\Program Files\Sublime Text 3\_hashlib.pyd
2013-06-11 18:21 - 2013-06-11 18:21 - 00025088 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.Settings.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 19:30 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 19:30 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 19:30 - 2014-09-23 06:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
2014-06-22 15:38 - 2014-06-22 15:38 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-22 15:38 - 2014-06-22 15:38 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-22 15:38 - 2014-06-22 15:38 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\startupreg: bluebirds => C:\Users\h3ll-r4z0r\Bluebirds\BlueBirds.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "F:\INCOMING\_GAMES\Steam\Steam.exe" -silent
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-3451941310-4175689731-257133520-500 - Administrator - Disabled)
Gast (S-1-5-21-3451941310-4175689731-257133520-501 - Limited - Disabled)
h3ll-r4z0r (S-1-5-21-3451941310-4175689731-257133520-1000 - Administrator - Enabled) => C:\Users\h3ll-r4z0r
HomeGroupUser$ (S-1-5-21-3451941310-4175689731-257133520-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 802.11n-USB-Drahtlos-LAN-Karte #6
Description: 802.11n-USB-Drahtlos-LAN-Karte
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28ux
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: D-Link Router
Description: D-Link Router
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 36%
Total physical RAM: 6061.59 MB
Available physical RAM: 3849.16 MB
Total Pagefile: 12121.37 MB
Available Pagefile: 9372.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.18 GB) (Free:21.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Incoming) (Fixed) (Total:478.99 GB) (Free:161.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2CC6C3BB)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=479 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Vielen Dank im Voraus!

schrauber 12.10.2014 10:18
hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Malte.Hommes 12.10.2014 11:47
Hi,

Security Essentials lässt sich wieder starten. Habe Real Time Protection ausgeschaltet und folgende Logs wurde erstellt:

Fixlog
Code:
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
ComboFix
Code:
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-09-12 bis 2014-10-12  ))))))))))))))))))))))))))))))
.
.
2014-10-12 10:42 . 2014-10-12 10:42        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-10-12 08:52 . 2014-10-12 10:23        --------        d-----w-        C:\FRST
2014-10-12 08:34 . 2014-10-12 08:34        --------        d-----w-        c:\windows\ERUNT
2014-10-12 08:32 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-10-12 08:31 . 2014-10-12 08:32        --------        d-----w-        C:\AdwCleaner
2014-10-12 08:26 . 2014-10-12 08:26        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06CEE9B4-B768-4F1C-A6C4-75EB48B6D6FD}\gapaengine.dll
2014-10-12 08:26 . 2014-09-08 17:06        11578928        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EED56E76-58CB-42DE-B1D4-97F0EB88F3F2}\mpengine.dll
2014-10-12 08:22 . 2014-10-12 08:22        --------        d-----w-        c:\program files (x86)\Microsoft Security Client
2014-10-10 21:23 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED605943-60D6-448A-9737-DB20F48BB541}\mpengine.dll
2014-10-09 17:56 . 2014-10-09 17:56        --------        d-----w-        c:\programdata\ATI
2014-10-09 17:56 . 2014-10-09 17:56        --------        d-----w-        c:\program files (x86)\AMD AVT
2014-09-27 20:23 . 2014-09-27 20:25        --------        d-----w-        c:\users\h3ll-r4z0r\AppData\Roaming\Riot Games
2014-09-24 20:10 . 2014-09-24 20:10        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-09-24 20:10 . 2014-09-24 20:10        --------        d-----r-        c:\program files (x86)\Skype
2014-09-19 20:03 . 2014-09-19 20:03        --------        d-----w-        c:\program files (x86)\AutoHotkey
2014-09-15 22:32 . 2014-09-15 22:32        128384        ----a-w-        c:\windows\system32\amdhcp64.dll
2014-09-15 22:32 . 2014-09-15 22:32        78432        ----a-w-        c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32        78432        ----a-w-        c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32        71704        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32        71704        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2014-09-15 22:31        118096        ----a-w-        c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2014-09-15 22:31        8044976        ----a-w-        c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2014-09-15 22:31        8296296        ----a-w-        c:\windows\system32\atiumd64.dll
2014-09-15 22:29 . 2014-09-15 22:29        293088        ----a-w-        c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26        16750080        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18        235008        ----a-w-        c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18        98816        ----a-w-        c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17        83456        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17        86528        ----a-w-        c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17        73216        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17        33867264        ----a-w-        c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17        28770304        ----a-w-        c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16        65024        ----a-w-        c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16        58880        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13        27918336        ----a-w-        c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09        48128        ----a-w-        c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09        37888        ----a-w-        c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09        127488        ----a-w-        c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09        113664        ----a-w-        c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09        5639168        ----a-w-        c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08        23375360        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07        367104        ----a-w-        c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07        62464        ----a-w-        c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07        52224        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07        55808        ----a-w-        c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07        49152        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07        15716352        ----a-w-        c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06        14302208        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05        4480000        ----a-w-        c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2014-09-15 22:03        442368        ----a-w-        c:\windows\system32\atidemgy.dll
2014-09-15 22:03 . 2014-09-15 22:03        31232        ----a-w-        c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03        619008        ----a-w-        c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03        239616        ----a-w-        c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03        91648        ----a-w-        c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03        85504        ----a-w-        c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03        190976        ----a-w-        c:\windows\system32\atitmm64.dll
2014-09-15 22:00 . 2014-09-15 22:00        95744        ----a-w-        c:\windows\system32\amdave64.dll
2014-09-15 21:59 . 2014-09-15 21:59        89088        ----a-w-        c:\windows\system32\atisamu64.dll
2014-09-15 21:59 . 2014-09-15 21:59        80896        ----a-w-        c:\windows\SysWow64\atisamu32.dll
2014-09-15 21:59 . 2014-09-15 21:59        827392        ----a-w-        c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2014-09-15 21:59        1210880        ----a-w-        c:\windows\system32\atiadlxx.dll
2014-09-15 21:59 . 2014-09-15 21:59        900608        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59        75264        ----a-w-        c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59        69632        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59        69632        ----a-w-        c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59        146944        ----a-w-        c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59        133632        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59        576000        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58        43520        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2014-09-15 16:21 . 2014-09-15 16:21        51200        ----a-w-        c:\windows\system32\kdbsdk64.dll
2014-09-15 16:19 . 2014-09-15 16:19        38912        ----a-w-        c:\windows\SysWow64\kdbsdk32.dll
2014-09-13 15:39 . 2014-09-20 10:21        --------        d-----w-        c:\users\h3ll-r4z0r\AppData\Roaming\.LUFTRAUSERS
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-12 08:41 . 2014-03-24 19:28        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-22 06:42 . 2010-11-21 03:27        278152        ------w-        c:\windows\system32\MpSigStub.exe
2014-09-20 13:02 . 2013-03-30 15:46        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-20 13:02 . 2013-03-30 15:46        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 22:32 . 2014-04-18 02:43        118096        ----a-w-        c:\windows\SysWow64\amdhcp32.dll
2014-09-15 22:31 . 2012-11-06 20:54        144328        ----a-w-        c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2012-11-06 20:54        126848        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2012-11-06 20:54        100032        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2012-11-06 21:27        1335544        ----a-w-        c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2012-11-06 21:29        1113576        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2012-11-06 21:09        10826488        ----a-w-        c:\windows\system32\atidxx64.dll
2014-09-15 22:31 . 2012-11-06 21:25        9254184        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:31 . 2012-11-06 21:05        7207592        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2012-11-06 22:08        7028336        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:00 . 2014-04-18 01:08        90112        ----a-w-        c:\windows\SysWow64\amdave32.dll
2014-09-11 22:24 . 2013-03-30 21:50        101694776        ----a-w-        c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-27 22:09        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 22:09        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-27 22:09        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-11 22:28        374968        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-11 22:28        23591424        ----a-w-        c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-11 22:28        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-11 22:28        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-11 22:28        2793984        ----a-w-        c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-11 22:28        5833728        ----a-w-        c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-11 22:28        547328        ----a-w-        c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-11 22:28        66048        ----a-w-        c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-11 22:28        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-11 22:28        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-11 22:28        51200        ----a-w-        c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-11 22:28        4232704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-11 22:28        33792        ----a-w-        c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-11 22:28        596480        ----a-w-        c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-11 22:28        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-11 22:28        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-11 22:28        758272        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-11 22:28        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-11 22:28        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-11 22:28        446464        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-11 22:28        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-11 22:28        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-11 22:28        72704        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-11 22:28        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-11 22:28        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-11 22:28        195584        ----a-w-        c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-11 22:28        85504        ----a-w-        c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-11 22:28        289280        ----a-w-        c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-11 22:28        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-11 22:28        597504        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-11 22:28        727040        ----a-w-        c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-11 22:28        707072        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-11 22:28        2104832        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-11 22:28        1249280        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-11 22:28        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-11 22:28        13588480        ----a-w-        c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-11 22:28        2310656        ----a-w-        c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-11 22:28        2014208        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-11 22:28        1068032        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-11 22:28        1447424        ----a-w-        c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-11 22:28        1812992        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-11 22:28        775168        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 16:05 . 2014-07-17 16:05        269008        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2014-07-17 16:05        125584        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-16 03:23 . 2014-08-13 17:09        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 17:09        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2013-05-28 21:49 . 2013-05-28 21:49        14880256        ----a-w-        c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"SmartPower Idle Monitor"="c:\program files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe" [2013-06-11 44544]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-5-28 14880256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 cpuz137;cpuz137;c:\users\H3LL-R~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\H3LL-R~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 SmartPower;SmartPower;c:\program files (x86)\Ignatu Software\SmartPower\SmartPower.exe;c:\program files (x86)\Ignatu Software\SmartPower\SmartPower.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 17:28        1096520        ----a-w-        c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-30 13:02]
.
2014-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 18:20]
.
2014-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 18:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{06669229-3373-4909-A052-AD1F3A472F25}: NameServer = 192.168.150.1
TCP: Interfaces\{146D51C1-8851-4C4B-B1CA-8522C0BDA0E0}: NameServer = 192.168.150.1
TCP: Interfaces\{76B2A96F-DAC8-423A-9021-5F2FDA6DF455}: NameServer = 192.168.99.1
TCP: Interfaces\{C6DD2EFD-6FDB-4D05-AE8F-6F99B4629911}: NameServer = 192.168.150.1
FF - ProfilePath - c:\users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.linuxmint.com/start/nadia
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Borderlands 2  Game of the Year Edition Incl. All DLCs and Updates MULTI-2 1.8.1 - f:\incoming\_GAMES\Borderlands 2 Game of the Year Edition\Uninstall.exe
AddRemove-Borderlands 2 Update 23 (v1.8.2) v1.8.2 - f:\incoming\_GAMES\Borderlands 2 Game of the Year Edition\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3451941310-4175689731-257133520-1000\Software\SecuROM\License information*]
"datasecu"=hex:0b,63,1d,3f,f4,b4,ee,01,98,3d,fc,74,a8,d4,b5,42,6a,50,f6,0f,0c,
  ae,e4,7f,65,4e,65,e9,1f,3d,d4,93,50,aa,de,28,0f,73,b5,0f,de,ed,6d,5f,82,ba,\
"rkeysecu"=hex:cd,70,c9,e7,40,88,66,9e,b2,b0,b8,87,9b,49,2d,a7
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-12  12:44:16
ComboFix-quarantined-files.txt  2014-10-12 10:44
.
Vor Suchlauf: 13 Verzeichnis(se), 22.996.398.080 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 24.257.163.264 Bytes frei
.
- - End Of File - - 36F014E04A4C6C0AE69F6CB98EA0B61F
A36C5E4F47E84449FF07ED3517B43A31
Danke für die Hilfe!

schrauber 13.10.2014 09:17
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Malte.Hommes 13.10.2014 19:28
Hallo,

MBAM-Log
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.10.2014
Suchlauf-Zeit: 19:21:25
Logdatei: malware.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.13.06
Rootkit Datenbank: v2014.10.11.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: h3ll-r4z0r

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315433
Verstrichene Zeit: 11 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
ADW-Log
Code:
***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v31.0 (x86 en-US)


-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [3125 octets] - [12/10/2014 10:31:22]
AdwCleaner[R1].txt - [949 octets] - [13/10/2014 20:14:02]
AdwCleaner[S0].txt - [2972 octets] - [12/10/2014 10:32:16]
AdwCleaner[S1].txt - [863 octets] - [13/10/2014 20:18:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [922 octets] ##########
JRT-Log
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Professional x64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.10.2014 at 20:24:11,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST-Log

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by h3ll-r4z0r (administrator) on H3LL-R4Z0R-PC on 13-10-2014 20:26:10
Running from C:\Users\h3ll-r4z0r\Downloads
Loaded Profile: h3ll-r4z0r (Available profiles: h3ll-r4z0r)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Windows\DAODx.exe
() C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Sublime Text 3\sublime_text.exe
() C:\Program Files (x86)\Everything\Everything.exe
() C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe
() C:\Program Files\Sublime Text 3\plugin_host.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [SmartPower Idle Monitor] => C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe [44544 2013-06-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{06669229-3373-4909-A052-AD1F3A472F25}: [NameServer] 192.168.150.1
Tcpip\..\Interfaces\{146D51C1-8851-4C4B-B1CA-8522C0BDA0E0}: [NameServer] 192.168.150.1
Tcpip\..\Interfaces\{76B2A96F-DAC8-423A-9021-5F2FDA6DF455}: [NameServer] 192.168.99.1
Tcpip\..\Interfaces\{C6DD2EFD-6FDB-4D05-AE8F-6F99B4629911}: [NameServer] 192.168.150.1

FireFox:
========
FF ProfilePath: C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: DuckDuckGo
FF Homepage: hxxp://www.linuxmint.com/start/nadia
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\h3ll-r4z0r\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: German Dictionary - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-09]
FF Extension: LastPass - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\support@lastpass.com [2014-08-31]
FF Extension: feedly - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\feedly@devhd.xpi [2013-05-17]
FF Extension: Firebug - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-21]
FF Extension: YouTube Center - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-12-03]
FF Extension: Adblock Edge - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.linuxmint.com/start/nadia
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Profile: C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-10]
CHR Extension: (Google Drive) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-10]
CHR Extension: (Google Search) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-10]
CHR Extension: (AdBlock) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-06-03]
CHR Extension: (Fauxbar) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibkhcnpkakjniplpfblaoikiggkopka [2014-09-29]
CHR Extension: (LastPass Vault) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2013-07-12]
CHR Extension: (Google Wallet) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-05-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2014-04-20] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SmartPower; C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe [32768 2013-06-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\H3LL-R~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 20:24 - 2014-10-13 20:24 - 00000630 _____ () C:\Users\h3ll-r4z0r\Desktop\JRT.txt
2014-10-13 20:13 - 2014-10-13 20:13 - 01976320 _____ () C:\Users\h3ll-r4z0r\Downloads\AdwCleaner_4.000.exe
2014-10-13 20:12 - 2014-10-13 20:12 - 00001167 _____ () C:\Users\h3ll-r4z0r\Desktop\malware.txt
2014-10-13 19:19 - 2014-10-13 19:19 - 00000000 ____D () C:\Users\h3ll-r4z0r\Downloads\FRST-OlderVersion
2014-10-12 12:44 - 2014-10-12 12:44 - 00026538 _____ () C:\ComboFix.txt
2014-10-12 12:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-12 12:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-12 12:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-12 12:32 - 2014-10-12 12:44 - 00000000 ____D () C:\Qoobox
2014-10-12 12:32 - 2014-10-12 12:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-12 10:53 - 2014-10-12 11:11 - 00027540 _____ () C:\Users\h3ll-r4z0r\Downloads\Addition.txt
2014-10-12 10:52 - 2014-10-13 20:26 - 00012932 _____ () C:\Users\h3ll-r4z0r\Downloads\FRST.txt
2014-10-12 10:52 - 2014-10-13 20:26 - 00000000 ____D () C:\FRST
2014-10-12 10:51 - 2014-10-13 19:19 - 02110464 _____ (Farbar) C:\Users\h3ll-r4z0r\Downloads\FRST64.exe
2014-10-12 10:34 - 2014-10-12 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-10-12 10:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-12 10:31 - 2014-10-13 20:18 - 00000000 ____D () C:\AdwCleaner
2014-10-12 10:31 - 2014-10-12 10:31 - 01705755 _____ (Thisisu) C:\Users\h3ll-r4z0r\Downloads\JRT.exe
2014-10-12 10:23 - 2014-10-12 10:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-10-12 10:22 - 2014-10-12 10:22 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-12 10:22 - 2014-10-12 10:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-12 10:21 - 2014-10-12 10:22 - 14087848 _____ (Microsoft Corporation) C:\Users\h3ll-r4z0r\Downloads\mseinstall.exe
2014-10-11 18:38 - 2014-10-11 18:38 - 00275760 _____ () C:\Windows\Minidump\101114-16707-01.dmp
2014-10-11 14:30 - 2014-10-11 14:30 - 00275760 _____ () C:\Windows\Minidump\101114-14913-01.dmp
2014-10-09 19:56 - 2014-10-09 19:56 - 00062096 _____ () C:\Windows\SysWOW64\CCCInstall_201410091956357447.log
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\ProgramData\ATI
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-08 20:19 - 2014-10-08 20:19 - 00275760 _____ () C:\Windows\Minidump\100814-16707-01.dmp
2014-09-27 22:24 - 2014-09-27 22:24 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-09-27 22:24 - 2014-09-27 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-27 22:23 - 2014-09-27 22:25 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Riot Games
2014-09-27 22:23 - 2014-09-27 22:23 - 30668968 _____ (Riot Games) C:\Users\h3ll-r4z0r\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2014-09-24 22:10 - 2014-09-24 22:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-24 22:10 - 2014-09-24 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 16:53 - 2014-09-21 16:53 - 00275760 _____ () C:\Windows\Minidump\092114-14461-01.dmp
2014-09-19 22:03 - 2014-09-19 23:20 - 00000655 _____ () C:\Users\h3ll-r4z0r\Documents\AutoHotkey.ahk
2014-09-19 22:03 - 2014-09-19 22:03 - 02047357 _____ () C:\Users\h3ll-r4z0r\Downloads\AutoHotkey104805_Install.exe
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-09-19 21:05 - 2014-09-19 21:05 - 00275760 _____ () C:\Windows\Minidump\091914-13572-01.dmp
2014-09-16 00:32 - 2014-09-16 00:32 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-09-16 00:29 - 2014-09-16 00:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-16 00:26 - 2014-09-16 00:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-16 00:18 - 2014-09-16 00:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-09-16 00:18 - 2014-09-16 00:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-16 00:16 - 2014-09-16 00:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-16 00:16 - 2014-09-16 00:16 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-16 00:13 - 2014-09-16 00:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-16 00:08 - 2014-09-16 00:08 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-16 00:07 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-16 00:07 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-16 00:07 - 2014-09-16 00:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-16 00:07 - 2014-09-16 00:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-16 00:06 - 2014-09-16 00:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-16 00:05 - 2014-09-16 00:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-16 00:03 - 2014-09-16 00:03 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-09-16 00:03 - 2014-09-16 00:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-09-16 00:03 - 2014-09-16 00:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-16 00:00 - 2014-09-16 00:00 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-15 23:59 - 2014-09-15 23:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-15 23:58 - 2014-09-15 23:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-15 18:21 - 2014-09-15 18:21 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-09-15 18:19 - 2014-09-15 18:19 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2014-09-13 17:39 - 2014-09-13 17:39 - 00000000 ____D () C:\Users\h3ll-r4z0r\Desktop\LUFTRAUSERSWIN32_1395159852
2014-09-13 17:38 - 2014-09-13 16:50 - 63112102 _____ () C:\Users\h3ll-r4z0r\Desktop\LUFTRAUSERSWIN32_1395159852.zip
2014-09-13 16:50 - 2014-09-13 16:50 - 63112102 _____ () C:\Users\h3ll-r4z0r\Downloads\LUFTRAUSERSWIN32_1395159852.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 20:26 - 2013-04-10 20:20 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 20:23 - 2013-03-30 16:50 - 01898746 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 20:19 - 2013-04-10 20:20 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 20:19 - 2010-11-21 05:47 - 00125056 _____ () C:\Windows\PFRO.log
2014-10-13 20:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 20:19 - 2009-07-14 06:51 - 00102008 _____ () C:\Windows\setupact.log
2014-10-13 20:13 - 2013-03-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Everything
2014-10-13 19:39 - 2013-03-30 17:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 19:25 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 19:25 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 19:21 - 2014-03-24 21:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 20:20 - 2013-04-01 00:03 - 00007593 _____ () C:\Users\h3ll-r4z0r\AppData\Local\Resmon.ResmonCfg
2014-10-12 16:15 - 2013-03-30 18:03 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Skype
2014-10-12 15:42 - 2013-07-25 21:30 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\TS3Client
2014-10-12 12:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-12 12:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 10:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-12 10:32 - 2013-06-25 22:39 - 00001327 _____ () C:\Users\Public\Desktop\Pro Pinball - Timeshock!.lnk
2014-10-12 10:26 - 2014-09-07 00:19 - 00000000 ____D () C:\ProgramData\OwboZehpo
2014-10-12 10:22 - 2013-04-04 01:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-12 10:12 - 2014-07-31 10:36 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Raptr
2014-10-12 00:09 - 2013-04-07 18:11 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\DC++
2014-10-12 00:09 - 2013-04-07 18:11 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\DC++
2014-10-11 18:38 - 2013-06-20 08:04 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 19:56 - 2013-03-30 17:28 - 00000000 ____D () C:\ProgramData\AMD
2014-10-09 19:56 - 2013-03-30 17:22 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-09 19:52 - 2014-05-01 01:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-09 19:50 - 2013-04-03 21:37 - 00000000 ____D () C:\AMD
2014-10-07 20:34 - 2013-06-20 21:16 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\JDownloader v2.0
2014-10-05 13:20 - 2013-03-30 17:56 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\vlc
2014-10-05 11:58 - 2013-12-16 20:29 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\Battle.net
2014-10-04 19:57 - 2014-08-04 23:39 - 00001746 _____ () C:\Users\h3ll-r4z0r\Desktop\MPC-HC x64.lnk
2014-10-04 19:57 - 2014-07-28 19:17 - 00000974 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2014-10-04 19:57 - 2013-10-12 13:56 - 00002090 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-10-04 19:57 - 2013-07-25 21:13 - 00001011 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-10-03 11:31 - 2013-12-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-28 22:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-28 20:37 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-28 20:37 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-28 20:37 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 19:31 - 2013-04-10 20:20 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 22:10 - 2014-03-05 15:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-24 22:10 - 2013-03-30 18:02 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 20:16 - 2014-09-04 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 15:02 - 2013-03-30 17:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-20 15:02 - 2013-03-30 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-20 15:02 - 2013-03-30 17:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-20 14:38 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 22:03 - 2011-04-12 09:55 - 00000000 ____D () C:\Windows\ShellNew
2014-09-17 23:02 - 2013-12-07 21:10 - 00000000 ____D () C:\Users\h3ll-r4z0r\Documents\NCSOFT
2014-09-17 23:02 - 2013-12-06 01:09 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\NCSOFT
2014-09-16 00:32 - 2014-04-18 04:43 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-09-16 00:31 - 2012-11-07 00:08 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-09-16 00:31 - 2012-11-06 23:29 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-16 00:31 - 2012-11-06 23:27 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-09-16 00:31 - 2012-11-06 23:25 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-16 00:31 - 2012-11-06 23:09 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-09-16 00:31 - 2012-11-06 23:05 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-09-16 00:00 - 2014-04-18 03:08 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll

Some content of TEMP:
====================
C:\Users\h3ll-r4z0r\AppData\Local\Temp\Quarantine.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 21:52

==================== End Of Log ============================
--- --- ---


Additional-Log
Code:
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33394 - BitTorrent Inc.)
10,000,000 (HKLM-x32\...\Steam App 227580) (Version:  - EightyEightGames)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A.V.A - Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - RED DUCK Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71106.1646 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - )
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - )
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)
Borderlands 2  Game of the Year Edition Incl. All DLCs and Updates MULTI-2 1.8.1 (HKLM-x32\...\Borderlands 2  Game of the Year Edition Incl. All DLCs and Updates MULTI-2 1.8.1) (Version:  - )
Borderlands 2 Update 23 (v1.8.2) v1.8.2 (HKLM-x32\...\Borderlands 2 Update 23 (v1.8.2) v1.8.2) (Version:  - )
Burnout(TM) Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
calibre (HKLM-x32\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
Capsized (HKLM-x32\...\Steam App 95300) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - Nicalis)
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Darwinia (HKLM-x32\...\Steam App 1500) (Version:  - Introversion Software)
DC++ 0.843 (HKLM-x32\...\DC++) (Version: 0.843 - Jacek Sieka)
DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Devil May Cry 3: Special Edition (HKLM-x32\...\Steam App 6550) (Version:  - CAPCOM Co., Ltd.)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PhpStorm 7.1.3 (HKLM-x32\...\PhpStorm 7.1.3) (Version: 133.982 - JetBrains s.r.o.)
Joe Danger 2: The Movie (HKLM-x32\...\Steam App 242110) (Version:  - Hello Games)
La-Mulana (HKLM-x32\...\Steam App 230700) (Version:  - NIGORO)
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - )
Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version:  - Jasper Byrne)
LUFTRAUSERS (HKLM-x32\...\Steam App 233150) (Version:  - Vlambeer)
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)
Magic: The Gathering — Duels of the Planeswalkers 2012 (HKLM-x32\...\Steam App 49470) (Version:  - Stainless Games Ltd)
Magic: The Gathering - Duels of the Planeswalkers 2013 (HKLM-x32\...\Steam App 97330) (Version:  - Stainless Games)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
McPixel (HKLM-x32\...\Steam App 220860) (Version:  - Sos)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 6.2.0 (HKLM-x32\...\MKVToolNix) (Version: 6.2.0 - Moritz Bunkus)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.10.00.03 - Huawei Technologies Co.,Ltd)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
Multiwinia (HKLM-x32\...\Steam App 1530) (Version:  - Introversion Software)
My Game Long Name (HKLM\...\UDK-5a70fb9a-cd05-4ee8-ae69-3e1a7541b142) (Version:  - Epic Games, Inc.)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oil Rush (HKLM-x32\...\Steam App 200390) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.6.28352 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version:  - )
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version:  - Zen Studios)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Pro Pinball - Timeshock! (HKLM-x32\...\Pro Pinball - Timeshock!_is1) (Version:  - GOG.com)
Proteus (HKLM-x32\...\Steam App 219680) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Really Big Sky (HKLM-x32\...\Steam App 201570) (Version:  - Boss Baddie)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Runespell: Overture (HKLM-x32\...\Steam App 102200) (Version:  - Mystic Box)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version:  - DPad Studios)
Shadow Warrior Classic (1997) (HKLM-x32\...\Steam App 238070) (Version:  - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartPower (HKLM-x32\...\{E5DFADB4-AECD-49E9-BAF3-ED7AD6393CBE}) (Version: 1.5.2 - James Chiffey (Ignatu Software))
SpaceChem (HKLM-x32\...\Steam App 92800) (Version:  - Zachtronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.445.23476 - SteelSeries)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - )
Syder Arcade (HKLM-x32\...\Steam App 252310) (Version:  - Studio Evil)
Tales from Space: Mutant Blobs Attack (HKLM-x32\...\Steam App 206370) (Version:  - DrinkBox Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - )
Turba (HKLM-x32\...\Steam App 58400) (Version:  - Binary Takeover)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WM Recorder (HKLM-x32\...\WM Recorder14.10) (Version: 14.10 - AllAlex, Inc)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-09-2014 23:03:16 Windows Update
03-10-2014 20:20:07 Windows Update
07-10-2014 22:11:02 Windows Update
09-10-2014 17:51:51 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
09-10-2014 17:52:31 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
12-10-2014 08:26:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-10-12 12:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1452E015-8874-41B5-B58A-9EC975B8D1C3} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {6F086F56-9C7F-4FC9-B3D2-2AAECE433DF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {9944BF9C-4729-4EC5-8C51-8666D9834351} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-20] (Adobe Systems Incorporated)
Task: {E4827331-7AE0-4B14-8BEB-BDE559D5191D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-20 16:23 - 2014-04-20 16:23 - 00230240 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2013-06-11 18:21 - 2013-06-11 18:21 - 00032768 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 05502720 _____ () C:\Program Files\Sublime Text 3\sublime_text.exe
2009-03-13 03:18 - 2009-03-13 03:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe
2013-06-11 18:21 - 2013-06-11 18:21 - 00044544 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 00595456 _____ () C:\Program Files\Sublime Text 3\plugin_host.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 01065472 _____ () C:\Program Files\Sublime Text 3\_hashlib.pyd
2013-06-11 18:21 - 2013-06-11 18:21 - 00025088 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.Settings.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 19:30 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 19:30 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\startupreg: bluebirds => C:\Users\h3ll-r4z0r\Bluebirds\BlueBirds.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "F:\INCOMING\_GAMES\Steam\Steam.exe" -silent
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-3451941310-4175689731-257133520-500 - Administrator - Disabled)
Gast (S-1-5-21-3451941310-4175689731-257133520-501 - Limited - Disabled)
h3ll-r4z0r (S-1-5-21-3451941310-4175689731-257133520-1000 - Administrator - Enabled) => C:\Users\h3ll-r4z0r
HomeGroupUser$ (S-1-5-21-3451941310-4175689731-257133520-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: D-Link Router
Description: D-Link Router
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 802.11n-USB-Drahtlos-LAN-Karte #6
Description: 802.11n-USB-Drahtlos-LAN-Karte
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28ux
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-12 12:42:01.838
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-12 12:42:01.785
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 34%
Total physical RAM: 6061.59 MB
Available physical RAM: 3979.91 MB
Total Pagefile: 12121.37 MB
Available Pagefile: 9889.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.18 GB) (Free:21.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Incoming) (Fixed) (Total:478.99 GB) (Free:161.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2CC6C3BB)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=479 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Vielen Dank für deine Zeit!

schrauber 14.10.2014 13:43

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Malte.Hommes 14.10.2014 21:36
Eset Log
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=090c412cad194544af625ae9e70e63a4
# engine=20595
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-14 08:19:25
# local_time=2014-10-14 10:19:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 215800 36301959 0 0
# scanned=303986
# found=5
# cleaned=0
# scan_time=9295
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=F2B99E4BA4DDE9D1785983D6471561F5F22562DB ft=0 fh=0000000000000000 vn="SWF/Exploit.ExKit.J Trojaner" ac=I fn="C:\Users\h3ll-r4z0r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P812CFL6\eTZR_n9o_xW5r_hK4LrT1lO2HoLUsrR77w01gHBEz7pJeUjXd-FHTg6gRX_y8k9z[1].swf"
sh=9B635E8146482B47C4925D799928491292AC41EC ft=1 fh=33c3a8a561fb66ef vn="Variante von Win32/AdWare.MultiPlug.CB Anwendung" ac=I fn="C:\Users\h3ll-r4z0r\Downloads\part2.rar.exe"
sh=A30B658C2CE205B4DE13199D8907F48D0575E00C ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="F:\INCOMING\***"
sh=5643117A6C65522E9D36D90B52DD7EFD3119F82A ft=1 fh=cb3da32cfba05f40 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="F:\INCOMING\***"
checkup Log
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 15.0.0.152 
 Mozilla Firefox (31.0)
 Mozilla Thunderbird (24.6.0)
 Google Chrome 37.0.2062.120 
 Google Chrome 37.0.2062.124 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST Log

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by h3ll-r4z0r (administrator) on H3LL-R4Z0R-PC on 14-10-2014 22:33:13
Running from C:\Users\h3ll-r4z0r\Downloads
Loaded Profile: h3ll-r4z0r (Available profiles: h3ll-r4z0r)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Windows\DAODx.exe
() C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Everything\Everything.exe
() C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) F:\INCOMING\_GAMES\Steam\Steam.exe
(Valve Corporation) F:\INCOMING\_GAMES\Steam\bin\steamwebhelper.exe
(Valve Corporation) F:\INCOMING\_GAMES\Steam\bin\steamwebhelper.exe
(Valve Corporation) F:\INCOMING\_GAMES\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Sublime Text 3\sublime_text.exe
() C:\Program Files\Sublime Text 3\plugin_host.exe
() C:\Users\h3ll-r4z0r\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [SmartPower Idle Monitor] => C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe [44544 2013-06-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{06669229-3373-4909-A052-AD1F3A472F25}: [NameServer] 192.168.150.1
Tcpip\..\Interfaces\{146D51C1-8851-4C4B-B1CA-8522C0BDA0E0}: [NameServer] 192.168.150.1
Tcpip\..\Interfaces\{76B2A96F-DAC8-423A-9021-5F2FDA6DF455}: [NameServer] 192.168.99.1
Tcpip\..\Interfaces\{C6DD2EFD-6FDB-4D05-AE8F-6F99B4629911}: [NameServer] 192.168.150.1

FireFox:
========
FF ProfilePath: C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: DuckDuckGo
FF Homepage: hxxp://www.linuxmint.com/start/nadia
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\h3ll-r4z0r\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: German Dictionary - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-09]
FF Extension: LastPass - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\support@lastpass.com [2014-08-31]
FF Extension: feedly - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\feedly@devhd.xpi [2013-05-17]
FF Extension: Firebug - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-21]
FF Extension: YouTube Center - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-12-03]
FF Extension: Adblock Edge - C:\Users\h3ll-r4z0r\AppData\Roaming\Mozilla\Firefox\Profiles\p2etgfty.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.linuxmint.com/start/nadia
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Profile: C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-10]
CHR Extension: (Google Drive) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-10]
CHR Extension: (Google Search) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-10]
CHR Extension: (AdBlock) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-06-03]
CHR Extension: (Fauxbar) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibkhcnpkakjniplpfblaoikiggkopka [2014-09-29]
CHR Extension: (LastPass Vault) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2013-07-12]
CHR Extension: (Google Wallet) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-05-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2014-04-20] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SmartPower; C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe [32768 2013-06-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\H3LL-R~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 22:30 - 2014-10-14 22:30 - 00854417 _____ () C:\Users\h3ll-r4z0r\Downloads\SecurityCheck.exe
2014-10-14 19:41 - 2014-10-14 19:41 - 02347384 _____ (ESET) C:\Users\h3ll-r4z0r\Downloads\esetsmartinstaller_deu.exe
2014-10-13 21:32 - 2014-10-13 21:32 - 35212808 _____ (ICQ) C:\Users\h3ll-r4z0r\Downloads\icq_rfrset.exe
2014-10-13 20:24 - 2014-10-13 20:24 - 00000630 _____ () C:\Users\h3ll-r4z0r\Desktop\JRT.txt
2014-10-13 20:13 - 2014-10-13 20:13 - 01976320 _____ () C:\Users\h3ll-r4z0r\Downloads\AdwCleaner_4.000.exe
2014-10-13 20:12 - 2014-10-13 20:12 - 00001167 _____ () C:\Users\h3ll-r4z0r\Desktop\malware.txt
2014-10-13 19:19 - 2014-10-13 19:19 - 00000000 ____D () C:\Users\h3ll-r4z0r\Downloads\FRST-OlderVersion
2014-10-12 12:44 - 2014-10-12 12:44 - 00026538 _____ () C:\ComboFix.txt
2014-10-12 12:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-12 12:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-12 12:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-12 12:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-12 12:32 - 2014-10-12 12:44 - 00000000 ____D () C:\Qoobox
2014-10-12 12:32 - 2014-10-12 12:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-12 10:53 - 2014-10-13 20:27 - 00028030 _____ () C:\Users\h3ll-r4z0r\Downloads\Addition.txt
2014-10-12 10:52 - 2014-10-14 22:33 - 00013411 _____ () C:\Users\h3ll-r4z0r\Downloads\FRST.txt
2014-10-12 10:52 - 2014-10-14 22:33 - 00000000 ____D () C:\FRST
2014-10-12 10:51 - 2014-10-13 19:19 - 02110464 _____ (Farbar) C:\Users\h3ll-r4z0r\Downloads\FRST64.exe
2014-10-12 10:34 - 2014-10-12 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-10-12 10:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-12 10:31 - 2014-10-13 20:18 - 00000000 ____D () C:\AdwCleaner
2014-10-12 10:31 - 2014-10-12 10:31 - 01705755 _____ (Thisisu) C:\Users\h3ll-r4z0r\Downloads\JRT.exe
2014-10-12 10:23 - 2014-10-12 10:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-10-12 10:22 - 2014-10-12 10:22 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-12 10:22 - 2014-10-12 10:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-12 10:21 - 2014-10-12 10:22 - 14087848 _____ (Microsoft Corporation) C:\Users\h3ll-r4z0r\Downloads\mseinstall.exe
2014-10-11 18:38 - 2014-10-11 18:38 - 00275760 _____ () C:\Windows\Minidump\101114-16707-01.dmp
2014-10-11 14:30 - 2014-10-11 14:30 - 00275760 _____ () C:\Windows\Minidump\101114-14913-01.dmp
2014-10-09 19:56 - 2014-10-09 19:56 - 00062096 _____ () C:\Windows\SysWOW64\CCCInstall_201410091956357447.log
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\ProgramData\ATI
2014-10-09 19:56 - 2014-10-09 19:56 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-08 20:19 - 2014-10-08 20:19 - 00275760 _____ () C:\Windows\Minidump\100814-16707-01.dmp
2014-09-27 22:24 - 2014-09-27 22:24 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-09-27 22:24 - 2014-09-27 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-27 22:23 - 2014-09-27 22:25 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Riot Games
2014-09-27 22:23 - 2014-09-27 22:23 - 30668968 _____ (Riot Games) C:\Users\h3ll-r4z0r\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2014-09-24 22:10 - 2014-09-24 22:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-24 22:10 - 2014-09-24 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 16:53 - 2014-09-21 16:53 - 00275760 _____ () C:\Windows\Minidump\092114-14461-01.dmp
2014-09-19 22:03 - 2014-09-19 23:20 - 00000655 _____ () C:\Users\h3ll-r4z0r\Documents\AutoHotkey.ahk
2014-09-19 22:03 - 2014-09-19 22:03 - 02047357 _____ () C:\Users\h3ll-r4z0r\Downloads\AutoHotkey104805_Install.exe
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-09-19 21:05 - 2014-09-19 21:05 - 00275760 _____ () C:\Windows\Minidump\091914-13572-01.dmp
2014-09-16 00:32 - 2014-09-16 00:32 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-16 00:32 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-09-16 00:31 - 2014-09-16 00:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-09-16 00:29 - 2014-09-16 00:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-16 00:26 - 2014-09-16 00:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-16 00:18 - 2014-09-16 00:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-09-16 00:18 - 2014-09-16 00:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-16 00:17 - 2014-09-16 00:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-16 00:16 - 2014-09-16 00:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-16 00:16 - 2014-09-16 00:16 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-16 00:13 - 2014-09-16 00:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-16 00:09 - 2014-09-16 00:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-16 00:08 - 2014-09-16 00:08 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-16 00:07 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-16 00:07 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-16 00:07 - 2014-09-16 00:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-16 00:07 - 2014-09-16 00:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-16 00:07 - 2014-09-16 00:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-16 00:06 - 2014-09-16 00:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-16 00:05 - 2014-09-16 00:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-16 00:03 - 2014-09-16 00:03 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-09-16 00:03 - 2014-09-16 00:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-09-16 00:03 - 2014-09-16 00:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-16 00:03 - 2014-09-16 00:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-16 00:00 - 2014-09-16 00:00 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-15 23:59 - 2014-09-15 23:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-15 23:59 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-15 23:58 - 2014-09-15 23:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-15 18:21 - 2014-09-15 18:21 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-09-15 18:19 - 2014-09-15 18:19 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 22:26 - 2013-04-10 20:20 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 22:15 - 2013-03-30 16:50 - 02043800 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 21:39 - 2013-03-30 17:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-14 19:22 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 19:22 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 19:15 - 2013-04-10 20:20 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-14 19:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 19:14 - 2009-07-14 06:51 - 00102064 _____ () C:\Windows\setupact.log
2014-10-13 20:19 - 2010-11-21 05:47 - 00125056 _____ () C:\Windows\PFRO.log
2014-10-13 20:13 - 2013-03-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Everything
2014-10-13 19:21 - 2014-03-24 21:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 20:20 - 2013-04-01 00:03 - 00007593 _____ () C:\Users\h3ll-r4z0r\AppData\Local\Resmon.ResmonCfg
2014-10-12 16:15 - 2013-03-30 18:03 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Skype
2014-10-12 15:42 - 2013-07-25 21:30 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\TS3Client
2014-10-12 12:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-12 12:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 10:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-12 10:32 - 2013-06-25 22:39 - 00001327 _____ () C:\Users\Public\Desktop\Pro Pinball - Timeshock!.lnk
2014-10-12 10:26 - 2014-09-07 00:19 - 00000000 ____D () C:\ProgramData\OwboZehpo
2014-10-12 10:22 - 2013-04-04 01:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-12 10:12 - 2014-07-31 10:36 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\Raptr
2014-10-12 00:09 - 2013-04-07 18:11 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\DC++
2014-10-12 00:09 - 2013-04-07 18:11 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\DC++
2014-10-11 18:38 - 2013-06-20 08:04 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 19:56 - 2013-03-30 17:28 - 00000000 ____D () C:\ProgramData\AMD
2014-10-09 19:56 - 2013-03-30 17:22 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-09 19:52 - 2014-05-01 01:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-09 19:50 - 2013-04-03 21:37 - 00000000 ____D () C:\AMD
2014-10-07 20:34 - 2013-06-20 21:16 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\JDownloader v2.0
2014-10-05 13:20 - 2013-03-30 17:56 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Roaming\vlc
2014-10-05 11:58 - 2013-12-16 20:29 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\Battle.net
2014-10-04 19:57 - 2014-08-04 23:39 - 00001746 _____ () C:\Users\h3ll-r4z0r\Desktop\MPC-HC x64.lnk
2014-10-04 19:57 - 2014-07-28 19:17 - 00000974 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2014-10-04 19:57 - 2013-10-12 13:56 - 00002090 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-10-04 19:57 - 2013-07-25 21:13 - 00001011 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-10-03 11:31 - 2013-12-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-28 22:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-28 20:37 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-28 20:37 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-28 20:37 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 19:31 - 2013-04-10 20:20 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 22:10 - 2014-03-05 15:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-24 22:10 - 2013-03-30 18:02 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 20:16 - 2014-09-04 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 15:02 - 2013-03-30 17:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-20 15:02 - 2013-03-30 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-20 15:02 - 2013-03-30 17:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-20 14:38 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 22:03 - 2011-04-12 09:55 - 00000000 ____D () C:\Windows\ShellNew
2014-09-17 23:02 - 2013-12-07 21:10 - 00000000 ____D () C:\Users\h3ll-r4z0r\Documents\NCSOFT
2014-09-17 23:02 - 2013-12-06 01:09 - 00000000 ____D () C:\Users\h3ll-r4z0r\AppData\Local\NCSOFT
2014-09-16 00:32 - 2014-04-18 04:43 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-09-16 00:31 - 2012-11-07 00:08 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-09-16 00:31 - 2012-11-06 23:29 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-16 00:31 - 2012-11-06 23:27 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-09-16 00:31 - 2012-11-06 23:25 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-16 00:31 - 2012-11-06 23:09 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-09-16 00:31 - 2012-11-06 23:05 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-16 00:31 - 2012-11-06 22:54 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-09-16 00:00 - 2014-04-18 03:08 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll

Some content of TEMP:
====================
C:\Users\h3ll-r4z0r\AppData\Local\Temp\Quarantine.exe
C:\Users\h3ll-r4z0r\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 21:52

==================== End Of Log ============================
--- --- ---


Addition Log
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by h3ll-r4z0r at 2014-10-14 22:33:54
Running from C:\Users\h3ll-r4z0r\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33394 - BitTorrent Inc.)
10,000,000 (HKLM-x32\...\Steam App 227580) (Version:  - EightyEightGames)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A.V.A - Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - RED DUCK Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71106.1646 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - )
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - )
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)
Borderlands 2  Game of the Year Edition Incl. All DLCs and Updates MULTI-2 1.8.1 (HKLM-x32\...\Borderlands 2  Game of the Year Edition Incl. All DLCs and Updates MULTI-2 1.8.1) (Version:  - )
Borderlands 2 Update 23 (v1.8.2) v1.8.2 (HKLM-x32\...\Borderlands 2 Update 23 (v1.8.2) v1.8.2) (Version:  - )
Burnout(TM) Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
calibre (HKLM-x32\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
Capsized (HKLM-x32\...\Steam App 95300) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - Nicalis)
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Darwinia (HKLM-x32\...\Steam App 1500) (Version:  - Introversion Software)
DC++ 0.843 (HKLM-x32\...\DC++) (Version: 0.843 - Jacek Sieka)
DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Devil May Cry 3: Special Edition (HKLM-x32\...\Steam App 6550) (Version:  - CAPCOM Co., Ltd.)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PhpStorm 7.1.3 (HKLM-x32\...\PhpStorm 7.1.3) (Version: 133.982 - JetBrains s.r.o.)
Joe Danger 2: The Movie (HKLM-x32\...\Steam App 242110) (Version:  - Hello Games)
La-Mulana (HKLM-x32\...\Steam App 230700) (Version:  - NIGORO)
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - )
Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version:  - Jasper Byrne)
LUFTRAUSERS (HKLM-x32\...\Steam App 233150) (Version:  - Vlambeer)
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)
Magic: The Gathering — Duels of the Planeswalkers 2012 (HKLM-x32\...\Steam App 49470) (Version:  - Stainless Games Ltd)
Magic: The Gathering - Duels of the Planeswalkers 2013 (HKLM-x32\...\Steam App 97330) (Version:  - Stainless Games)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
McPixel (HKLM-x32\...\Steam App 220860) (Version:  - Sos)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 6.2.0 (HKLM-x32\...\MKVToolNix) (Version: 6.2.0 - Moritz Bunkus)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.10.00.03 - Huawei Technologies Co.,Ltd)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
Multiwinia (HKLM-x32\...\Steam App 1530) (Version:  - Introversion Software)
My Game Long Name (HKLM\...\UDK-5a70fb9a-cd05-4ee8-ae69-3e1a7541b142) (Version:  - Epic Games, Inc.)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oil Rush (HKLM-x32\...\Steam App 200390) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.6.28352 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (HKLM-x32\...\Steam App 213030) (Version:  - )
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version:  - Zen Studios)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Pro Pinball - Timeshock! (HKLM-x32\...\Pro Pinball - Timeshock!_is1) (Version:  - GOG.com)
Proteus (HKLM-x32\...\Steam App 219680) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Really Big Sky (HKLM-x32\...\Steam App 201570) (Version:  - Boss Baddie)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Runespell: Overture (HKLM-x32\...\Steam App 102200) (Version:  - Mystic Box)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version:  - DPad Studios)
Shadow Warrior Classic (1997) (HKLM-x32\...\Steam App 238070) (Version:  - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartPower (HKLM-x32\...\{E5DFADB4-AECD-49E9-BAF3-ED7AD6393CBE}) (Version: 1.5.2 - James Chiffey (Ignatu Software))
SpaceChem (HKLM-x32\...\Steam App 92800) (Version:  - Zachtronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.445.23476 - SteelSeries)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - )
Syder Arcade (HKLM-x32\...\Steam App 252310) (Version:  - Studio Evil)
Tales from Space: Mutant Blobs Attack (HKLM-x32\...\Steam App 206370) (Version:  - DrinkBox Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - )
Turba (HKLM-x32\...\Steam App 58400) (Version:  - Binary Takeover)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WM Recorder (HKLM-x32\...\WM Recorder14.10) (Version: 14.10 - AllAlex, Inc)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-09-2014 23:03:16 Windows Update
03-10-2014 20:20:07 Windows Update
07-10-2014 22:11:02 Windows Update
09-10-2014 17:51:51 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
09-10-2014 17:52:31 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
12-10-2014 08:26:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-10-12 12:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1452E015-8874-41B5-B58A-9EC975B8D1C3} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {6F086F56-9C7F-4FC9-B3D2-2AAECE433DF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {9944BF9C-4729-4EC5-8C51-8666D9834351} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-20] (Adobe Systems Incorporated)
Task: {E4827331-7AE0-4B14-8BEB-BDE559D5191D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-20 16:23 - 2014-04-20 16:23 - 00230240 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2013-06-11 18:21 - 2013-06-11 18:21 - 00032768 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe
2009-03-13 03:18 - 2009-03-13 03:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe
2013-06-11 18:21 - 2013-06-11 18:21 - 00044544 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower Idle Monitor.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 05502720 _____ () C:\Program Files\Sublime Text 3\sublime_text.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 00595456 _____ () C:\Program Files\Sublime Text 3\plugin_host.exe
2014-09-02 21:51 - 2014-09-02 21:51 - 01065472 _____ () C:\Program Files\Sublime Text 3\_hashlib.pyd
2014-10-14 22:30 - 2014-10-14 22:30 - 00854417 _____ () C:\Users\h3ll-r4z0r\Downloads\SecurityCheck.exe
2013-06-11 18:21 - 2013-06-11 18:21 - 00025088 _____ () C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.Settings.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 19:30 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 19:30 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 19:30 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-08-29 19:25 - 2014-08-21 20:15 - 01171456 _____ () F:\INCOMING\_GAMES\Steam\libavcodec-56.dll
2014-08-29 19:25 - 2014-08-21 20:15 - 00442368 _____ () F:\INCOMING\_GAMES\Steam\libavutil-54.dll
2014-08-29 19:25 - 2014-08-21 20:15 - 00332800 _____ () F:\INCOMING\_GAMES\Steam\libavresample-2.dll
2013-03-25 15:23 - 2014-09-03 21:28 - 00774656 _____ () F:\INCOMING\_GAMES\Steam\SDL2.dll
2014-05-22 01:11 - 2014-09-23 06:32 - 02226880 _____ () F:\INCOMING\_GAMES\Steam\video.dll
2014-08-29 19:25 - 2014-08-21 20:15 - 00403968 _____ () F:\INCOMING\_GAMES\Steam\libavformat-56.dll
2014-08-29 19:25 - 2014-08-21 20:15 - 00485888 _____ () F:\INCOMING\_GAMES\Steam\libswscale-3.dll
2013-03-25 22:54 - 2014-09-23 06:32 - 00679616 _____ () F:\INCOMING\_GAMES\Steam\bin\chromehtml.DLL
2013-03-26 17:16 - 2014-09-05 01:29 - 34589376 _____ () F:\INCOMING\_GAMES\Steam\bin\libcef.dll
2014-08-08 21:32 - 2014-09-05 01:29 - 00837824 _____ () F:\INCOMING\_GAMES\Steam\bin\ffmpegsumo.dll
2014-09-03 22:13 - 2014-09-23 06:07 - 00137544 _____ () C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll
2014-09-03 22:13 - 2014-09-03 22:13 - 07489352 _____ () C:\Users\h3ll-r4z0r\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdm.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\startupreg: bluebirds => C:\Users\h3ll-r4z0r\Bluebirds\BlueBirds.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "F:\INCOMING\_GAMES\Steam\Steam.exe" -silent
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-3451941310-4175689731-257133520-500 - Administrator - Disabled)
Gast (S-1-5-21-3451941310-4175689731-257133520-501 - Limited - Disabled)
h3ll-r4z0r (S-1-5-21-3451941310-4175689731-257133520-1000 - Administrator - Enabled) => C:\Users\h3ll-r4z0r
HomeGroupUser$ (S-1-5-21-3451941310-4175689731-257133520-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: D-Link Router
Description: D-Link Router
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 802.11n-USB-Drahtlos-LAN-Karte #6
Description: 802.11n-USB-Drahtlos-LAN-Karte
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28ux
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2014 10:29:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/14/2014 07:41:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/14/2014 07:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/14/2014 07:41:53 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{FB78D20E-9BE2-4C30-AB33-A8737ED45EFC}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (10/14/2014 07:15:16 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (10/14/2014 07:15:16 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422


Microsoft Office Sessions:
=========================
Error: (10/14/2014 10:29:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/14/2014 07:41:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\h3ll-r4z0r\Downloads\esetsmartinstaller_deu.exe

Error: (10/14/2014 07:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-10-12 12:42:01.838
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-12 12:42:01.785
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 45%
Total physical RAM: 6061.59 MB
Available physical RAM: 3290.35 MB
Total Pagefile: 12121.37 MB
Available Pagefile: 9111.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.18 GB) (Free:19.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Incoming) (Fixed) (Total:478.99 GB) (Free:161.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2CC6C3BB)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=479 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Vielen Dank. Alles läuft nun bestens und auch die gelegentlichen Abstürze gehören der Vergangenheit ein.

schrauber 15.10.2014 18:34
Zitat:
F:\INCOMING\***
Was haste denn da versucht unkenntlich zu machen? ;)

Malte.Hommes 15.10.2014 18:52
ähm. sicherheitskopien ^^

schrauber 16.10.2014 13:03
Is klar ;)


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27