Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus mit Combofix entfernt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.06.2013, 18:13   #1
c.l.s
 
Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Hey,

hatte den Verdacht auf einen Virus da mein Internet langsam wurde und Firefox immer öfter gehangen hat oder es einfach ewig brauchte um etwas zu öffnen.
Habe mir dann Combofix gedownloadet und ausgeführt, es hat auch was gefunden und gelöscht, leider habe ich danach Combofix wieder deinstalliert und die Logs sind jetzt weg, bin mir aber nicht sicher ob wirklich alles weg ist weil irgendiwe läuft firefox immer noch nicht so rund, vielleicht kann einer mal drüber schauen

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:12 on 04/06/2013 (Denis)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Code:
ATTFilter
OTL logfile created on: 04.06.2013 15:18:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,28% Memory free
8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 300,03 Gb Free Space | 50,34% Space Free | Partition Type: NTFS
 
Computer Name: DENIS-PC | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.04 15:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.16 16:38:28 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.19 10:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.09.24 17:56:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.06.03 15:20:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.03 13:57:36 | 000,034,528 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2013.05.24 01:47:25 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.19 10:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013.04.19 10:49:20 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.17 22:17:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.09.24 17:56:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.04 16:24:45 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.02.08 16:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012.10.11 05:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012.10.11 05:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2013.04.19 10:49:34 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 2206731
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 7C 27 A8 90 C2 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DCD039D7-0E3E-42A2-8370-E397BF16075A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.01 02:21:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.04 02:03:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 01:47:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 01:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 01:47:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 01:47:21 | 000,000,000 | ---D | M]
 
[2012.09.14 00:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Extensions
[2013.06.02 20:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions
[2013.06.02 20:04:14 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012.10.13 01:46:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.04.05 15:45:03 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\ich@maltegoetz.de
[2012.12.11 18:52:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.22 23:57:30 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.05.09 15:07:43 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.23 17:42:08 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.05.24 01:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 01:47:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.03 15:46:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{290886D4-FD22-4A17-B17A-2A5FAACD3783}: DhcpNameServer = 172.16.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB76360F-7D88-4F9D-9EDF-CB77F20DF522}: NameServer = 213.191.92.87 62.109.123.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE40D8B8-E047-43B4-882C-E9077F359F2E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.04 15:18:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
[2013.06.04 02:03:44 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.06.04 02:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.04 02:03:42 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.04 02:03:38 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.06.04 02:03:35 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.06.04 02:03:33 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.04 02:03:26 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.06.04 02:03:03 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.03 17:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
[2013.06.03 17:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2013.06.03 17:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2013.06.03 16:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.03 16:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.03 16:30:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.03 16:30:10 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.03 16:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.03 16:15:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.03 16:14:33 | 000,000,000 | --SD | C] -- C:\combofix
[2013.06.03 15:50:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.03 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.03 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.03 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Macromedia
[2013.06.03 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Macromedia
[2013.06.01 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.01 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2013.06.01 18:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2013.06.01 17:58:57 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\NVIDIA
[2013.06.01 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2
[2013.06.01 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013.06.01 17:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect Deluxe Edition
[2013.06.01 17:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect Deluxe Edition
[2013.06.01 17:29:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\BioWare
[2013.05.29 18:37:32 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\NVIDIA
[2013.05.29 18:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.05.29 18:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.05.29 18:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.05.29 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.05.29 18:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.05.29 18:26:06 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.05.29 12:42:10 | 000,000,000 | ---D | C] -- C:\1eb28485d68cce20035c4f7f74a0a7
[2013.05.25 18:59:48 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ATI
[2013.05.25 18:59:48 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\ATI
[2013.05.25 18:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.05.24 01:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.22 22:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2013.05.16 15:21:24 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\4A Games
[2013.05.16 15:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013.05.16 14:32:45 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\4A Games
[2013.05.16 14:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4A Games
[2013.05.16 14:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4A Games
[2013.05.14 00:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013.05.14 00:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2013.05.14 00:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013.05.14 00:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013.05.12 18:54:15 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.05.09 22:33:51 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Malwarebytes
[2013.05.09 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.09 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.09 22:33:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.09 22:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.09 19:18:27 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\##
[2013.05.09 18:59:29 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Proxifier
[2013.05.09 18:59:13 | 000,103,016 | ---- | C] (Initex) -- C:\Windows\SysNative\ProxifierShellExt.dll
[2013.05.09 18:59:13 | 000,091,240 | ---- | C] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll
[2013.05.09 18:59:13 | 000,076,392 | ---- | C] (Initex) -- C:\Windows\SysNative\PrxerDrv.dll
[2013.05.09 18:59:13 | 000,070,248 | ---- | C] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll
[2013.05.09 18:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier
[2013.05.09 18:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier
[2013.05.09 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\LolClient
[2013.05.09 16:02:45 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.05.09 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Programs
[2013.05.09 15:53:56 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.05.08 19:14:38 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ICQM
[2013.05.08 19:14:29 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ICQ-Profile
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 15:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
[2013.06.04 15:12:14 | 000,000,000 | ---- | M] () -- C:\Users\Denis\defogger_reenable
[2013.06.04 15:11:52 | 000,050,477 | ---- | M] () -- C:\Users\Denis\Desktop\Defogger.exe
[2013.06.04 14:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.04 14:27:41 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 14:27:40 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 14:19:49 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.06.04 14:19:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 14:19:02 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 02:03:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.03 15:46:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.16 18:24:11 | 000,000,000 | ---- | M] () -- C:\Users\Denis\Documents\ts3_clientui-win64-1365064384-2013-05-16 18_24_11.946689.dmp
[2013.05.16 13:49:23 | 000,295,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 03:04:31 | 001,634,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 03:04:31 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 03:04:31 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 03:04:31 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 03:04:31 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.05.08 16:13:10 | 003,165,737 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.04 15:12:14 | 000,000,000 | ---- | C] () -- C:\Users\Denis\defogger_reenable
[2013.06.04 15:11:52 | 000,050,477 | ---- | C] () -- C:\Users\Denis\Desktop\Defogger.exe
[2013.06.04 02:03:30 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.04 02:03:27 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.06.03 15:20:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 18:29:01 | 003,165,737 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.05.29 18:27:18 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.16 18:24:11 | 000,000,000 | ---- | C] () -- C:\Users\Denis\Documents\ts3_clientui-win64-1365064384-2013-05-16 18_24_11.946689.dmp
[2013.05.09 18:59:13 | 000,057,448 | ---- | C] () -- C:\Windows\SysNative\PrxerNsp.dll
[2013.05.09 18:59:13 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.03.14 01:41:41 | 000,007,597 | ---- | C] () -- C:\Users\Denis\AppData\Local\resmon.resmoncfg
[2013.02.10 03:24:50 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.12 03:15:39 | 001,382,400 | ---- | C] () -- C:\Windows\Data.dll
[2013.01.04 16:50:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.04 16:50:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.04 16:50:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.04 16:50:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.04 16:50:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 21:15:02 | 000,000,600 | ---- | C] () -- C:\Users\Denis\AppData\Local\PUTTY.RND
[2012.09.24 17:49:19 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.24 17:47:27 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.24 17:47:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.24 17:47:24 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.06.19 21:37:54 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.27 03:24:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.03.05 15:18:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.01 18:30:15 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\.minecraft
[2012.09.08 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.05.12 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\ICQ-Profile
[2013.05.12 18:54:07 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\ICQM
[2013.05.09 16:51:52 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\LolClient
[2013.04.28 17:21:11 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Notepad++
[2012.03.23 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\OpenOffice.org
[2013.05.09 18:59:29 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Proxifier
[2012.03.14 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\TeamViewer
[2013.06.04 14:56:39 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1242 bytes -> C:\ProgramData\Microsoft:banxbnFvkkBs7wunEVwRr5ddI
@Alternate Data Stream - 1212 bytes -> C:\Users\Denis\AppData\Local\Temp:ae5QBLgj7rLfvZEH64ORuBid
@Alternate Data Stream - 1157 bytes -> C:\ProgramData\Microsoft:IDLRUQrUamcIRmDfrWxjKGR

< End of report >
         

Code:
ATTFilter
TL Extras logfile created on: 04.06.2013 15:18:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,28% Memory free
8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 300,03 Gb Free Space | 50,34% Space Free | Partition Type: NTFS
 
Computer Name: DENIS-PC | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0437044C-5296-4E1A-9256-400A2E5174D8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{047B058C-D303-413A-92AC-E6578EEE39CD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{27374289-A329-4D29-B0E9-BC62772B0E4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2902D0A1-19F7-4866-9707-9254B11F690F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{36BAFE44-FDCE-45E0-A474-2AFCFC7F2262}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{473FDDFB-01E8-4AFE-A70A-23D50ABAEE82}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{574740C5-745F-47D9-AB74-0C1E11E96E40}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5B17C2F2-3F72-42DE-8B18-9D7B7E698672}" = lport=137 | protocol=17 | dir=in | app=system | 
"{62E40E0B-DFCA-4B10-B7D8-8DED96A24FE7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{642B24A8-BA99-4DD6-AE09-456E9196D703}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6CD2F76B-725E-488B-9C59-ED9AC404B1F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7878F955-F75A-4BF3-A4A2-C4357A320EEC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{84327447-1035-4037-9012-226C47761EBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C74F380-ED2F-4158-BC58-393C88942F37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A300A60A-9A69-4D66-9B4C-0C56A46C3E09}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4222743-9B3B-479D-BE1B-48A3D9F53101}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AA790B86-C0F0-4D70-AC12-9CF8C8C94213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B406CFC3-F0B7-4BEC-9782-95157B13BBCB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C10D5ADD-D46F-4E12-85EF-60B6C7087C16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD134509-22AB-4F31-873A-AB9A52FAA3D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DFFBF9E9-7013-4831-8600-4443FF769FBB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E08FF9F6-EDE3-4E89-A241-C39CD2B1F1AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3A8567B-9B5A-48FD-B4EA-6E1A040D2311}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C9C766-6FDD-4E12-8C1F-DF7B58965B8E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{14458ABA-E06D-4F0D-B8D5-3C98435E6FAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{15848F17-19BB-4EE6-9C40-625EBCD2D1FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{202575F7-439F-4E8C-81F0-77B2E7E5D5A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{2455875B-8536-485A-87E4-874B2227400A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{28EE513C-21B0-49CF-AAA2-524114DCBCB4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{317D625D-CF7A-4074-80C6-B58055CC01A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{34BAAE96-E998-4382-BC87-F326845DA99D}" = protocol=6 | dir=out | app=system | 
"{3D45616D-6D2C-40B7-9F36-A82BB3D46EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{4B2F2E29-1712-44F5-A64C-22CB41906E74}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4E0EB6AE-890C-4D3F-A1FF-A9CB7EE092AD}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{50729A65-C349-4EE0-A1A4-CAC65CF4BA09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5082A1FE-6C6A-4B07-BAEC-718040B5EC9B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A418909-6F6D-41FB-8429-CAC1510AAA12}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe | 
"{6386CE1C-1E4C-4FAC-858C-9B88BFC71229}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{65878C72-761D-4C3E-8BE5-BD0E10FFFAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{676AF417-E840-4A43-8156-6E8169C1AAB4}" = dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe | 
"{6BB1B021-592F-4A2B-865C-7460A65643AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{72401904-5A5D-48C6-BD9F-91E3E8A5A826}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{757EDEE8-A5E5-46BE-8F4C-4B02796C21D1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77101B6D-6FD3-4BF6-B016-AFB89C6B88D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{783641BA-4376-46E1-80AA-A2869312587F}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{78458307-3543-4717-9637-415A860CDF01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{7AB224AD-7716-4269-A20B-BFEE33805488}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D43859B-F9D6-4412-B16D-DCC21A623A68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{7F450FBC-9187-4627-999A-756F4B4A04F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{81C31666-6AE0-41B5-9A55-766A944E6D52}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{90DB159D-E5A1-4737-A695-0085D70F4898}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{910EF74B-1253-4DEE-833F-D1F04955574F}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe | 
"{95244599-B4A6-4598-9194-2B59F1D7E3A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9547983E-92C5-4143-80AC-D30A85A2EFF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9D2E0473-E657-4DCB-8AF8-847E3B9F0394}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{9E828D41-D66E-4F14-975C-799684717FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{9EF0329A-F051-4CAC-8C1A-6DCAC02BD64B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{A33E021C-A041-4267-BB53-B2FEBFBEA92A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A38C59F4-963E-4295-81E0-F662B7661606}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{AE6403B0-CF73-4B48-B91B-D2FCE3E93E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B03A0E9F-A30E-48BD-9EBE-DABDDE9EFE09}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{B0702EDD-EEE6-45DD-8790-89127C8F3524}" = dir=out | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe | 
"{BC391938-AE66-4C4C-97AE-F5C33C326D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{BE2E9F2A-E7A9-4552-9CDF-0784C80F0FAE}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat | 
"{C48137C9-8B47-4F11-9782-CA8F61F16738}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1686D0E-3DC3-4B68-BEE3-DA794C424888}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D22D02C2-CF1A-49B8-9D79-5A5E4F4DBCF4}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{D3322A1C-EA56-40CA-8B83-7C08AF7989E3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D4B83063-5AA3-485B-9025-3286C6828F08}" = protocol=17 | dir=in | app=c:\users\denis\appdata\roaming\icqm\icq.exe | 
"{DECD0946-3BF1-459D-9E2D-9AD67EE8A767}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{E4E8EF2F-B5A4-4D10-B637-034FC377755C}" = protocol=6 | dir=in | app=c:\users\denis\appdata\roaming\icqm\icq.exe | 
"{E5C4CBF4-8F3D-4CB2-A80C-AE85233A777F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC620C8E-8206-4D14-B5AC-81099819A755}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F5D8C9E6-A2C0-4025-B87F-1A453AD5CABC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{035D3868-A7A2-4978-9474-50E55DA273F1}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{3CACB7A9-0310-4F04-A9A1-0CE2F3FC3C60}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | 
"TCP Query User{5382B0C2-6778-4CE4-90A6-857A135B961F}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe | 
"TCP Query User{BACD2CAE-37FE-413F-9809-C7ECF35150A5}C:\program files (x86)\steam\steamapps\l3b3l\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\l3b3l\counter-strike source\hl2.exe | 
"TCP Query User{F7779702-ACD3-4666-866D-1AA8FD171070}C:\program files (x86)\4a games\metro last light\metrollbenchmark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\4a games\metro last light\metrollbenchmark.exe | 
"UDP Query User{27772E25-C502-4881-9F84-C1DA2D2B899B}C:\program files (x86)\4a games\metro last light\metrollbenchmark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\4a games\metro last light\metrollbenchmark.exe | 
"UDP Query User{7786AD6F-E321-4904-B1AF-6492B6501EBF}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | 
"UDP Query User{D7AEF958-2142-4950-9297-99708DFA3D59}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{F5C5BA4C-6A47-4094-B578-6F2D17EF8269}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe | 
"UDP Query User{F9C66A96-E3AE-4471-9B6C-3AD19DA2CDDF}C:\program files (x86)\steam\steamapps\l3b3l\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\l3b3l\counter-strike source\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OpenVPN" = OpenVPN 2.3.2-I001 
"TAP-Windows" = TAP-Windows 9.9.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{33E91A0A-2450-47F4-A5E8-3DFE99F73BA4}_is1" = Metro: Last Light
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4B004B0-B6D3-4BA8-B012-3F79A931CF9E}" = BlueStacks Notification Center
"{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1" = Mass Effect Deluxe Edition
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Black Ops 2 Deutsch Patch-TokZic 1.0" = Black Ops 2 Deutsch Patch-TokZic 1.0
"BlueStacks App Player" = BlueStacks App Player
"Call of Duty Black Ops II_is1" = Call of Duty Black Ops II
"Cross Fire_is1" = Cross Fire En
"Crossfire Europe" = Crossfire Europe
"DivX Setup" = DivX-Setup
"Hitman Absolution_is1" = Hitman Absolution
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerTeacher_is1" = PowerTeacher Version 23.04.026.R122
"Proxifier_is1" = Proxifier version 3.21
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 209870" = Blacklight: Retribution
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 6019)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 03.06.2013 11:46:02 | Computer Name = Denis-PC | Source = VSS | ID = 8193
Description = 
 
Error - 03.06.2013 11:49:35 | Computer Name = Denis-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 04.06.2013 08:18:20 | Computer Name = Denis-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 04.06.2013 08:19:58 | Computer Name = Denis-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
[ System Events ]
Error - 03.06.2013 11:37:23 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 03.06.2013 11:37:28 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 03.06.2013 11:37:28 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 03.06.2013 11:37:29 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 03.06.2013 11:37:29 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 03.06.2013 11:37:29 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 03.06.2013 11:37:29 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 03.06.2013 11:49:35 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 04.06.2013 08:18:20 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 04.06.2013 08:19:58 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
 
< End of report >
         

l3b3l ist offline Beitrag melden   	Mit Zitat antworten Beitrag zum Zitieren auswählen
Alt Heute, 16:04
         

Alt 04.06.2013, 19:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



HI,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit

(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 04.06.2013, 20:43   #3
c.l.s
 
Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-06-2013
Ran by Denis (administrator) on 04-06-2013 21:41:22
Running from C:\Users\Denis\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {DCD039D7-0E3E-42A2-8370-E397BF16075A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 %SystemRoot%\system32\PrxerNsp.dll [56424] ()
Winsock: Catalog9 01 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 02 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 03 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 04 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 15 %SystemRoot%\system32\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog5-x64 07 %SystemRoot%\system32\PrxerNsp.dll [57448] ()
Winsock: Catalog9-x64 01 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 15 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB76360F-7D88-4F9D-9EDF-CB77F20DF522}: [NameServer]213.191.74.18 62.109.123.196

FireFox:
========
FF ProfilePath: C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default
FF SelectedSearchEngine: eBay
FF Homepage: google.de
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\Extensions\ich@maltegoetz.de
FF Extension: Flash and Video Download - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: No Name - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-04-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-04-19] (BlueStack Systems, Inc.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-24] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-04-19] (BlueStack Systems)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
S3 catchme; \??\C:\virenkiller\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 X6va005; \??\C:\Users\Denis\AppData\Local\Temp\005968C.tmp [x]
S3 X6va006; \??\C:\Users\Denis\AppData\Local\Temp\00620D0.tmp [x]
S3 X6va007; \??\C:\Users\Denis\AppData\Local\Temp\0077A02.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-04 21:41 - 2013-06-04 21:41 - 01916712 ____A (Farbar) C:\Users\Denis\Downloads\FRST64.exe
2013-06-04 21:41 - 2013-06-04 21:41 - 00000000 ____D C:\FRST
2013-06-04 20:45 - 2013-06-04 20:46 - 00000000 ____D C:\Fraps
2013-06-04 20:13 - 2013-06-04 20:13 - 00000000 ____D C:\Users\Denis\AppData\Roaming\YaTQA
2013-06-04 20:13 - 2013-06-04 20:13 - 00000000 ____D C:\Program Files (x86)\YaTQA
2013-06-04 17:05 - 2013-06-04 17:05 - 00000000 ____D C:\Program Files\OpenVPN
2013-06-04 17:01 - 2013-06-04 17:01 - 00000056 ____A C:\Windows\setupact.log
2013-06-04 17:01 - 2013-06-04 17:01 - 00000000 ____A C:\Windows\setuperr.log
2013-06-04 17:00 - 2013-06-04 17:00 - 00002862 ____A C:\Windows\PFRO.log
2013-06-04 15:31 - 2013-06-04 15:31 - 00377856 ____A C:\Users\Denis\Desktop\gmer_2.1.19163.exe
2013-06-04 15:24 - 2013-06-04 15:24 - 00086882 ____A C:\Users\Denis\Desktop\OTL.Txt
2013-06-04 15:24 - 2013-06-04 15:24 - 00061840 ____A C:\Users\Denis\Desktop\Extras.Txt
2013-06-04 15:18 - 2013-06-04 15:18 - 00602112 ____A (OldTimer Tools) C:\Users\Denis\Desktop\OTL.exe
2013-06-04 15:12 - 2013-06-04 15:12 - 00000472 ____A C:\Users\Denis\Desktop\defogger_disable.log
2013-06-04 15:12 - 2013-06-04 15:12 - 00000000 ____A C:\Users\Denis\defogger_reenable
2013-06-04 15:11 - 2013-06-04 15:11 - 00050477 ____A C:\Users\Denis\Desktop\Defogger.exe
2013-06-04 02:03 - 2013-05-09 10:59 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-04 02:03 - 2013-05-09 10:59 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-04 02:03 - 2013-05-09 10:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-04 02:03 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-06-04 02:03 - 2013-05-09 10:59 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-06-04 02:03 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-06-04 02:03 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-06-04 02:03 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-06-04 02:03 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Vorlagen
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Startmenü
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Netzwerkumgebung
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Lokale Einstellungen
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Eigene Dateien
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Druckumgebung
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Documents\Eigene Musik
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Documents\Eigene Bilder
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\AppData\Local\Verlauf
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\AppData\Local\Anwendungsdaten
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Anwendungsdaten
2013-06-03 16:58 - 2013-06-04 02:02 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-03 16:57 - 2013-06-04 02:02 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-03 16:33 - 2013-06-03 16:33 - 00001388 ____A C:\AdwCleaner[S1].txt
2013-06-03 16:33 - 2013-06-03 16:33 - 00001326 ____A C:\AdwCleaner[R2].txt
2013-06-03 16:33 - 2013-06-03 16:33 - 00001266 ____A C:\AdwCleaner[R1].txt
2013-06-03 16:30 - 2013-06-03 17:48 - 00000000 ____D C:\JRT
2013-06-03 16:30 - 2013-06-03 16:30 - 00000000 ____D C:\Windows\ERUNT
2013-06-03 16:20 - 2013-06-03 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-03 16:14 - 2013-06-03 17:48 - 00000000 ___SD C:\combofix
2013-06-03 15:28 - 2013-06-03 15:28 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-03 15:28 - 2013-06-03 15:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-03 15:28 - 2013-06-03 15:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-03 15:28 - 2013-06-03 15:28 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-03 15:28 - 2013-06-03 15:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-03 15:24 - 2013-06-03 15:24 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-03 15:24 - 2013-06-03 15:24 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-03 15:24 - 2013-06-03 15:24 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-03 15:24 - 2013-06-03 15:24 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-03 15:24 - 2013-06-03 15:24 - 00000000 ____D C:\Program Files\Java
2013-06-03 15:21 - 2013-06-03 15:21 - 00000000 ____D C:\Users\Denis\AppData\Roaming\Macromedia
2013-06-03 15:21 - 2013-06-03 15:21 - 00000000 ____D C:\Users\Denis\AppData\Local\Macromedia
2013-06-03 15:20 - 2013-06-04 20:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-03 15:20 - 2013-06-03 15:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-03 15:20 - 2013-06-03 15:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-01 18:15 - 2013-06-01 18:15 - 00000000 ____D C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2013-06-01 17:58 - 2013-06-01 18:22 - 00000000 ____D C:\Users\Denis\AppData\Roaming\NVIDIA
2013-06-01 17:56 - 2013-06-01 18:16 - 00021486 ____A C:\Users\Denis\Documents\Install Mass Effect 2.log
2013-06-01 17:56 - 2013-06-01 18:05 - 00000000 ____D C:\Program Files (x86)\Mass Effect 2
2013-06-01 17:29 - 2013-06-01 17:56 - 00000000 ____D C:\Users\Denis\Documents\BioWare
2013-06-01 17:29 - 2013-06-01 17:46 - 00000000 ____D C:\Program Files (x86)\Mass Effect Deluxe Edition
2013-05-29 18:37 - 2013-05-29 18:37 - 00000000 ____D C:\Users\Denis\AppData\Local\NVIDIA
2013-05-29 18:30 - 2013-05-29 18:30 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2013-05-29 18:29 - 2013-06-04 17:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-29 18:29 - 2013-05-12 22:34 - 06491936 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-05-29 18:29 - 2013-05-12 22:34 - 03514656 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-05-29 18:29 - 2013-05-12 22:34 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-05-29 18:29 - 2013-05-12 22:34 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-05-29 18:29 - 2013-05-12 22:34 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-05-29 18:29 - 2013-05-12 22:34 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-05-29 18:29 - 2013-05-08 16:13 - 03165737 ____A C:\Windows\System32\nvcoproc.bin
2013-05-29 18:28 - 2013-05-29 18:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-05-29 18:28 - 2013-05-29 18:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-05-29 18:27 - 2013-05-12 23:42 - 27775776 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 21096736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 15910736 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 15143904 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 13403168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 12426216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 11216160 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-05-29 18:27 - 2013-05-12 23:42 - 09233688 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 07682960 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 07641832 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 06324360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 02942240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 02935696 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 02754336 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 02597344 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 02363680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 02002720 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432018.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432018.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 01059560 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00925648 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00550176 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00518944 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00443168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00432416 ____A (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00421152 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00370976 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00266448 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00218592 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00214448 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00181488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-05-29 18:27 - 2013-05-12 23:42 - 00020536 ____A C:\Windows\System32\nvinfo.pb
2013-05-29 18:27 - 2013-02-25 07:27 - 00194848 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-05-29 18:27 - 2013-02-25 07:27 - 00031520 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-05-29 18:27 - 2013-01-29 10:35 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2013-05-29 18:26 - 2013-05-29 18:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-29 18:26 - 2013-05-29 18:26 - 00000000 ____D C:\NVIDIA
2013-05-29 12:42 - 2013-05-29 12:42 - 00000000 ____D C:\1eb28485d68cce20035c4f7f74a0a7
2013-05-25 18:59 - 2013-05-25 18:59 - 00000000 ____D C:\Users\Denis\AppData\Roaming\ATI
2013-05-25 18:59 - 2013-05-25 18:59 - 00000000 ____D C:\Users\Denis\AppData\Local\ATI
2013-05-25 18:53 - 2013-05-29 18:11 - 00000000 ____D C:\ProgramData\AMD
2013-05-24 01:47 - 2013-05-24 01:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-16 18:24 - 2013-05-16 18:24 - 00000000 ____A C:\Users\Denis\Documents\ts3_clientui-win64-1365064384-2013-05-16 18_24_11.946689.dmp
2013-05-16 15:34 - 2013-06-04 17:58 - 00000000 ____D C:\Users\Denis\Downloads\k
2013-05-16 15:21 - 2013-05-16 15:21 - 00000000 ____D C:\Users\Denis\Documents\4A Games
2013-05-16 15:15 - 2013-05-16 15:15 - 00000000 ____D C:\ProgramData\RELOADED
2013-05-16 14:32 - 2013-05-16 14:32 - 00000000 ____D C:\Users\Denis\AppData\Local\4A Games
2013-05-16 14:21 - 2013-05-16 14:21 - 00000000 ____D C:\Program Files (x86)\4A Games
2013-05-15 14:20 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 14:20 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 14:20 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 14:19 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 14:19 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 14:19 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 14:19 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 14:19 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 14:19 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 14:19 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 14:19 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 14:19 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 14:19 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 14:19 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 21:06 - 2013-05-14 21:06 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-05-14 00:54 - 2013-05-14 01:02 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-05-14 00:54 - 2013-05-14 00:55 - 00000000 ____D C:\ProgramData\BlueStacks
2013-05-12 15:43 - 2013-05-12 15:43 - 00566048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-05-09 22:33 - 2013-05-09 22:33 - 00000000 ____D C:\Users\Denis\AppData\Roaming\Malwarebytes
2013-05-09 22:33 - 2013-05-09 22:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-09 22:33 - 2013-05-09 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-09 22:33 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-09 19:18 - 2013-06-04 18:08 - 00000000 ____D C:\Users\Denis\Desktop\##
2013-05-09 18:59 - 2013-05-09 18:59 - 00000000 ____D C:\Users\Denis\AppData\Roaming\Proxifier
2013-05-09 18:59 - 2013-05-09 18:59 - 00000000 ____D C:\Program Files (x86)\Proxifier
2013-05-09 18:59 - 2012-11-22 18:57 - 00103016 ____A (Initex) C:\Windows\System32\ProxifierShellExt.dll
2013-05-09 18:59 - 2012-11-22 18:57 - 00091240 ____A (Initex) C:\Windows\SysWOW64\ProxifierShellExt.dll
2013-05-09 18:59 - 2012-11-22 18:57 - 00076392 ____A (Initex) C:\Windows\System32\PrxerDrv.dll
2013-05-09 18:59 - 2012-11-22 18:57 - 00070248 ____A (Initex) C:\Windows\SysWOW64\PrxerDrv.dll
2013-05-09 18:59 - 2012-11-22 18:57 - 00057448 ____A C:\Windows\System32\PrxerNsp.dll
2013-05-09 18:59 - 2012-11-22 18:57 - 00056424 ____A C:\Windows\SysWOW64\PrxerNsp.dll
2013-05-09 18:59 - 1997-06-06 15:52 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
2013-05-09 16:51 - 2013-05-09 16:51 - 00000000 ____D C:\Users\Denis\AppData\Roaming\LolClient
2013-05-09 16:02 - 2013-05-09 16:02 - 00000000 ____D C:\Riot Games
2013-05-08 19:14 - 2013-05-12 19:06 - 00000000 ____D C:\Users\Denis\AppData\Roaming\ICQ-Profile
2013-05-08 19:14 - 2013-05-12 18:54 - 00000000 ____D C:\Users\Denis\AppData\Roaming\ICQM

==================== One Month Modified Files and Folders =======

2013-06-04 21:41 - 2013-06-04 21:41 - 01916712 ____A (Farbar) C:\Users\Denis\Downloads\FRST64.exe
2013-06-04 21:41 - 2013-06-04 21:41 - 00000000 ____D C:\FRST
2013-06-04 21:12 - 2012-03-05 15:37 - 00000000 ____D C:\Users\Denis\AppData\Roaming\TS3Client
2013-06-04 20:48 - 2013-06-03 15:20 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-04 20:46 - 2013-06-04 20:45 - 00000000 ____D C:\Fraps
2013-06-04 20:13 - 2013-06-04 20:13 - 00000000 ____D C:\Users\Denis\AppData\Roaming\YaTQA
2013-06-04 20:13 - 2013-06-04 20:13 - 00000000 ____D C:\Program Files (x86)\YaTQA
2013-06-04 19:47 - 2009-07-14 06:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-04 19:47 - 2009-07-14 06:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-04 19:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-06-04 18:49 - 2012-03-06 14:00 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-04 18:08 - 2013-05-09 19:18 - 00000000 ____D C:\Users\Denis\Desktop\##
2013-06-04 17:58 - 2013-05-16 15:34 - 00000000 ____D C:\Users\Denis\Downloads\k
2013-06-04 17:05 - 2013-06-04 17:05 - 00000000 ____D C:\Program Files\OpenVPN
2013-06-04 17:01 - 2013-06-04 17:01 - 00000056 ____A C:\Windows\setupact.log
2013-06-04 17:01 - 2013-06-04 17:01 - 00000000 ____A C:\Windows\setuperr.log
2013-06-04 17:01 - 2013-05-29 18:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-04 17:01 - 2013-01-05 02:14 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-06-04 17:01 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 17:00 - 2013-06-04 17:00 - 00002862 ____A C:\Windows\PFRO.log
2013-06-04 17:00 - 2013-01-05 02:40 - 01731716 ____A C:\Windows\WindowsUpdate.log
2013-06-04 15:31 - 2013-06-04 15:31 - 00377856 ____A C:\Users\Denis\Desktop\gmer_2.1.19163.exe
2013-06-04 15:24 - 2013-06-04 15:24 - 00086882 ____A C:\Users\Denis\Desktop\OTL.Txt
2013-06-04 15:24 - 2013-06-04 15:24 - 00061840 ____A C:\Users\Denis\Desktop\Extras.Txt
2013-06-04 15:18 - 2013-06-04 15:18 - 00602112 ____A (OldTimer Tools) C:\Users\Denis\Desktop\OTL.exe
2013-06-04 15:12 - 2013-06-04 15:12 - 00000472 ____A C:\Users\Denis\Desktop\defogger_disable.log
2013-06-04 15:12 - 2013-06-04 15:12 - 00000000 ____A C:\Users\Denis\defogger_reenable
2013-06-04 15:12 - 2012-03-05 15:10 - 00000000 ____D C:\users\Denis
2013-06-04 15:11 - 2013-06-04 15:11 - 00050477 ____A C:\Users\Denis\Desktop\Defogger.exe
2013-06-04 02:03 - 2013-01-04 18:10 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-04 02:02 - 2013-06-03 16:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-04 02:02 - 2013-06-03 16:57 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-03 17:48 - 2013-06-03 16:30 - 00000000 ____D C:\JRT
2013-06-03 17:48 - 2013-06-03 16:14 - 00000000 ___SD C:\combofix
2013-06-03 17:48 - 2012-03-05 18:24 - 00000000 ____D C:\Program Files\CCleaner
2013-06-03 17:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Vorlagen
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Startmenü
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Netzwerkumgebung
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Lokale Einstellungen
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Eigene Dateien
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Druckumgebung
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Documents\Eigene Musik
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Documents\Eigene Bilder
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\AppData\Local\Verlauf
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\AppData\Local\Anwendungsdaten
2013-06-03 17:35 - 2013-06-03 17:35 - 00000000 __SHD C:\Users\TEMP\Anwendungsdaten
2013-06-03 16:33 - 2013-06-03 16:33 - 00001388 ____A C:\AdwCleaner[S1].txt
2013-06-03 16:33 - 2013-06-03 16:33 - 00001326 ____A C:\AdwCleaner[R2].txt
2013-06-03 16:33 - 2013-06-03 16:33 - 00001266 ____A C:\AdwCleaner[R1].txt
2013-06-03 16:30 - 2013-06-03 16:30 - 00000000 ____D C:\Windows\ERUNT
2013-06-03 16:29 - 2013-06-03 16:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-03 15:46 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-03 15:45 - 2009-07-14 04:34 - 56623104 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-06-03 15:45 - 2009-07-14 04:34 - 20971520 ____A C:\Windows\System32\config\SYSTEM.bak
2013-06-03 15:45 - 2009-07-14 04:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-06-03 15:45 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-06-03 15:45 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-06-03 15:44 - 2013-01-04 16:50 - 00000000 ____D C:\Windows\erdnt
2013-06-03 15:28 - 2013-06-03 15:28 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-03 15:28 - 2013-06-03 15:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-03 15:28 - 2013-06-03 15:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-03 15:28 - 2013-06-03 15:28 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-03 15:28 - 2013-06-03 15:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-03 15:28 - 2012-07-25 19:14 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-03 15:28 - 2012-03-06 18:57 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-03 15:24 - 2013-06-03 15:24 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-03 15:24 - 2013-06-03 15:24 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-03 15:24 - 2013-06-03 15:24 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-03 15:24 - 2013-06-03 15:24 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-03 15:24 - 2013-06-03 15:24 - 00000000 ____D C:\Program Files\Java
2013-06-03 15:24 - 2013-01-04 18:36 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-03 15:24 - 2012-03-05 20:00 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-03 15:21 - 2013-06-03 15:21 - 00000000 ____D C:\Users\Denis\AppData\Roaming\Macromedia
2013-06-03 15:21 - 2013-06-03 15:21 - 00000000 ____D C:\Users\Denis\AppData\Local\Macromedia
2013-06-03 15:21 - 2012-09-14 00:52 - 00000000 ____D C:\Users\Denis\AppData\Roaming\Adobe
2013-06-03 15:20 - 2013-06-03 15:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-03 15:20 - 2013-06-03 15:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-03 15:20 - 2012-09-14 01:01 - 00000000 ____D C:\Users\Denis\AppData\Local\Adobe
2013-06-01 18:30 - 2012-08-13 13:27 - 00000000 ____D C:\Users\Denis\AppData\Roaming\.minecraft
2013-06-01 18:22 - 2013-06-01 17:58 - 00000000 ____D C:\Users\Denis\AppData\Roaming\NVIDIA
2013-06-01 18:16 - 2013-06-01 17:56 - 00021486 ____A C:\Users\Denis\Documents\Install Mass Effect 2.log
2013-06-01 18:15 - 2013-06-01 18:15 - 00000000 ____D C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2013-06-01 18:05 - 2013-06-01 17:56 - 00000000 ____D C:\Program Files (x86)\Mass Effect 2
2013-06-01 17:56 - 2013-06-01 17:29 - 00000000 ____D C:\Users\Denis\Documents\BioWare
2013-06-01 17:46 - 2013-06-01 17:29 - 00000000 ____D C:\Program Files (x86)\Mass Effect Deluxe Edition
2013-05-31 21:09 - 2012-12-21 21:23 - 00000000 ____D C:\Users\Denis\AppData\Roaming\Skype
2013-05-29 18:37 - 2013-05-29 18:37 - 00000000 ____D C:\Users\Denis\AppData\Local\NVIDIA
2013-05-29 18:34 - 2013-05-29 18:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-05-29 18:30 - 2013-05-29 18:30 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-05-29 18:30 - 2013-05-29 18:30 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
2013-05-29 18:30 - 2013-05-29 18:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-05-29 18:30 - 2013-05-29 18:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-29 18:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-05-29 18:26 - 2013-05-29 18:26 - 00000000 ____D C:\NVIDIA
2013-05-29 18:16 - 2012-03-07 15:05 - 00000000 ____D C:\Windows\Minidump
2013-05-29 18:11 - 2013-05-25 18:53 - 00000000 ____D C:\ProgramData\AMD
2013-05-29 12:42 - 2013-05-29 12:42 - 00000000 ____D C:\1eb28485d68cce20035c4f7f74a0a7
2013-05-25 18:59 - 2013-05-25 18:59 - 00000000 ____D C:\Users\Denis\AppData\Roaming\ATI
2013-05-25 18:59 - 2013-05-25 18:59 - 00000000 ____D C:\Users\Denis\AppData\Local\ATI
2013-05-25 18:48 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-24 18:51 - 2012-09-14 00:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 18:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-24 01:47 - 2013-05-24 01:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 16:10 - 2012-03-05 15:51 - 00000000 ____D C:\Users\Denis\Documents\Bewerbung
2013-05-16 18:24 - 2013-05-16 18:24 - 00000000 ____A C:\Users\Denis\Documents\ts3_clientui-win64-1365064384-2013-05-16 18_24_11.946689.dmp
2013-05-16 15:21 - 2013-05-16 15:21 - 00000000 ____D C:\Users\Denis\Documents\4A Games
2013-05-16 15:15 - 2013-05-16 15:15 - 00000000 ____D C:\ProgramData\RELOADED
2013-05-16 14:32 - 2013-05-16 14:32 - 00000000 ____D C:\Users\Denis\AppData\Local\4A Games
2013-05-16 14:21 - 2013-05-16 14:21 - 00000000 ____D C:\Program Files (x86)\4A Games
2013-05-16 14:17 - 2013-04-05 14:55 - 00000000 ____D C:\Users\Denis\AppData\Local\VirtualStore
2013-05-16 13:49 - 2009-07-14 06:45 - 00295032 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:07 - 2012-03-05 15:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 03:04 - 2009-07-14 19:58 - 00696832 ____A C:\Windows\System32\perfh007.dat
2013-05-16 03:04 - 2009-07-14 19:58 - 00148128 ____A C:\Windows\System32\perfc007.dat
2013-05-16 03:04 - 2009-07-14 07:13 - 01634396 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 21:06 - 2013-05-14 21:06 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 01:02 - 2013-05-14 00:54 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-05-14 00:55 - 2013-05-14 00:55 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-05-14 00:55 - 2013-05-14 00:54 - 00000000 ____D C:\ProgramData\BlueStacks
2013-05-14 00:55 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-13 03:24 - 2013-03-09 03:42 - 00000000 ____D C:\Users\Denis\AppData\Roaming\vlc
2013-05-12 23:42 - 2013-05-29 18:27 - 27775776 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 21096736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 15910736 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 15143904 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 13403168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 12426216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 11216160 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-05-12 23:42 - 2013-05-29 18:27 - 09233688 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 07682960 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 07641832 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 06324360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 02942240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 02935696 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 02754336 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 02597344 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 02363680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 02002720 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432018.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432018.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 01059560 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00925648 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00550176 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00518944 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00443168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00432416 ____A (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00421152 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00370976 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00266448 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00218592 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00214448 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00181488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-05-12 23:42 - 2013-05-29 18:27 - 00020536 ____A C:\Windows\System32\nvinfo.pb
2013-05-12 23:41 - 2012-04-10 00:23 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-12 22:34 - 2013-05-29 18:29 - 06491936 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-05-12 22:34 - 2013-05-29 18:29 - 03514656 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-05-12 22:34 - 2013-05-29 18:29 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-05-12 22:34 - 2013-05-29 18:29 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-05-12 22:34 - 2013-05-29 18:29 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-05-12 22:34 - 2013-05-29 18:29 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-05-12 19:51 - 2013-01-20 23:54 - 00000000 ____D C:\Users\Denis\Desktop\#
2013-05-12 19:06 - 2013-05-08 19:14 - 00000000 ____D C:\Users\Denis\AppData\Roaming\ICQ-Profile
2013-05-12 18:54 - 2013-05-08 19:14 - 00000000 ____D C:\Users\Denis\AppData\Roaming\ICQM
2013-05-12 15:43 - 2013-05-12 15:43 - 00566048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-05-09 22:33 - 2013-05-09 22:33 - 00000000 ____D C:\Users\Denis\AppData\Roaming\Malwarebytes
2013-05-09 22:33 - 2013-05-09 22:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-09 22:33 - 2013-05-09 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-09 18:59 - 2013-05-09 18:59 - 00000000 ____D C:\Users\Denis\AppData\Roaming\Proxifier
2013-05-09 18:59 - 2013-05-09 18:59 - 00000000 ____D C:\Program Files (x86)\Proxifier
2013-05-09 16:51 - 2013-05-09 16:51 - 00000000 ____D C:\Users\Denis\AppData\Roaming\LolClient
2013-05-09 16:02 - 2013-05-09 16:02 - 00000000 ____D C:\Riot Games
2013-05-09 14:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-09 10:59 - 2013-06-04 02:03 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 10:59 - 2013-06-04 02:03 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 10:59 - 2013-06-04 02:03 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 10:59 - 2013-06-04 02:03 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 10:59 - 2013-06-04 02:03 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 10:59 - 2013-06-04 02:03 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 10:59 - 2013-06-04 02:03 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 10:59 - 2013-06-04 02:03 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 10:58 - 2013-06-04 02:03 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 10:58 - 2013-01-04 18:10 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-08 16:13 - 2013-05-29 18:29 - 03165737 ____A C:\Windows\System32\nvcoproc.bin
2013-05-06 20:49 - 2012-03-05 17:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-24 17:58

==================== End Of Log ============================
         
und

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-06-2013
Ran by Denis at 2013-06-04 21:41:53 Run:
Running from C:\Users\Denis\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
avast! Free Antivirus (Version: 8.0.1489.0)
Black Ops 2 Deutsch Patch-TokZic 1.0 (Version: 1.0)
Blacklight: Retribution
BlueStacks App Player (Version: 0.7.11.885)
BlueStacks Notification Center (Version: 0.7.11.885)
Call of Duty Black Ops II
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner (Version: 4.01)
Command & Conquer 3 (Version: 1.00.0000)
Counter-Strike: Global Offensive
Counter-Strike: Source (Version: 1.0.0.0)
Cross Fire En
Crossfire Europe (Version: 1.160)
Crysis(R) (Version: 1.00.0000)
Crysis® 2 (Version: 1.0.0.0)
Crysis®3 (Version: 1.1.0.0)
DivX-Setup (Version: 2.6.1.24)
Fraps
Grand Theft Auto IV (Version: 1.0.0013.131)
Grand Theft Auto IV (Version: 1.00.0000)
Hitman Absolution
ICQ 8.0 (build 6019) (Version: 8.0.6019.0)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 35 (Version: 6.0.350)
JDownloader 0.9 (Version: 0.9)
League of Legends (Version: 1.3)
MagicDisc 2.7.106
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Mass Effect 2 (Version: 1.00)
Mass Effect Deluxe Edition (Version: v1.02)
Metro: Last Light (Version: 1.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MozBackup 1.5.1
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Notepad++ (Version: 6.3.2)
NVIDIA 3D Vision Controller-Treiber 320.18 (Version: 320.18)
NVIDIA 3D Vision Treiber 320.18 (Version: 320.18)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Grafiktreiber 320.18 (Version: 320.18)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2018)
NVIDIA Systemsteuerung 320.18 (Version: 320.18)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
OpenOffice.org 3.3 (Version: 3.3.9567)
OpenVPN 2.3.2-I001  (Version: 2.3.2-I001)
PowerTeacher Version 23.04.026.R122 (Version: 23.04.026.R122)
Proxifier version 3.21 (Version: 3.21)
PunkBuster Services (Version: 0.986)
Skype™ 6.1 (Version: 6.1.129)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
TAP-Windows 9.9.2 (Version: 9.9.2)
TeamSpeak 3 Client (Version: 3.0.10.1)
TeamViewer 8 (Version: 8.0.16642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Virtual Audio Cable 4.10
VLC media player 2.0.5 (Version: 2.0.5)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)

==================== Restore Points  =========================

01-06-2013 15:51:03 DirectX wurde installiert
03-06-2013 13:05:56 avast! Free Antivirus Setup
03-06-2013 13:07:15 Removed Java 7 Update 17 (64-bit)
03-06-2013 13:07:51 Removed Java 7 Update 21
03-06-2013 13:08:27 Removed Java(TM) 6 Update 35
03-06-2013 13:09:11 Removed Java(TM) 6 Update 35
03-06-2013 13:17:12 Removed Java(TM) 6 Update 35
03-06-2013 13:23:50 Installed Java 7 Update 21 (64-bit)
03-06-2013 13:28:23 Installed Java 7 Update 21
03-06-2013 14:57:48 avast! Free Antivirus Setup
03-06-2013 15:46:02 Wiederherstellungsvorgang
04-06-2013 00:02:28 avast! Free Antivirus Setup
04-06-2013 13:01:27 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2013 05:02:37 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:37 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:37 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:37 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (06/04/2013 05:02:36 PM) (Source: ESENT) (User: )
Description: Windows (3568) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0004A.log.


System errors:
=============
Error: (06/04/2013 05:02:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/04/2013 05:02:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (06/04/2013 05:02:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/04/2013 02:19:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/04/2013 02:18:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/03/2013 05:49:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/03/2013 05:37:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/03/2013 05:37:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (06/03/2013 05:37:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/03/2013 05:37:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.


Microsoft Office Sessions:
=========================
Error: (06/04/2013 05:02:37 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:37 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:37 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/04/2013 05:02:37 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (06/04/2013 05:02:36 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (06/04/2013 05:02:36 PM) (Source: ESENT)(User: )
Description: Windows3568Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0004A.log-1811


CodeIntegrity Errors:
===================================
  Date: 2013-06-04 17:01:04.087
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-04 17:01:03.946
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-04 14:19:16.199
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-04 14:19:16.074
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-04 14:16:45.324
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-04 14:16:45.184
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-03 17:49:09.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-03 17:49:08.901
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-03 17:35:29.009
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-03 17:35:28.884
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 4094.49 MB
Available physical RAM: 2375.29 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 6368.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:299.89 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 58E4B6A1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 05.06.2013, 08:01   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Nutzt Du einen Proxy?
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.06.2013, 16:41   #5
c.l.s
 
Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



ja benutzte einen vpn.

Hier der log :
Code:
ATTFilter
ComboFix 13-06-05.01 - Denis 05.06.2013  16:52:08.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.2634 [GMT 2:00]
ausgeführt von:: c:\users\Denis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-05 bis 2013-06-05  ))))))))))))))))))))))))))))))
.
.
2013-06-05 14:56 . 2013-06-05 14:56	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-06-05 14:56 . 2013-06-05 14:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-04 19:41 . 2013-06-04 19:41	--------	d-----w-	C:\FRST
2013-06-04 18:45 . 2013-06-04 18:46	--------	d-----w-	C:\Fraps
2013-06-04 18:13 . 2013-06-04 18:13	--------	d-----w-	c:\users\Denis\AppData\Roaming\YaTQA
2013-06-04 18:13 . 2013-06-04 18:13	--------	d-----w-	c:\program files (x86)\YaTQA
2013-06-04 15:05 . 2013-06-04 15:05	--------	d-----w-	c:\program files\TAP-Windows
2013-06-04 15:05 . 2013-06-04 15:05	--------	d-----w-	c:\program files\OpenVPN
2013-06-04 13:01 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F1283EF-318B-422F-8D51-FF222CC59DF4}\mpengine.dll
2013-06-04 00:03 . 2013-05-09 08:59	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-06-04 00:03 . 2013-05-09 08:59	378432	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-04 00:03 . 2013-05-09 08:59	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-06-04 00:03 . 2013-05-09 08:59	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-06-04 00:03 . 2013-05-09 08:59	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-04 00:03 . 2013-05-09 08:59	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-04 00:03 . 2013-05-09 08:59	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-06-04 00:03 . 2013-05-09 08:59	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-06-04 00:03 . 2013-05-09 08:58	41664	----a-w-	c:\windows\avastSS.scr
2013-06-03 15:35 . 2013-06-03 15:48	--------	d-----w-	c:\users\TEMP
2013-06-03 14:58 . 2013-06-04 00:02	--------	d-----w-	c:\program files\AVAST Software
2013-06-03 14:57 . 2013-06-04 00:02	--------	d-----w-	c:\programdata\AVAST Software
2013-06-03 14:30 . 2013-06-03 14:30	--------	d-----w-	c:\windows\ERUNT
2013-06-03 14:30 . 2013-06-03 15:48	--------	d-----w-	C:\JRT
2013-06-03 14:20 . 2013-06-03 14:29	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-03 13:29 . 2013-06-03 13:29	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-06-03 13:28 . 2013-06-03 13:28	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-03 13:28 . 2013-06-03 13:28	--------	d-----w-	c:\program files (x86)\Java
2013-06-03 13:24 . 2013-06-03 13:24	311200	----a-w-	c:\windows\system32\javaws.exe
2013-06-03 13:24 . 2013-06-03 13:24	188832	----a-w-	c:\windows\system32\javaw.exe
2013-06-03 13:24 . 2013-06-03 13:24	188320	----a-w-	c:\windows\system32\java.exe
2013-06-03 13:24 . 2013-06-03 13:24	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-03 13:24 . 2013-06-03 13:24	--------	d-----w-	c:\program files\Java
2013-06-03 13:21 . 2013-06-03 13:21	--------	d-----w-	c:\users\Denis\AppData\Local\Macromedia
2013-06-03 13:20 . 2013-06-03 13:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-03 13:20 . 2013-06-03 13:20	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-01 16:15 . 2013-06-01 16:15	--------	d-----w-	c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2013-06-01 16:15 . 2013-06-01 16:15	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-01 15:58 . 2013-06-01 16:22	--------	d-----w-	c:\users\Denis\AppData\Roaming\NVIDIA
2013-06-01 15:56 . 2013-06-01 16:15	--------	d-----w-	c:\program files (x86)\Common Files\BioWare
2013-06-01 15:56 . 2013-06-01 16:05	--------	d-----w-	c:\program files (x86)\Mass Effect 2
2013-06-01 15:29 . 2013-06-01 15:46	--------	d-----w-	c:\program files (x86)\Mass Effect Deluxe Edition
2013-05-29 16:37 . 2013-05-29 16:37	--------	d-----w-	c:\users\Denis\AppData\Local\NVIDIA
2013-05-29 16:30 . 2013-06-03 15:49	--------	d-----w-	c:\users\UpdatusUser
2013-05-29 16:29 . 2013-06-05 12:26	--------	d-----w-	c:\programdata\NVIDIA
2013-05-29 16:29 . 2013-05-12 20:34	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-05-29 16:29 . 2013-05-12 20:34	6491936	----a-w-	c:\windows\system32\nvcpl.dll
2013-05-29 16:29 . 2013-05-12 20:34	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-05-29 16:29 . 2013-05-12 20:34	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-05-29 16:29 . 2013-05-12 20:34	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-05-29 16:29 . 2013-05-12 20:34	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-05-29 16:29 . 2013-05-08 14:13	3165737	----a-w-	c:\windows\system32\nvcoproc.bin
2013-05-29 16:28 . 2013-05-29 16:34	--------	d-----w-	c:\programdata\NVIDIA Corporation
2013-05-29 16:28 . 2013-05-29 16:30	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2013-05-29 16:26 . 2013-05-29 16:30	--------	d-----w-	c:\program files\NVIDIA Corporation
2013-05-29 16:26 . 2013-05-29 16:26	--------	d-----w-	C:\NVIDIA
2013-05-29 10:42 . 2013-05-29 10:42	--------	d-----w-	C:\1eb28485d68cce20035c4f7f74a0a7
2013-05-25 16:59 . 2013-05-25 16:59	--------	d-----w-	c:\users\Denis\AppData\Roaming\ATI
2013-05-25 16:59 . 2013-05-25 16:59	--------	d-----w-	c:\users\Denis\AppData\Local\ATI
2013-05-25 16:53 . 2013-05-29 16:11	--------	d-----w-	c:\programdata\AMD
2013-05-16 13:15 . 2013-05-16 13:15	--------	d-----w-	c:\programdata\RELOADED
2013-05-16 12:32 . 2013-05-16 12:32	--------	d-----w-	c:\users\Denis\AppData\Local\4A Games
2013-05-16 12:21 . 2013-05-16 12:21	--------	d-----w-	c:\program files (x86)\4A Games
2013-05-15 12:20 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 12:20 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:20 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 12:19 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 12:19 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 12:19 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 12:19 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 12:19 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 12:19 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 12:19 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 12:19 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 12:19 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-14 19:06 . 2013-05-14 19:06	9195912	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-13 22:55 . 2013-05-13 22:55	--------	d-----w-	c:\program files (x86)\BlueStacks
2013-05-13 22:54 . 2013-05-13 22:55	--------	d-----w-	c:\programdata\BlueStacks
2013-05-12 13:43 . 2013-05-12 13:43	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-05-11 10:37 . 2013-05-11 10:37	209472	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 20:33 . 2013-05-09 20:33	--------	d-----w-	c:\users\Denis\AppData\Roaming\Malwarebytes
2013-05-09 20:33 . 2013-05-09 20:33	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-09 20:33 . 2013-05-09 20:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-09 20:33 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-09 16:59 . 2013-05-09 16:59	--------	d-----w-	c:\users\Denis\AppData\Roaming\Proxifier
2013-05-09 16:59 . 2012-11-22 16:57	76392	----a-w-	c:\windows\system32\PrxerDrv.dll
2013-05-09 16:59 . 2012-11-22 16:57	57448	----a-w-	c:\windows\system32\PrxerNsp.dll
2013-05-09 16:59 . 2012-11-22 16:57	103016	----a-w-	c:\windows\system32\ProxifierShellExt.dll
2013-05-09 16:59 . 2012-11-22 16:57	91240	----a-w-	c:\windows\SysWow64\ProxifierShellExt.dll
2013-05-09 16:59 . 2012-11-22 16:57	70248	----a-w-	c:\windows\SysWow64\PrxerDrv.dll
2013-05-09 16:59 . 2012-11-22 16:57	56424	----a-w-	c:\windows\SysWow64\PrxerNsp.dll
2013-05-09 16:59 . 1997-06-06 13:52	11264	----a-w-	c:\windows\SysWow64\SPORDER.DLL
2013-05-09 16:59 . 2013-05-09 16:59	--------	d-----w-	c:\program files (x86)\Proxifier
2013-05-09 14:51 . 2013-05-09 14:51	--------	d-----w-	c:\users\Denis\AppData\Roaming\LolClient
2013-05-09 14:02 . 2013-05-09 14:02	--------	d-----w-	C:\Riot Games
2013-05-09 13:54 . 2013-05-09 13:54	--------	d-----w-	c:\users\Denis\AppData\Local\Programs
2013-05-09 13:53 . 2013-05-09 13:53	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2013-05-08 17:14 . 2013-05-12 16:54	--------	d-----w-	c:\users\Denis\AppData\Roaming\ICQM
2013-05-08 17:14 . 2013-05-12 17:06	--------	d-----w-	c:\users\Denis\AppData\Roaming\ICQ-Profile
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-03 13:28 . 2012-07-25 17:14	866720	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-06-03 13:28 . 2012-03-06 16:57	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-03 13:24 . 2013-01-04 16:36	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-03 13:24 . 2012-03-05 18:00	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-05-16 01:07 . 2012-03-05 13:35	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-09 08:58 . 2013-01-04 16:10	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2012-03-05 13:53	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 12:20	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:20	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:20	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:20	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:20	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:20	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:56	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-04 14:24 . 2013-04-04 14:24	66728	----a-w-	c:\windows\system32\drivers\vrtaucbl.sys
2013-03-29 02:37 . 2013-03-29 02:37	78432	----a-w-	c:\windows\system32\atimpc64.dll
2013-03-29 02:37 . 2013-03-29 02:37	78432	----a-w-	c:\windows\system32\amdpcom64.dll
2013-03-29 02:37 . 2013-03-29 02:37	71704	----a-w-	c:\windows\SysWow64\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37	71704	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2013-03-29 02:37 . 2013-03-29 02:37	139696	----a-w-	c:\windows\system32\atiuxp64.dll
2013-03-29 02:37 . 2013-03-29 02:37	92304	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2013-03-29 02:37 . 2013-03-29 02:37	118584	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2013-03-29 02:37 . 2013-03-29 02:37	112440	----a-w-	c:\windows\system32\atiu9p64.dll
2013-03-29 02:37 . 2013-03-29 02:37	1155264	----a-w-	c:\windows\system32\aticfx64.dll
2013-03-29 02:37 . 2013-03-29 02:37	970912	----a-w-	c:\windows\SysWow64\aticfx32.dll
2013-03-29 02:36 . 2013-03-29 02:36	8272136	----a-w-	c:\windows\system32\atidxx64.dll
2013-03-29 02:36 . 2013-03-29 02:36	7233336	----a-w-	c:\windows\SysWow64\atidxx32.dll
2013-03-29 02:36 . 2013-03-29 02:36	4450264	----a-w-	c:\windows\SysWow64\atiumdva.dll
2013-03-29 02:36 . 2013-03-29 02:36	5944264	----a-w-	c:\windows\SysWow64\atiumdag.dll
2013-03-29 02:36 . 2013-03-29 02:36	5000320	----a-w-	c:\windows\system32\atiumd6a.dll
2013-03-29 02:36 . 2013-03-29 02:36	6985624	----a-w-	c:\windows\system32\atiumd64.dll
2013-03-29 02:35 . 2013-03-29 02:35	11658752	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13	222720	----a-w-	c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13	798734	----a-w-	c:\windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13	1187342	----a-w-	c:\windows\system32\amdocl_as64.exe
2013-03-29 02:13 . 2013-03-29 02:13	1061902	----a-w-	c:\windows\system32\amdocl_ld64.exe
2013-03-29 02:13 . 2013-03-29 02:13	995342	----a-w-	c:\windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13	76288	----a-w-	c:\windows\system32\OpenVideo64.dll
2013-03-29 02:13 . 2013-03-29 02:13	65536	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2013-03-29 02:13 . 2013-03-29 02:13	64000	----a-w-	c:\windows\system32\OVDecode64.dll
2013-03-29 02:12 . 2013-03-29 02:12	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2013-03-29 02:12 . 2013-03-29 02:12	29150720	----a-w-	c:\windows\system32\amdocl64.dll
2013-03-29 02:10 . 2013-03-29 02:10	23810560	----a-w-	c:\windows\SysWow64\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09	54784	----a-w-	c:\windows\system32\OpenCL.dll
2013-03-29 02:09 . 2013-03-29 02:09	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-03-29 02:04 . 2013-03-29 02:04	24229376	----a-w-	c:\windows\system32\atio6axx.dll
2013-03-29 02:00 . 2013-03-29 02:00	76800	----a-w-	c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2013-03-29 01:55 . 2013-03-29 01:55	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2013-03-29 01:55 . 2013-03-29 01:55	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2013-03-29 01:55 . 2013-03-29 01:55	16082944	----a-w-	c:\windows\system32\aticaldd64.dll
2013-03-29 01:51 . 2013-03-29 01:51	13703168	----a-w-	c:\windows\SysWow64\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48	19870720	----a-w-	c:\windows\SysWow64\atioglxx.dll
2013-03-29 01:35 . 2013-03-29 01:35	442368	----a-w-	c:\windows\system32\atidemgy.dll
2013-03-29 01:35 . 2013-03-29 01:35	562688	----a-w-	c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34	241152	----a-w-	c:\windows\system32\atiesrxx.exe
2013-03-29 01:33 . 2013-03-29 01:33	120320	----a-w-	c:\windows\system32\atitmm64.dll
2013-03-29 01:32 . 2013-03-29 01:32	26112	----a-w-	c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32	59392	----a-w-	c:\windows\system32\atiedu64.dll
2013-03-29 01:32 . 2013-03-29 01:32	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2013-03-29 01:10 . 2013-03-29 01:10	636416	----a-w-	c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2013-03-29 01:10	430080	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2013-03-29 01:10 . 2013-03-29 01:10	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2013-03-29 01:10 . 2013-03-29 01:10	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10	44032	----a-w-	c:\windows\system32\atig6txx.dll
2013-03-29 01:09 . 2013-03-29 01:09	34816	----a-w-	c:\windows\SysWow64\atigktxx.dll
2013-03-29 01:09 . 2013-03-29 01:09	581120	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2013-03-19 06:04 . 2013-04-10 10:34	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:34	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:34	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:34	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:34	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:34	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Denis\AppData\Local\Temp\005968C.tmp;c:\users\Denis\AppData\Local\Temp\005968C.tmp [x]
R3 X6va006;X6va006;c:\users\Denis\AppData\Local\Temp\00620D0.tmp;c:\users\Denis\AppData\Local\Temp\00620D0.tmp [x]
R3 X6va007;X6va007;c:\users\Denis\AppData\Local\Temp\0077A02.tmp;c:\users\Denis\AppData\Local\Temp\0077A02.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-03 13:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB76360F-7D88-4F9D-9EDF-CB77F20DF522}: NameServer = 62.109.123.7 213.191.92.86
FF - ProfilePath - c:\users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-06 14:57; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-06-02 20:04; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-06-03 16:58; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Denis\AppData\Local\Temp\005968C.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Denis\AppData\Local\Temp\00620D0.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\Denis\AppData\Local\Temp\0077A02.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2299862485-1551427501-193667731-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b7,51,61,ee,ef,84,b3,b7,68,a5,aa,2a,fa,70,39,a1,a0,7c,e1,b2,20,31,4c,
   ab,eb,43,3c,c4,53,ac,e5,82,6e,3d,4c,96,19,84,28,ae,2f,04,f0,fd,6c,a4,af,2e,\
"??"=hex:a2,4d,f1,8a,e6,4c,db,5a,08,6e,17,00,4d,3c,1c,e0
.
[HKEY_USERS\S-1-5-21-2299862485-1551427501-193667731-1001\Software\SecuROM\License information*]
"datasecu"=hex:90,01,9b,14,96,bf,88,8d,b7,19,b5,c1,21,33,c4,96,cc,52,f2,70,94,
   54,f4,0b,52,6f,2d,4c,9d,b6,85,82,53,25,d5,cc,86,35,dc,67,93,de,1e,5d,06,72,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-05  16:58:07
ComboFix-quarantined-files.txt  2013-06-05 14:58
.
Vor Suchlauf: 18 Verzeichnis(se), 321.200.521.216 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 321.138.970.624 Bytes frei
.
- - End Of File - - DDB8F4037DFCA8EED8D7F1ED0A710341
         


Alt 05.06.2013, 19:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches OTL log bitte.
__________________
--> Virus mit Combofix entfernt

Alt 06.06.2013, 01:15   #7
c.l.s
 
Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



AdwCleaner :

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 05/06/2013 um 21:19:24 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Denis - DENIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Denis\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\foxydeal.sqlite

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\2lofht7a.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1266 octets] - [03/06/2013 16:33:22]
AdwCleaner[R2].txt - [1326 octets] - [03/06/2013 16:33:32]
AdwCleaner[S1].txt - [1388 octets] - [03/06/2013 16:33:40]
AdwCleaner[S2].txt - [1010 octets] - [05/06/2013 21:19:24]

########## EOF - C:\AdwCleaner[S2].txt - [1070 octets] ##########
         

Junkware Removal Tool :

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Denis on 05.06.2013 at 21:24:57,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.2013 at 21:28:04,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

ESET Online Scanner :

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e9e848de0a4f384288f6031f11f9a2ed
# engine=14007
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-05 10:00:12
# local_time=2013-06-06 12:00:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 0 147179484 0 0
# compatibility_mode=5893 16776573 100 94 9610 122099462 0 0
# scanned=215888
# found=0
# cleaned=0
# scan_time=8918
         

SecurityCheck :

Geht nicht kommt Folgende Fehlermeldung :
Code:
ATTFilter
UNSUPPORTED OPERATING SYSTEM! ABORTED!
         

OTL :

Code:
ATTFilter
OTL logfile created on: 06.06.2013 02:10:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 64,94% Memory free
8,00 Gb Paging File | 6,64 Gb Available in Paging File | 83,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 295,66 Gb Free Space | 49,60% Space Free | Partition Type: NTFS
 
Computer Name: DENIS-PC | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.04 15:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.16 16:38:28 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.19 10:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.09.24 17:56:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.06.03 15:20:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.03 13:57:36 | 000,034,528 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2013.05.24 01:47:25 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.19 10:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013.04.19 10:49:20 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.17 22:17:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.09.24 17:56:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.04 16:24:45 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.02.08 16:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012.10.11 05:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012.10.11 05:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2013.04.19 10:49:34 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 2206731
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 7C 27 A8 90 C2 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DCD039D7-0E3E-42A2-8370-E397BF16075A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.01 02:21:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.04 02:03:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 01:47:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 01:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 01:47:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 01:47:21 | 000,000,000 | ---D | M]
 
[2012.09.14 00:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Extensions
[2013.06.02 20:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions
[2013.06.02 20:04:14 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012.10.13 01:46:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.04.05 15:45:03 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\ich@maltegoetz.de
[2012.12.11 18:52:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.22 23:57:30 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.05.09 15:07:43 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.23 17:42:08 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.05.24 01:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 01:47:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.05 16:56:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0234AE72-6B48-4D8E-8636-17A2B0A7D4A5}: DhcpNameServer = 172.16.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB76360F-7D88-4F9D-9EDF-CB77F20DF522}: NameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE40D8B8-E047-43B4-882C-E9077F359F2E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.05 21:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.06.05 21:21:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.05 16:58:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.05 16:51:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.05 16:50:01 | 005,077,996 | R--- | C] (Swearware) -- C:\Users\Denis\Desktop\ComboFix.exe
[2013.06.04 21:41:18 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.04 20:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.06.04 20:45:45 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.06.04 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\YaTQA
[2013.06.04 20:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YaTQA
[2013.06.04 17:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
[2013.06.04 17:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2013.06.04 17:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2013.06.04 17:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2013.06.04 15:18:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
[2013.06.04 02:03:44 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.06.04 02:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.04 02:03:42 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.04 02:03:38 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.06.04 02:03:35 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.06.04 02:03:33 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.04 02:03:26 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.06.04 02:03:03 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.03 16:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.03 16:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.03 16:30:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.03 16:30:10 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.03 16:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.03 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.03 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.03 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Macromedia
[2013.06.03 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Macromedia
[2013.06.01 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.01 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2013.06.01 18:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2013.06.01 17:58:57 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\NVIDIA
[2013.06.01 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2
[2013.06.01 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013.06.01 17:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect Deluxe Edition
[2013.06.01 17:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect Deluxe Edition
[2013.06.01 17:29:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\BioWare
[2013.05.29 18:37:32 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\NVIDIA
[2013.05.29 18:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.05.29 18:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.05.29 18:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.05.29 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.05.29 18:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.05.29 18:26:06 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.05.29 12:42:10 | 000,000,000 | ---D | C] -- C:\1eb28485d68cce20035c4f7f74a0a7
[2013.05.25 18:59:48 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ATI
[2013.05.25 18:59:48 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\ATI
[2013.05.25 18:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.05.24 01:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.16 15:21:24 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\4A Games
[2013.05.16 15:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013.05.16 14:32:45 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\4A Games
[2013.05.16 14:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4A Games
[2013.05.16 14:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4A Games
[2013.05.14 00:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013.05.14 00:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2013.05.14 00:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013.05.14 00:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013.05.12 18:54:15 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.05.09 22:33:51 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Malwarebytes
[2013.05.09 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.09 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.09 22:33:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.09 22:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.09 19:18:27 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\##
[2013.05.09 18:59:29 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Proxifier
[2013.05.09 18:59:13 | 000,103,016 | ---- | C] (Initex) -- C:\Windows\SysNative\ProxifierShellExt.dll
[2013.05.09 18:59:13 | 000,091,240 | ---- | C] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll
[2013.05.09 18:59:13 | 000,076,392 | ---- | C] (Initex) -- C:\Windows\SysNative\PrxerDrv.dll
[2013.05.09 18:59:13 | 000,070,248 | ---- | C] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll
[2013.05.09 18:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier
[2013.05.09 18:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier
[2013.05.09 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\LolClient
[2013.05.09 16:02:45 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.05.09 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Programs
[2013.05.09 15:53:56 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.05.08 19:14:38 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ICQM
[2013.05.08 19:14:29 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ICQ-Profile
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.06 02:10:04 | 000,018,525 | ---- | M] () -- C:\Users\Denis\Desktop\OpenDocument Text (neu).odt
[2013.06.06 01:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.05 21:29:00 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 21:29:00 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 21:21:03 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.06.05 21:20:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.05 21:20:34 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 17:51:51 | 005,799,968 | ---- | M] () -- C:\Users\Denis\Desktop\David Guetta - Play Hard (Official Video) ft. Ne-Yo, Akon.MP3
[2013.06.05 16:56:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.05 16:50:19 | 005,077,996 | R--- | M] (Swearware) -- C:\Users\Denis\Desktop\ComboFix.exe
[2013.06.04 15:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe
[2013.06.04 15:12:14 | 000,000,000 | ---- | M] () -- C:\Users\Denis\defogger_reenable
[2013.06.04 15:11:52 | 000,050,477 | ---- | M] () -- C:\Users\Denis\Desktop\Defogger.exe
[2013.06.04 14:38:04 | 004,882,130 | ---- | M] () -- C:\Users\Denis\Desktop\Ardian ft DJ Dalool - Penthouse (Official Video HD).MP3
[2013.06.04 14:37:36 | 005,193,718 | ---- | M] () -- C:\Users\Denis\Desktop\Andy B. Jones feat. Ardian Bujupi - Make You Mine (Official Video).MP3
[2013.06.04 02:03:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.03 23:02:14 | 005,909,056 | ---- | M] () -- C:\Users\Denis\Desktop\Macklemore - And We Danced (Lyrics).MP3
[2013.05.16 18:24:11 | 000,000,000 | ---- | M] () -- C:\Users\Denis\Documents\ts3_clientui-win64-1365064384-2013-05-16 18_24_11.946689.dmp
[2013.05.16 13:49:23 | 000,295,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 03:04:31 | 001,634,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 03:04:31 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 03:04:31 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 03:04:31 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 03:04:31 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.05.08 16:13:10 | 003,165,737 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.06 02:09:45 | 000,018,525 | ---- | C] () -- C:\Users\Denis\Desktop\OpenDocument Text (neu).odt
[2013.06.05 17:51:41 | 005,799,968 | ---- | C] () -- C:\Users\Denis\Desktop\David Guetta - Play Hard (Official Video) ft. Ne-Yo, Akon.MP3
[2013.06.04 20:13:28 | 000,000,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YaTQA.lnk
[2013.06.04 15:12:14 | 000,000,000 | ---- | C] () -- C:\Users\Denis\defogger_reenable
[2013.06.04 15:11:52 | 000,050,477 | ---- | C] () -- C:\Users\Denis\Desktop\Defogger.exe
[2013.06.04 14:37:50 | 004,882,130 | ---- | C] () -- C:\Users\Denis\Desktop\Ardian ft DJ Dalool - Penthouse (Official Video HD).MP3
[2013.06.04 14:37:22 | 005,193,718 | ---- | C] () -- C:\Users\Denis\Desktop\Andy B. Jones feat. Ardian Bujupi - Make You Mine (Official Video).MP3
[2013.06.04 02:03:30 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.04 02:03:27 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.06.03 23:00:51 | 005,909,056 | ---- | C] () -- C:\Users\Denis\Desktop\Macklemore - And We Danced (Lyrics).MP3
[2013.06.03 15:20:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 18:29:01 | 003,165,737 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.05.29 18:27:18 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.16 18:24:11 | 000,000,000 | ---- | C] () -- C:\Users\Denis\Documents\ts3_clientui-win64-1365064384-2013-05-16 18_24_11.946689.dmp
[2013.05.09 18:59:13 | 000,057,448 | ---- | C] () -- C:\Windows\SysNative\PrxerNsp.dll
[2013.05.09 18:59:13 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.03.14 01:41:41 | 000,007,597 | ---- | C] () -- C:\Users\Denis\AppData\Local\resmon.resmoncfg
[2013.02.10 03:24:50 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.12 03:15:39 | 001,382,400 | ---- | C] () -- C:\Windows\Data.dll
[2013.01.04 16:50:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.04 16:50:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.04 16:50:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.04 16:50:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.04 16:50:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 21:15:02 | 000,000,600 | ---- | C] () -- C:\Users\Denis\AppData\Local\PUTTY.RND
[2012.09.24 17:49:19 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.24 17:47:27 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.24 17:47:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.24 17:47:24 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.06.19 21:37:54 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.27 03:24:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.03.05 15:18:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.01 18:30:15 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\.minecraft
[2012.09.08 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.05.12 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\ICQ-Profile
[2013.05.12 18:54:07 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\ICQM
[2013.05.09 16:51:52 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\LolClient
[2013.06.06 02:04:12 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Notepad++
[2012.03.23 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\OpenOffice.org
[2013.05.09 18:59:29 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Proxifier
[2012.03.14 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\TeamViewer
[2013.06.06 02:10:20 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\TS3Client
[2013.06.04 20:13:29 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\YaTQA
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1242 bytes -> C:\ProgramData\Microsoft:banxbnFvkkBs7wunEVwRr5ddI
@Alternate Data Stream - 1212 bytes -> C:\Users\Denis\AppData\Local\Temp:ae5QBLgj7rLfvZEH64ORuBid
@Alternate Data Stream - 1157 bytes -> C:\ProgramData\Microsoft:IDLRUQrUamcIRmDfrWxjKGR

< End of report >
         

Alt 06.06.2013, 08:59   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.06.2013, 13:34   #9
c.l.s
 
Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Nein keine mehr, danke

Alt 06.06.2013, 13:44   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.06.2013, 14:07   #11
c.l.s
 
Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



hey

bei mir löscht sich Combofix nicht wenn ich das so mache wie angeben scant der mein system nochmal

Alt 06.06.2013, 14:31   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Hast Du /Uninstall richtig eingegeben? Rechtsklick auf Combofix > Umbenennen > Uninstall > Enter.

Doppelklick auf die Uninstall.exe, dann weiter im Text
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.06.2013, 14:36   #13
c.l.s
 
Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Zitat:
Zitat von schrauber Beitrag anzeigen
Hast Du /Uninstall richtig eingegeben? Rechtsklick auf Combofix > Umbenennen > Uninstall > Enter.

Doppelklick auf die Uninstall.exe, dann weiter im Text
yo genau so gemacht trotzdem scant er mein System dann, aber delfix hat combofix jetzt entfernt

Alt 06.06.2013, 14:49   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Alles klar.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.06.2013, 15:16   #15
c.l.s
 
Virus mit Combofix entfernt - Standard

Virus mit Combofix entfernt



Guck mal könnte ich davon irgendwas deaktivieren ?


Antwort

Themen zu Virus mit Combofix entfernt
adobe reader xi, antivirus, aswrvrt.sys, bho, bluestacks, combofix, converter, ebay, error, eset nod32, firefox, flash player, grand theft auto, helper, home, iexplore.exe, install.exe, internet langsam, langsam, logfile, mozilla, mp3, nodrives, realtek, registry, scan, security, software, svchost.exe, teamspeak, virus, windows



Ähnliche Themen: Virus mit Combofix entfernt


  1. 337 Games Virus entfernt
    Log-Analyse und Auswertung - 19.09.2014 (7)
  2. avira virus-fund -> COMBOFIX + OLT+MBAM
    Log-Analyse und Auswertung - 24.11.2013 (4)
  3. QS06 Virus entfernt?
    Log-Analyse und Auswertung - 19.10.2013 (5)
  4. Verdacht auf Virus ( Versucht ihn alleine los zu werden mit Combofix )
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (1)
  5. BKA Virus entfernt - OTL Logfile
    Log-Analyse und Auswertung - 05.03.2013 (15)
  6. GVU Virus, Combofix geht nicht
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (7)
  7. Hab ich diesen Virus nun entfernt?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (2)
  8. w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen
    Log-Analyse und Auswertung - 20.11.2011 (24)
  9. mscj2.exe erfolgreich entfernt mit Combofix ?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2011 (1)
  10. Gomeo Virus oder User dummheit durch ComboFix ? Windows startet nur Systemstartreperatur!
    Plagegeister aller Art und deren Bekämpfung - 30.06.2011 (1)
  11. Microsoft Recovery Virus - Virus entfernt, aber Daten bleiben "unsichtbar"
    Log-Analyse und Auswertung - 28.04.2011 (5)
  12. Virus/Trojaner legt Combofix lahm? Nur noch abgesicherter Modus!
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (8)
  13. Facebook Virus bei MSN mit Combofix bekämpfen aber CF stürzt immer ab
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (1)
  14. ICQ-Virus entfernt?
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (21)
  15. Virus vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2010 (1)
  16. Virus entfernt vollständig?
    Plagegeister aller Art und deren Bekämpfung - 21.10.2009 (6)
  17. Gaopdx Virus trotr combofix
    Plagegeister aller Art und deren Bekämpfung - 25.03.2009 (4)

Zum Thema Virus mit Combofix entfernt - Hey, hatte den Verdacht auf einen Virus da mein Internet langsam wurde und Firefox immer öfter gehangen hat oder es einfach ewig brauchte um etwas zu öffnen. Habe mir dann - Virus mit Combofix entfernt...
Archiv
Du betrachtest: Virus mit Combofix entfernt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.