Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows7: Vermutung auf Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.12.2013, 16:39   #1
HarryYoung
 
Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



Hallo,

ich habe versucht meinen Browser schneller zu machen, weil der ewig braucht um links zu öffnen und wurde darauf hingewiesen ich sollte mal maleware über meinen PC laufen lassen. Dabei hat er ein paar dateien gefunden die ich daraufhin gelöscht habe. Das ist der Bericht dazu

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.15.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Harald :: HARALD-PC [Administrator]

15/12/2013 15:50:28
mbam-log-2013-12-15 (15-50-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 453451
Laufzeit: 1 Stunde(n), 39 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} (PUP.Optional.BearshareTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{1A42EA66-2898-4e93-8128-D9A450B27D1D} (PUP.Optional.BearshareTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{F0CF944C-F160-4F65-8F0A-2773322FF357} (PUP.Optional.BearshareTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{B8921CEC-8837-404A-B4C8-4DA63EF33C06} (PUP.Optional.BearshareTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\BearShareIEHelper.DNSGuard (PUP.Optional.BearshareTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\BearShareIEHelper.DNSGuard.1 (PUP.Optional.BearshareTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Daten: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Harald\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr.A) -> Daten: C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\DATAMN~1.EXE -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BearshareTB.A) -> Bösartig: (C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\IEBHO.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\IEBHO.dll (PUP.Optional.BearshareTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BittorrentBar_DE\BittorrentBar_DEToolbarHelper1.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Harald\AppData\Local\Conduit\CT2849855\BittorrentBar_DEAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Harald\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> Löschen bei Neustart.

(Ende)
         

Alt 15.12.2013, 17:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 20.12.2013, 15:54   #3
HarryYoung
 
Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



Hey,

danke schon mal das du mir hilfst

Der erste Report:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Harald (administrator) on HARALD-PC on 20-12-2013 16:48:49
Running from C:\Users\Harald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(PTC) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
() C:\Program Files\Novell\Client\nwtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Harald\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(X-LEGEND  ENTERTAINMENT) C:\AeriaGames\EdenEternal-DE\_Launcher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [lxebmon.exe] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [766632 2009-04-28] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [139944 2009-04-28] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NWTRAY] - C:\Program Files\Novell\Client\nwtray.exe [40632 2013-05-29] ()
HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\Harald\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-06] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)
HKCU\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Harald\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
MountPoints2: {19c53c27-bfa3-11e1-8335-5404a6203c7a} - "F:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [370 2013-12-20] ()
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NuTCSetupEnviron] - C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37160 2009-11-23] (MKS Software Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
AppInit_DLLs: C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\x64\IEBHO.dll [1528792 2012-09-25] (MusicLab, LLC)
AppInit_DLLs-x32: C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\datamngr.dll  C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 ncv1_0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.net
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: HKLM-x32 - BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll (Conduit Ltd.)
URLSearchHook: HKCU - BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=7512447074654922&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=7512447074654922&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=7512447074654922&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=7512447074654922&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=7512447074654922&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=7512447074654922&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\x64\BrowserConnection.dll (MusicLab, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll (Conduit Ltd.)
BHO-x32: Search-Results Toolbar - {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\BrowserConnection.dll (MusicLab, LLC)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Search-Results Toolbar - {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKCU - No Name - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 20 C:\Windows\SysWOW64\nutafun4.dll [164144] (MKS Software Inc.)
Winsock: Catalog9 21 C:\Windows\SysWOW64\nutafun4.dll [164144] (MKS Software Inc.)
Winsock: Catalog9-x64 20 %SystemRoot%\system32\nutafun4.dll [205024] (MKS Software Inc.)
Winsock: Catalog9-x64 21 %SystemRoot%\system32\nutafun4.dll [205024] (MKS Software Inc.)
Tcpip\..\Interfaces\{42EE4C1F-F36E-4055-98C0-4A37510B2F2A}: [NameServer]212.18.3.5 212.18.0.5
Tcpip\..\Interfaces\{A99B3AC1-DA36-4066-972D-95A1CC2DA9B3}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default
FF Homepage: hxxp://search.bearshare.net
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&apn_uid=7512447074654922&o=APN10641&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Games\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: Search-Results Toolbar - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{6e47d688-85ec-465a-9946-ec58220f14fc}
FF Extension: SaveIt - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\50ce08efddbb3@50ce08efddbec.com.xpi
FF Extension: {17e828e2-1258-4214-82e8-9aad3e2ac3ca} - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{17e828e2-1258-4214-82e8-9aad3e2ac3ca}.xpi
FF Extension: No Name - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: Video DivX Manager Light - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{7176597c-af68-4d9f-9f89-d4c3501b667d}.xpi
FF Extension: Adblock Plus - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\Harald\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx

==================== Services (Whitelisted) =================

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 cusrvc; C:\Program Files\Novell\Client\cusrvc.exe [109240 2013-05-29] ()
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [33960 2009-04-24] (Lexmark International, Inc.)
S2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1032360 2009-04-24] ( )
S2 lxeb_device; C:\Windows\SysWow64\lxebcoms.exe [602792 2009-04-24] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [563424 2009-11-10] (MKS Software Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-11-09] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-11-09] ()
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [676864 2013-05-01] (PTC)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [21176 2013-05-29] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [113336 2013-05-29] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [115896 2013-05-29] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [91320 2013-05-29] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [121016 2013-05-29] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [27320 2013-05-29] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [32952 2013-05-29] (Novell, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [82616 2013-05-29] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [81080 2013-05-29] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [50360 2013-05-29] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [20664 2013-05-29] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [84664 2013-05-29] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [40120 2013-05-29] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [57016 2013-05-29] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [38584 2013-05-29] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [26296 2013-05-29] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [37048 2013-05-29] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [60600 2013-05-29] (Novell, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 sj; \??\C:\AeriaGames\EdenEternal\sjcs64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-07-17 01:25 - 2099-07-17 01:25 - 00000000 ____D C:\Users\Harald\AppData\Roaming\WinRAR
2099-07-17 01:25 - 2012-07-17 12:48 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-12-20 16:48 - 2013-12-20 16:49 - 00025993 _____ C:\Users\Harald\Desktop\FRST.txt
2013-12-20 16:47 - 2013-12-20 16:47 - 02193141 _____ (Farbar) C:\Users\Harald\Desktop\FRST64.exe
2013-12-20 16:47 - 2013-12-20 16:47 - 00000000 ____D C:\FRST
2013-12-20 15:08 - 2013-12-20 15:08 - 00286632 _____ C:\Windows\Minidump\122013-23587-01.dmp
2013-12-19 18:10 - 2013-12-19 18:10 - 00286648 _____ C:\Windows\Minidump\121913-23290-01.dmp
2013-12-15 16:05 - 2013-12-20 15:08 - 00003376 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-15 15:49 - 2013-12-15 15:49 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Malwarebytes
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 15:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-15 15:46 - 2013-12-15 15:46 - 00614784 _____ C:\Users\Harald\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-12-12 20:56 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 20:56 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 20:56 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 20:56 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 20:55 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 20:55 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 20:55 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 20:55 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 20:55 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 20:55 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 20:55 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 20:55 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 20:55 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 20:55 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 20:55 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 20:55 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 20:55 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 20:55 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 20:55 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 20:55 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 20:55 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 20:55 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 20:55 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 20:55 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 20:55 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 20:55 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 20:55 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 20:55 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 20:55 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 20:55 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 20:55 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 20:55 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 20:55 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 20:55 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 20:55 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 00:29 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 00:29 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 00:29 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 00:29 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 00:29 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 00:29 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 00:29 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 00:29 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 00:29 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 00:29 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 00:29 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 00:29 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 00:29 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 00:29 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 00:29 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 00:29 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 00:29 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 00:29 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 00:29 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 01:27 - 2013-12-11 01:27 - 00002829 _____ C:\Users\Public\Desktop\WinShutdown.exe.lnk
2013-12-11 01:27 - 2013-12-11 01:27 - 00000000 ____D C:\Program Files (x86)\E3MC Clan
2013-12-11 01:25 - 2013-12-11 01:25 - 05212514 _____ (E3MC Clan              ) C:\Users\Harald\Downloads\WinShutdown_5.7_Full.exe
2013-12-10 21:54 - 2013-12-10 21:54 - 00286632 _____ C:\Windows\Minidump\121013-21434-01.dmp
2013-12-07 19:05 - 2013-12-07 19:19 - 00000000 ____D C:\Users\Harald\AppData\Local\PAYDAY 2
2013-12-06 01:09 - 2013-12-06 01:09 - 00286632 _____ C:\Windows\Minidump\120613-18891-01.dmp
2013-12-01 14:40 - 2013-12-01 14:40 - 00286632 _____ C:\Windows\Minidump\120113-25287-01.dmp
2013-11-30 17:28 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-30 17:24 - 2013-11-30 17:24 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-30 17:23 - 2013-11-30 17:28 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-28 00:43 - 2013-11-28 00:43 - 00286632 _____ C:\Windows\Minidump\112813-21247-01.dmp

==================== One Month Modified Files and Folders =======

2099-07-17 01:25 - 2099-07-17 01:25 - 00000000 ____D C:\Users\Harald\AppData\Roaming\WinRAR
2013-12-20 16:49 - 2013-12-20 16:48 - 00025993 _____ C:\Users\Harald\Desktop\FRST.txt
2013-12-20 16:48 - 2012-01-22 17:37 - 01277328 _____ C:\ProgramData\lxeb.log
2013-12-20 16:48 - 2012-01-22 17:30 - 05122171 _____ C:\ProgramData\lxebscan.log
2013-12-20 16:47 - 2013-12-20 16:47 - 02193141 _____ (Farbar) C:\Users\Harald\Desktop\FRST64.exe
2013-12-20 16:47 - 2013-12-20 16:47 - 00000000 ____D C:\FRST
2013-12-20 16:44 - 2013-11-03 23:50 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Spotify
2013-12-20 16:43 - 2011-12-14 23:06 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Skype
2013-12-20 16:18 - 2012-08-28 23:18 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 15:59 - 2012-04-02 10:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 15:51 - 2011-12-30 14:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-20 15:16 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 15:16 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 15:15 - 2011-10-12 23:53 - 01815824 _____ C:\Windows\WindowsUpdate.log
2013-12-20 15:10 - 2013-11-03 23:51 - 00000000 ____D C:\Users\Harald\AppData\Local\Spotify
2013-12-20 15:09 - 2011-12-14 22:42 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-12-20 15:08 - 2013-12-20 15:08 - 00286632 _____ C:\Windows\Minidump\122013-23587-01.dmp
2013-12-20 15:08 - 2013-12-15 16:05 - 00003376 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-20 15:08 - 2013-11-08 18:11 - 405587437 _____ C:\Windows\MEMORY.DMP
2013-12-20 15:08 - 2012-11-02 14:59 - 00000000 ____D C:\Windows\Minidump
2013-12-20 15:08 - 2012-08-28 23:18 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 15:08 - 2012-01-03 14:00 - 00128651 _____ C:\Windows\setupact.log
2013-12-20 15:08 - 2011-04-13 02:39 - 00822094 _____ C:\Windows\PFRO.log
2013-12-20 15:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 04:49 - 2011-02-19 05:24 - 00708510 _____ C:\Windows\system32\perfh007.dat
2013-12-20 04:49 - 2011-02-19 05:24 - 00152114 _____ C:\Windows\system32\perfc007.dat
2013-12-20 04:49 - 2009-07-14 06:13 - 01644172 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 18:10 - 2013-12-19 18:10 - 00286648 _____ C:\Windows\Minidump\121913-23290-01.dmp
2013-12-18 23:46 - 2013-08-12 18:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 23:46 - 2013-08-12 18:07 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 23:46 - 2013-08-12 18:07 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-15 17:43 - 2011-10-13 00:04 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-15 17:43 - 2011-10-13 00:04 - 00000000 ____D C:\Windows\system32\NV
2013-12-15 17:31 - 2012-05-23 12:16 - 00000000 ____D C:\Program Files (x86)\BittorrentBar_DE
2013-12-15 16:13 - 2013-07-13 21:56 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 16:09 - 2011-12-16 13:52 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 16:05 - 2012-05-23 12:16 - 00000000 ____D C:\Users\Harald\AppData\Local\Conduit
2013-12-15 15:49 - 2013-12-15 15:49 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Malwarebytes
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 15:46 - 2013-12-15 15:46 - 00614784 _____ C:\Users\Harald\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-12-13 20:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 22:20 - 2011-04-13 03:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 21:21 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 21:19 - 2009-07-14 05:45 - 00438416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 20:56 - 2012-02-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 02:00 - 2012-04-02 10:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 02:00 - 2012-04-02 10:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 02:00 - 2011-12-22 22:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 01:27 - 2013-12-11 01:27 - 00002829 _____ C:\Users\Public\Desktop\WinShutdown.exe.lnk
2013-12-11 01:27 - 2013-12-11 01:27 - 00000000 ____D C:\Program Files (x86)\E3MC Clan
2013-12-11 01:27 - 2011-12-14 22:42 - 00115824 _____ C:\Users\Harald\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-11 01:25 - 2013-12-11 01:25 - 05212514 _____ (E3MC Clan              ) C:\Users\Harald\Downloads\WinShutdown_5.7_Full.exe
2013-12-10 21:54 - 2013-12-10 21:54 - 00286632 _____ C:\Windows\Minidump\121013-21434-01.dmp
2013-12-09 11:13 - 2012-08-28 23:18 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-09 11:13 - 2012-08-28 23:18 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-07 19:19 - 2013-12-07 19:05 - 00000000 ____D C:\Users\Harald\AppData\Local\PAYDAY 2
2013-12-07 19:04 - 2011-04-13 03:35 - 00742303 _____ C:\Windows\DirectX.log
2013-12-06 01:09 - 2013-12-06 01:09 - 00286632 _____ C:\Windows\Minidump\120613-18891-01.dmp
2013-12-01 14:42 - 2011-12-14 22:42 - 00001423 _____ C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-01 14:40 - 2013-12-01 14:40 - 00286632 _____ C:\Windows\Minidump\120113-25287-01.dmp
2013-12-01 06:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-30 17:28 - 2013-11-30 17:23 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-30 17:24 - 2013-11-30 17:24 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-28 00:59 - 2013-08-12 18:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-28 00:43 - 2013-11-28 00:43 - 00286632 _____ C:\Windows\Minidump\112813-21247-01.dmp
2013-11-26 12:54 - 2013-12-12 20:55 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-12 20:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-12 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-12 20:55 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-12 20:55 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-12 20:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-12 20:55 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-12 20:55 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-12 20:55 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-12 20:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-12 20:55 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-12 20:55 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-12 20:55 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-12 20:55 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-12 20:55 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-12 20:55 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-12 20:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-12 20:55 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-12 20:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-12 20:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-12 20:55 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-12 20:55 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-12 20:55 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-12 20:55 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-12 20:55 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-12 20:55 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-12 20:55 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-12 20:55 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-12 20:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-12 20:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-12 20:55 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 19:26 - 2013-12-12 00:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-12 00:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4111095060-361586574-1343919878-1002\$80aa28bd953b0d79ac5259b01480de54

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54

Some content of TEMP:
====================
C:\Users\Harald\AppData\Local\Temp\avgnt.exe
C:\Users\Harald\AppData\Local\Temp\ose00000.exe
C:\Users\Harald\AppData\Local\Temp\rootsupd.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-11 00:23

==================== End Of Log ============================
         
--- --- ---


Und jetzt der Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2013 02
Ran by Harald at 2013-12-20 16:49:45
Running from C:\Users\Harald\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.2146.41621)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Aeria Ignite (x32 Version: 1.13.3296)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface (x32)
ANNO 2070 (x32 Version: 1.0.0.0)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0)
ASUS AI Recovery (x32 Version: 1.0.13)
ASUS Live Update (x32 Version: 3.0.6)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0030)
ASUS Virtual Camera (x32 Version: 1.0.21)
ASUS WebStorage (x32 Version: 3.0.84.161)
AsusVibe2.0 (x32 Version: 2.0.4.617)
ATK Package (x32 Version: 1.0.0010)
Avira Free Antivirus (x32 Version: 14.0.2.286)
Battlefield 3™ (x32 Version: 1.6.0.0)
Bing Bar (x32 Version: 7.0.610.0)
BitTorrent (x32 Version: 7.6.1)
BittorrentBar_DE Toolbar (x32 Version: 6.13.3.501)
Bookworm Deluxe (x32)
Borderlands (x32)
Command & Conquer 3 (x32 Version: 1.00.0000)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Cooking Dash (x32)
Cossacks - The Art Of War (x32)
Creo Direct Version 2.0 Datecode [M030] (x32 Version: 2.0)
Creo Layout Version 2.0 Datecode [M030] (x32 Version: 2.0)
Creo Parametric Version 2.0 Datecode [M030] (x32 Version: 2.0)
Creo Platform 2.11 (x32 Version: 2.11.1)
Creo Simulate Version 2.0 Datecode [M030] (x32 Version: 2.0)
Creo Thumbnail Viewer 2.0 (Version: 30.12.360)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
D3DX10 (x32 Version: 15.4.2368.0902)
Dev-C++ 5 beta 9 release (4.9.9.2) (x32)
doPDF 6.2  printer
Dropbox (HKCU Version: 2.0.22)
E3MC - Windows Shutdown Timer v5.7 Full (x32 Version: 5.7.0.0)
EdenEternal-DE (x32)
ESN Sonar (x32 Version: 0.70.4)
ETDWare PS/2-X64 8.0.5.3_WHQL (Version: 8.0.5.3)
Fast Boot (Version: 1.0.10)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Game Park Console (x32 Version: 6.2.1.1)
Google Earth Plug-in (x32 Version: 7.1.2.2041)
Google Update Helper (x32 Version: 1.3.22.3)
Governor of Poker (x32)
Hotel Dash Suite Success (x32)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Processor Graphics (x32 Version: 9.17.10.3347)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
Jardinains 2! Lite Version 1.1 (x32 Version: 1.1)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Jewel Quest 3 (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lexmark  (x32 Version: 1.0.0.0)
Lexmark Pro200-S500 Series
Lexmark Symbolleiste (x32 Version: 4.3.37.0)
Luxor 3 (x32)
Magicka (x32)
Mahjongg dimensions (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
MKS Platform Components 9.x (Version: 9.3.0000)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Neverwinter (x32)
NICI U.S./Worldwide 2.77.1.0 (x32) (x32 Version: 2.77.1.0)
NICI U.S./Worldwide 2.77.1.0 (x64) (Version: 2.77.1.0)
NMAS Challenge Response Method (Version: 2.8.3.3)
NMAS Client (Version: 3.5.1.1)
Novell Client für Windows (Version: 2 SP3 (IR2))
Nuance PDF Reader (x32 Version: 6.00.0041)
NVIDIA Grafiktreiber 311.44 (Version: 311.44)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Optimus 1.11.3 (Version: 1.11.3)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Systemsteuerung 311.44 (Version: 311.44)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenAL (x32)
Origin (x32 Version: 9.3.10.4710)
Pando Media Booster (x32 Version: 2.6.0.7)
PAYDAY 2 (x32)
PAYDAY: The Heist (x32)
Plants vs Zombies (x32)
PTC Portmapper Version 2.0 Datecode [M030] (x32 Version: 2.0)
PTC Quality Agent (x32 Version: 2.0.0.0)
PunkBuster Services (x32 Version: 0.991)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6373)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10001)
Saints Row: The Third (x32)
Search-Results Toolbar (x32 Version: 1.0.0.12)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.9 (x32 Version: 6.9.106)
Sleeping Dogs™ (x32)
Sonic Focus (x32 Version: 1.0.0.4)
Spec Ops: The Line (x32)
Spotify (HKCU Version: 0.9.6.81.gd359a796)
Steam (x32 Version: 1.0.0.0)
Super Crate Box (x32)
syncables desktop SE (x32 Version: 5.5.746.11492)
TeamSpeak 3 Client (Version: 3.0.13.1)
The Lord of the Rings: War in the North (x32)
Torchlight II (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Uplay (x32 Version: 2.0)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Wanted: Weapons of Fate (x32 Version: 1.0.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
WinZip 16.0 (Version: 16.0.9715)
Wireless Console 3 (x32 Version: 3.0.19)
World of Goo (x32)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

07-12-2013 18:03:09 DirectX wurde installiert
10-12-2013 10:39:26 Windows Update
11-12-2013 00:26:27 Installed E3MC - Windows Shutdown Timer v5.7 Full.
11-12-2013 00:27:25 Installed E3MC - Windows Shutdown Timer v5.7 Full.
12-12-2013 19:51:49 Windows Update
15-12-2013 15:07:47 Windows Update
18-12-2013 22:43:54 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0BC6F23E-5B19-4D3E-B28B-C963CB52CA44} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {1261843F-6BC6-4E65-BE6B-855556EB3A1F} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {34100E16-7F91-4F6A-938F-E1C087FE3AC3} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {56C6ADCB-914F-4243-B4D0-413AA3C73C1B} - System32\Tasks\{AC5871AD-0915-4490-8A31-94CFA26F9A44} => C:\Sierra\Empire Earth\Empire Earth.exe
Task: {6144D0E8-9F67-4164-9189-DF1C65677EB3} - System32\Tasks\{91D9F515-8989-464E-9163-BD5F6B295085} => C:\Sierra\Empire Earth\Empire Earth.exe
Task: {79C42BFA-EF11-4478-AD32-956F7BBA636B} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Harald\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {86CAB56B-CBFB-44B7-9101-5AF6CE50AB81} - System32\Tasks\{1F886284-0FBD-45B3-846E-D4359B799218} => C:\Sierra\Empire Earth\Empire Earth.exe
Task: {88F0E0AA-E477-47A6-A264-2677C878BCFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {996AC3E7-B344-4845-928C-C4DCDFD4E5EA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AD8C0048-2199-4942-A099-E650B0353575} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {B9861EE8-EB11-4496-B0DE-1DFDCB957422} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {CA2ED1DF-9DB6-4163-AF9F-65D2C0ECCA23} - System32\Tasks\{24D74B9B-10F4-4EF4-B943-848C70013FCF} => C:\Sierra\Empire Earth\Empire Earth.exe
Task: {D4ADE27A-E6AA-4D67-ADAD-EA6731270816} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {E4EBE768-B6E3-418A-AE4A-AB8D0C8772ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-22 14:21 - 2013-05-29 04:38 - 01020088 _____ () C:\Windows\system32\ncnetprovider.dll
2013-06-25 12:53 - 2013-05-29 04:38 - 00109752 _____ () C:\Windows\system32\NCLangID.dll
2013-06-25 12:53 - 2013-05-29 04:38 - 00175288 _____ () C:\Windows\system32\MAPBASE.dll
2013-06-22 14:21 - 2013-05-29 04:38 - 00266936 _____ () C:\Windows\system32\NWSHLXNT.dll
2013-06-25 12:53 - 2013-03-04 10:14 - 00016384 _____ () C:\Windows\system32\nls\DEUTSCH\NCLangIDR.DLL
2013-06-25 12:53 - 2013-03-04 10:14 - 00086528 _____ () C:\Windows\system32\nls\DEUTSCH\MAPBASER.DLL
2013-06-25 12:53 - 2013-03-04 10:14 - 00102400 _____ () C:\Windows\system32\nls\DEUTSCH\NWSHLXNTR.DLL
2013-06-25 12:53 - 2013-03-04 10:14 - 00496640 _____ () C:\Windows\system32\nls\DEUTSCH\ncnetproviderR.DLL
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-05-02 21:41 - 2011-05-02 21:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-06-22 14:21 - 2013-05-29 04:38 - 01020088 _____ () C:\Windows\system32\NCNetProvider.DLL
2013-06-25 12:53 - 2013-03-04 10:14 - 00496640 _____ () C:\Windows\system32\nls\DEUTSCH\NCNetProviderR.DLL
2011-07-07 07:12 - 2011-01-27 01:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-12 18:07 - 2013-08-12 18:03 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-08-31 15:33 - 2011-08-31 15:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-01-22 17:27 - 2009-04-24 18:59 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
2012-01-22 17:27 - 2009-03-25 16:10 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
2012-01-22 17:27 - 2009-04-24 19:01 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
2012-01-22 17:27 - 2009-03-10 06:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
2012-01-22 17:27 - 2009-03-30 13:37 - 00708608 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL
2012-01-22 17:27 - 2009-03-30 13:35 - 00159744 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
2012-01-22 17:27 - 2009-03-30 13:35 - 00118784 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL
2012-01-22 17:27 - 2009-03-30 13:35 - 00139264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL
2012-01-22 17:27 - 2009-03-30 13:35 - 00061440 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL
2012-01-22 17:27 - 2009-04-22 04:42 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll
2012-01-22 17:27 - 2009-04-22 04:43 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
2012-01-22 17:27 - 2009-04-22 04:44 - 00102400 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll
2012-01-22 17:27 - 2009-04-03 15:18 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
2012-01-22 17:27 - 2009-03-02 15:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
2011-01-18 21:21 - 2011-01-18 21:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2013-11-03 23:51 - 2013-12-06 14:29 - 36967424 _____ () C:\Users\Harald\AppData\Roaming\Spotify\Data\libcef.dll
2013-11-03 23:51 - 2013-12-06 14:29 - 00887808 _____ () C:\Users\Harald\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-11-03 23:51 - 2013-12-06 14:29 - 00109568 _____ () C:\Users\Harald\AppData\Roaming\Spotify\Data\libegl.dll
2013-11-16 12:29 - 2013-11-16 12:29 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-12 02:00 - 2013-12-12 02:00 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2011-10-13 00:02 - 2011-05-10 19:47 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-12 17:10 - 2013-11-06 22:48 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2011-12-30 14:45 - 2013-12-11 20:40 - 01135016 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2011-12-30 14:45 - 2013-11-06 22:48 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-03-16 14:45 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-03-16 14:45 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-03-16 14:45 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-06-06 22:59 - 2013-06-06 22:59 - 00158744 _____ () C:\Program Files (x86)\Aeria Games\Ignite\AGAkamai.dll
2012-11-19 23:10 - 2012-05-22 06:24 - 01397760 _____ () C:\AeriaGames\EdenEternal-DE\ALAudio.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:81F83028

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2013 06:11:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc607
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000986ea
ID des fehlerhaften Prozesses: 0xfb4
Startzeit der fehlerhaften Anwendung: 0xWerFault.exe0
Pfad der fehlerhaften Anwendung: WerFault.exe1
Pfad des fehlerhaften Moduls: WerFault.exe2
Berichtskennung: WerFault.exe3

Error: (12/19/2013 06:11:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nwtray.exe, Version: 5.0.67.4053, Zeitstempel: 0x51a5e29a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000986ea
ID des fehlerhaften Prozesses: 0x120c
Startzeit der fehlerhaften Anwendung: 0xnwtray.exe0
Pfad der fehlerhaften Anwendung: nwtray.exe1
Pfad des fehlerhaften Moduls: nwtray.exe2
Berichtskennung: nwtray.exe3

Error: (12/19/2013 06:11:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: igfxpers.exe, Version: 8.15.10.3347, Zeitstempel: 0x5272a0d5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000986ea
ID des fehlerhaften Prozesses: 0x12a0
Startzeit der fehlerhaften Anwendung: 0xigfxpers.exe0
Pfad der fehlerhaften Anwendung: igfxpers.exe1
Pfad des fehlerhaften Moduls: igfxpers.exe2
Berichtskennung: igfxpers.exe3

Error: (12/19/2013 02:20:05 PM) (Source: RasClient) (User: )
Description: CoID={19D77677-5C21-467E-801A-6C79AE3C1B14}: Der Benutzer "Harald-PC\Harald" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.

Error: (12/15/2013 07:00:11 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/15/2013 04:17:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GameClient.exe, Version: 0.0.0.0, Zeitstempel: 0x52aa0f2d
Name des fehlerhaften Moduls: binkw32.dll, Version: 1.9.21.0, Zeitstempel: 0x4bd6d5a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000175ac
ID des fehlerhaften Prozesses: 0x1eac
Startzeit der fehlerhaften Anwendung: 0xGameClient.exe0
Pfad der fehlerhaften Anwendung: GameClient.exe1
Pfad des fehlerhaften Moduls: GameClient.exe2
Berichtskennung: GameClient.exe3

Error: (12/15/2013 03:09:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sdclt.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79920
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000986ea
ID des fehlerhaften Prozesses: 0x1a38
Startzeit der fehlerhaften Anwendung: 0xsdclt.exe0
Pfad der fehlerhaften Anwendung: sdclt.exe1
Pfad des fehlerhaften Moduls: sdclt.exe2
Berichtskennung: sdclt.exe3

Error: (12/14/2013 08:01:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: _Launcher.exe, Version: 1.1.1.1, Zeitstempel: 0x527b53fb
Name des fehlerhaften Moduls: _Launcher.exe, Version: 1.1.1.1, Zeitstempel: 0x527b53fb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001304c9
ID des fehlerhaften Prozesses: 0xb90
Startzeit der fehlerhaften Anwendung: 0x_Launcher.exe0
Pfad der fehlerhaften Anwendung: _Launcher.exe1
Pfad des fehlerhaften Moduls: _Launcher.exe2
Berichtskennung: _Launcher.exe3

Error: (12/14/2013 02:12:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nwtray.exe, Version: 5.0.67.4053, Zeitstempel: 0x51a5e29a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000986ea
ID des fehlerhaften Prozesses: 0x1148
Startzeit der fehlerhaften Anwendung: 0xnwtray.exe0
Pfad der fehlerhaften Anwendung: nwtray.exe1
Pfad des fehlerhaften Moduls: nwtray.exe2
Berichtskennung: nwtray.exe3

Error: (12/14/2013 03:30:42 AM) (Source: RasClient) (User: )
Description: CoID={327017CB-B789-497B-947F-75CB3AA03328}: Der Benutzer "Harald-PC\Harald" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.


System errors:
=============
Error: (12/20/2013 03:59:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/20/2013 03:59:00 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Erkennung interaktiver Dienste erreicht.

Error: (12/20/2013 03:15:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/20/2013 03:15:08 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Erkennung interaktiver Dienste erreicht.

Error: (12/20/2013 03:11:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/20/2013 03:11:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/20/2013 03:08:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxeb_device" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/20/2013 03:08:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeb_device erreicht.

Error: (12/20/2013 03:08:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxebCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/20/2013 03:08:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxebCATSCustConnectService erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 8102.7 MB
Available physical RAM: 3834.56 MB
Total Pagefile: 16203.57 MB
Available Pagefile: 11185.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:61.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:123 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
__________________

Alt 21.12.2013, 15:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.12.2013, 16:04   #5
HarryYoung
 
Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



Hier ist die Datei:

Code:
ATTFilter
ComboFix 13-12-20.01 - Harald 21/12/2013  16:29:55.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8103.5801 [GMT 1:00]
ausgeführt von:: c:\users\Harald\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Harald\AppData\Local\uninst.tmp
c:\users\Harald\AppData\Roaming\technic-launcher.jar
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-21 bis 2013-12-21  ))))))))))))))))))))))))))))))
.
.
2013-12-20 15:47 . 2013-12-20 15:47	--------	d-----w-	C:\FRST
2013-12-20 14:15 . 2013-12-04 03:28	10315576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A35779E2-EFA1-42A8-8E3B-B8ECA76D1F14}\mpengine.dll
2013-12-15 14:49 . 2013-12-15 14:49	--------	d-----w-	c:\users\Harald\AppData\Roaming\Malwarebytes
2013-12-15 14:49 . 2013-12-15 14:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-15 14:49 . 2013-12-15 14:49	--------	d-----w-	c:\programdata\Malwarebytes
2013-12-15 14:49 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-12-15 14:49 . 2013-12-15 14:49	--------	d-----w-	c:\users\Harald\AppData\Local\Programs
2013-12-12 19:56 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-12 19:56 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 19:56 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 19:56 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-12 19:56 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-11 23:29 . 2013-10-30 02:32	335360	----a-w-	c:\windows\system32\msieftp.dll
2013-12-11 00:27 . 2013-12-11 00:27	--------	d-----w-	c:\program files (x86)\E3MC Clan
2013-12-07 18:05 . 2013-12-07 18:19	--------	d-----w-	c:\users\Harald\AppData\Local\PAYDAY 2
2013-11-30 16:28 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-21 15:43 . 2011-12-14 21:42	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-12-18 22:46 . 2013-08-12 17:08	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-12-18 22:46 . 2013-08-12 17:07	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-12-18 22:46 . 2013-08-12 17:07	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-12-15 15:09 . 2011-12-16 12:52	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-12-12 01:00 . 2012-04-02 09:10	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-12 01:00 . 2011-12-22 21:57	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-27 23:59 . 2013-08-12 17:07	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-11-19 02:33 . 2011-12-14 22:20	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-11-09 18:25 . 2011-12-19 15:00	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-11-09 18:25 . 2011-12-19 15:00	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-11-09 18:25 . 2011-12-19 15:00	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-11-07 00:52 . 2013-11-07 00:52	279000	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-11-07 00:52 . 2013-11-07 00:52	515544	----a-w-	c:\windows\system32\igfxsrvc.exe
2013-11-07 00:52 . 2013-11-07 00:52	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
2013-11-07 00:52 . 2013-11-07 00:52	439296	----a-w-	c:\windows\system32\igfxrrom.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438784	----a-w-	c:\windows\system32\igfxrsky.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438784	----a-w-	c:\windows\system32\igfxrptg.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438784	----a-w-	c:\windows\system32\igfxrplk.lrc
2013-11-07 00:52 . 2013-11-07 00:52	437760	----a-w-	c:\windows\system32\igfxrtrk.lrc
2013-11-07 00:52 . 2013-11-07 00:52	437760	----a-w-	c:\windows\system32\igfxrsve.lrc
2013-11-07 00:52 . 2013-11-07 00:52	437760	----a-w-	c:\windows\system32\igfxrslv.lrc
2013-11-07 00:52 . 2013-11-07 00:52	437760	----a-w-	c:\windows\system32\igfxrptb.lrc
2013-11-07 00:52 . 2013-11-07 00:52	437760	----a-w-	c:\windows\system32\igfxrnor.lrc
2013-11-07 00:52 . 2013-11-07 00:52	437248	----a-w-	c:\windows\system32\igfxrtha.lrc
2013-11-07 00:52 . 2013-11-07 00:52	410624	----a-w-	c:\windows\system32\igfxTMM.dll
2013-11-07 00:52 . 2013-11-07 00:52	171992	----a-w-	c:\windows\system32\igfxtray.exe
2013-11-07 00:52 . 2013-11-07 00:52	116224	----a-w-	c:\windows\system32\igfxCoIn_v3347.dll
2013-11-07 00:52 . 2011-07-07 06:12	64000	----a-w-	c:\windows\system32\igfxsrvc.dll
2013-11-07 00:52 . 2013-11-07 00:52	440320	----a-w-	c:\windows\system32\igfxrell.lrc
2013-11-07 00:52 . 2013-11-07 00:52	439808	----a-w-	c:\windows\system32\igfxrfra.lrc
2013-11-07 00:52 . 2013-11-07 00:52	439808	----a-w-	c:\windows\system32\igfxresn.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438784	----a-w-	c:\windows\system32\igfxrnld.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438784	----a-w-	c:\windows\system32\igfxrita.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438784	----a-w-	c:\windows\system32\igfxrhrv.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438784	----a-w-	c:\windows\system32\igfxrdeu.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438272	----a-w-	c:\windows\system32\igfxrhun.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438272	----a-w-	c:\windows\system32\igfxrfin.lrc
2013-11-07 00:52 . 2013-11-07 00:52	438272	----a-w-	c:\windows\system32\igfxrcsy.lrc
2013-11-07 00:52 . 2013-11-07 00:52	437248	----a-w-	c:\windows\system32\igfxrdan.lrc
2013-11-07 00:52 . 2013-11-07 00:52	435712	----a-w-	c:\windows\system32\igfxrheb.lrc
2013-11-07 00:52 . 2013-11-07 00:52	435712	----a-w-	c:\windows\system32\igfxrara.lrc
2013-11-07 00:52 . 2013-11-07 00:52	432128	----a-w-	c:\windows\system32\igfxrjpn.lrc
2013-11-07 00:52 . 2013-11-07 00:52	431104	----a-w-	c:\windows\system32\igfxrkor.lrc
2013-11-07 00:52 . 2013-11-07 00:52	429056	----a-w-	c:\windows\system32\igfxrcht.lrc
2013-11-07 00:52 . 2013-11-07 00:52	428544	----a-w-	c:\windows\system32\igfxrchs.lrc
2013-11-07 00:52 . 2013-11-07 00:52	384512	----a-w-	c:\windows\system32\igfxpph.dll
2013-11-07 00:52 . 2013-11-07 00:52	286208	----a-w-	c:\windows\system32\igfxrenu.lrc
2013-11-07 00:52 . 2011-07-07 06:12	9007616	----a-w-	c:\windows\system32\igfxress.dll
2013-11-07 00:52 . 2013-11-07 00:52	9728	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2013-11-07 00:52 . 2013-11-07 00:52	931840	----a-w-	c:\windows\SysWow64\igfxcmrt32.dll
2013-11-07 00:52 . 2013-11-07 00:52	575488	----a-w-	c:\windows\system32\igfx11cmrt64.dll
2013-11-07 00:52 . 2013-11-07 00:52	542720	----a-w-	c:\windows\SysWow64\igfx11cmrt32.dll
2013-11-07 00:52 . 2013-11-07 00:52	442880	----a-w-	c:\windows\system32\igfxdev.dll
2013-11-07 00:52 . 2013-11-07 00:52	442328	----a-w-	c:\windows\system32\igfxpers.exe
2013-11-07 00:52 . 2013-11-07 00:52	3511296	----a-w-	c:\windows\system32\igfxcmjit64.dll
2013-11-07 00:52 . 2013-11-07 00:52	330752	----a-w-	c:\windows\SysWow64\igfxdv32.dll
2013-11-07 00:52 . 2013-11-07 00:52	3121152	----a-w-	c:\windows\SysWow64\igfxcmjit32.dll
2013-11-07 00:52 . 2013-11-07 00:52	28672	----a-w-	c:\windows\system32\igfxexps.dll
2013-11-07 00:52 . 2013-11-07 00:52	254936	----a-w-	c:\windows\system32\igfxext.exe
2013-11-07 00:52 . 2013-11-07 00:52	25088	----a-w-	c:\windows\SysWow64\igfxexps32.dll
2013-11-07 00:52 . 2013-11-07 00:52	142336	----a-w-	c:\windows\system32\igfxdo.dll
2013-11-07 00:52 . 2013-11-07 00:52	126976	----a-w-	c:\windows\system32\igfxcpl.cpl
2013-11-07 00:52 . 2013-11-07 00:52	1040384	----a-w-	c:\windows\system32\igfxcmrt64.dll
2013-11-07 00:52 . 2012-12-14 01:42	12617216	----a-w-	c:\windows\system32\igdumd64.dll
2013-11-07 00:52 . 2011-07-07 06:12	11049472	----a-w-	c:\windows\SysWow64\igdumd32.dll
2013-11-07 00:52 . 2013-11-07 00:52	5363200	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2013-11-07 00:52 . 2013-11-07 00:52	98304	----a-w-	c:\windows\system32\igdde64.dll
2013-11-07 00:52 . 2013-11-07 00:52	77312	----a-w-	c:\windows\SysWow64\igdde32.dll
2013-11-07 00:52 . 2011-10-21 16:13	11176448	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2013-11-07 00:52 . 2011-07-07 06:12	12859392	----a-w-	c:\windows\system32\igd10umd64.dll
2013-11-07 00:52 . 2013-11-07 00:52	13031424	----a-w-	c:\windows\system32\ig4icd64.dll
2013-11-07 00:52 . 2013-11-07 00:52	5904856	----a-w-	c:\windows\system32\GfxUI.exe
2013-11-07 00:52 . 2013-11-07 00:52	399832	----a-w-	c:\windows\system32\hkcmd.exe
2013-11-07 00:52 . 2013-11-07 00:52	175104	----a-w-	c:\windows\system32\gfxSrvc.dll
2013-11-07 00:52 . 2013-11-07 00:52	10812928	----a-w-	c:\windows\SysWow64\ig4icd32.dll
2013-11-07 00:52 . 2011-07-07 06:12	110592	----a-w-	c:\windows\system32\hccutils.dll
2013-11-07 00:52 . 2013-11-07 00:52	185816	----a-w-	c:\windows\system32\difx64.exe
2013-10-20 20:29 . 2011-12-19 17:02	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-10-12 02:30 . 2013-11-14 14:46	830464	----a-w-	c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 14:46	859648	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 14:46	324096	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 14:46	656896	----a-w-	c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 14:46	216576	----a-w-	c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 14:46	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 14:46	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 14:46	190464	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 14:46	197120	----a-w-	c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 14:46	1930752	----a-w-	c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 14:46	152576	----a-w-	c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 14:46	168960	----a-w-	c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 14:46	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-14 14:46	404480	----a-w-	c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-14 14:46	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-14 14:46	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-14 14:46	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-14 14:46	154560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-14 14:46	28672	----a-w-	c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-14 14:46	135680	----a-w-	c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-14 14:46	28160	----a-w-	c:\windows\system32\secur32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBit0.dll" [2013-05-20 231712]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2013-05-20 09:21	231712	----a-w-	c:\program files (x86)\BittorrentBar_DE\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6e47d688-85ec-465a-9946-ec58220f14fc}]
2012-09-24 22:12	89288	----a-w-	c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBit0.dll" [2013-05-20 231712]
"{6e47d688-85ec-465a-9946-ec58220f14fc}"= "c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-09-24 89288]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CLASSES_ROOT\clsid\{6e47d688-85ec-465a-9946-ec58220f14fc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Harald\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"Spotify Web Helper"="c:\users\Harald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-06 1168896]
"BackgroundContainer"="c:\users\Harald\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NuTCSetupEnviron"="c:\progra~1\PTC\MKSTOO~1\bin\ncoeenv.exe" [2009-11-23 37160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-13 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\BEARSH~1\Mediabar\Datamngr\datamngr.dll c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxebserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys;c:\windows\SYSNATIVE\DRIVERS\NCFilter.sys [x]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys;c:\windows\SYSNATIVE\DRIVERS\NCRecognizer.sys [x]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys;c:\windows\SYSNATIVE\DRIVERS\NCUncFilter.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe;c:\windows\SYSNATIVE\lxebcoms.exe [x]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [x]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [x]
S2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe;c:\windows\SYSNATIVE\nutsrv4.exe [x]
S2 PortmapperService;PortmapperService;c:\program files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe;c:\program files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:00]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 22:18]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Harald\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2009-04-28 766632]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2009-04-28 139944]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\Mediabar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\Mediabar\Datamngr\x64\IEBHO.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.bearshare.net
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: %SystemRoot%\system32\nutafun4.dll
Trusted Zone: aeriagames.com
TCP: Interfaces\{42EE4C1F-F36E-4055-98C0-4A37510B2F2A}: NameServer = 212.18.3.5 212.18.0.5
TCP: Interfaces\{A99B3AC1-DA36-4066-972D-95A1CC2DA9B3}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.net
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&apn_uid=7512447074654922&o=APN10641&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-11-03 23:54; {17e828e2-1258-4214-82e8-9aad3e2ac3ca}; c:\users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\extensions\{17e828e2-1258-4214-82e8-9aad3e2ac3ca}.xpi
FF - ExtSQL: 2013-11-05 23:59; {7176597c-af68-4d9f-9f89-d4c3501b667d}; c:\users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\extensions\{7176597c-af68-4d9f-9f89-d4c3501b667d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
HKLM-Run-NWTRAY - c:\program files (x86)\Novell\Client\nwtray.exe
AddRemove-{10F081B4-0B50-46D8-ABB6-B1E696EB2823}_is1 - d:\jardinains 2! lite\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortmapperService]
"ImagePath"="c:\program files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*ÓZœh\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*tbo2\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*§cŸi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*Ôy^\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*„„a\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*œ‘h\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*΢*?\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*ÿ¦‹q\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*C*Â7\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*„âoq\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4111095060-361586574-1343919878-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*T*y*r*a*n*n*e*SþA<\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Datafocus]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Mortice Kern Systems]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\Rundll32.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-21  17:00:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-21 16:00
.
Vor Suchlauf: 15 Verzeichnis(se), 66.408.792.064 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 92.605.718.528 Bytes frei
.
- - End Of File - - 00C8FAE19C6FE4C2B3AC48AE73A8370B
         


Alt 22.12.2013, 06:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows7: Vermutung auf Trojaner

Alt 22.12.2013, 18:41   #7
HarryYoung
 
Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



Malwarebytes log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Harald :: HARALD-PC [Administrator]

22/12/2013 19:10:07
mbam-log-2013-12-22 (19-10-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 246053
Laufzeit: 5 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Daten: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Harald\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
AdwCleaner log:
Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 22/12/2013 um 19:20:17
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Harald - HARALD-PC
# Gestartet von : C:\Users\Harald\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\BittorrentBar_DE
Ordner Gelöscht : C:\Users\Harald\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Harald\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Harald\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Harald\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Harald\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Harald\AppData\LocalLow\searchresultstb
Ordner Gelöscht : C:\Users\Harald\AppData\LocalLow\BittorrentBar_DE
Ordner Gelöscht : C:\Users\Harald\AppData\Roaming\iWin
Ordner Gelöscht : C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\ConduitCommon
Datei Gelöscht : C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8E44259-4106-422B-BF16-74AFBBE13720}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{062F7B06-2E33-4643-9ACF-EB22C99BFE7F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\FLEXnet
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\datamngr.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\x64\IEBHO.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\prefs.js ]

Zeile gelöscht : user_pref("CT2849855..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Zeile gelöscht : user_pref("CT2849855.CTID", "CT2849855");
Zeile gelöscht : user_pref("CT2849855.CurrentServerDate", "17-7-2012");
Zeile gelöscht : user_pref("CT2849855.DSInstall", false);
Zeile gelöscht : user_pref("CT2849855.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2849855.DialogsGetterLastCheckTime", "Tue Jul 17 2012 01:55:21 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2849855.EMailNotifierPollDate", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedLastCount129349796701375473", 212);
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313974171006416", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313975698350231", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313976370850190", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313976648818968", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313977444757117", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980389131455", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980655381977", "Wed May 23 2012 13:16:19 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980886163259", "Wed May 23 2012 13:16:19 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313981234756535", "Wed May 23 2012 13:16:19 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313983226631720", "Wed May 23 2012 13:16:19 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313983607725691", "Wed May 23 2012 13:16:19 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Zeile gelöscht : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Zeile gelöscht : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Zeile gelöscht : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Zeile gelöscht : user_pref("CT2849855.FirstServerDate", "23-5-2012");
Zeile gelöscht : user_pref("CT2849855.FirstTime", true);
Zeile gelöscht : user_pref("CT2849855.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2849855.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2849855.HPInstall", false);
Zeile gelöscht : user_pref("CT2849855.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2849855.Initialize", true);
Zeile gelöscht : user_pref("CT2849855.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2849855.InstallationId", "fft1374.tmp.exe");
Zeile gelöscht : user_pref("CT2849855.InstallationType", "XPE");
Zeile gelöscht : user_pref("CT2849855.InstalledDate", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.IsGrouping", false);
Zeile gelöscht : user_pref("CT2849855.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2849855.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2849855.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2849855.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2849855.LanguagePackLastCheckTime", "Tue Jul 17 2012 01:55:21 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2849855.LastLogin_3.12.0.8", "Wed May 23 2012 21:49:11 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.LastLogin_3.12.2.3", "Wed May 30 2012 19:13:52 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jul 17 2012 01:55:21 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.LatestVersion", "3.13.0.6");
Zeile gelöscht : user_pref("CT2849855.Locale", "de");
Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2849855.OriginalFirstVersion", "3.12.0.8");
Zeile gelöscht : user_pref("CT2849855.SearchCaption", "BittorrentBar_DE Customized Web Search");
Zeile gelöscht : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Tue Jul 17 2012 01:55:21 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2849855.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2849855.ServiceMapLastCheckTime", "Tue Jul 17 2012 01:55:21 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.SettingsLastCheckTime", "Tue Jul 17 2012 01:55:21 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.SettingsLastUpdate", "1342353836");
Zeile gelöscht : user_pref("CT2849855.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13");
Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Wed May 23 2012 13:16:17 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Zeile gelöscht : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Zeile gelöscht : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2849855.UserID", "UN84717876209100550");
Zeile gelöscht : user_pref("CT2849855.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2849855.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2849855.WeatherPollDate", "Wed May 23 2012 13:16:20 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2849855.alertChannelId", "1241896");
Zeile gelöscht : user_pref("CT2849855.autoDisableScopes", -1);
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262A442B564B4E3B243D2F2D2F2F33433A45373838615D61406A644F38514341424545574E594B4B4B767E727D69207B7224787[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6E6B6C6D746F6F75");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473747172737A75757B242F4B49474F42357D5D5C3D");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540236055505853565049324B2A2A4E4550335F5B6571563F584A5A515C3F6B6C75614A63[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A3951485367756363677575676B65527D7275624B645453515[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g>d", "686A3E40703E75437A70794675207A79204E257A20537C2A252426592B58262859295B5C");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "6D703D41734170427A74434872744875784E7A5151");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6B6C6D746F6F72737779");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Zeile gelöscht : user_pref("CT2849855.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Zeile gelöscht : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Wed May 23 2012 13:16:18 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2849855.initDone", true);
Zeile gelöscht : user_pref("CT2849855.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2849855.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2849855.navigateToUrlOnSearch", false);
Zeile gelöscht : user_pref("CT2849855.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2849855.testingCtid", "");
Zeile gelöscht : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Tue Jul 17 2012 01:55:21 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Wed May 23 2012 13:16:19 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855", "\"fe40d8b7439fc0dba17517bc717098072\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", "\"1334673258\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "Dq4oDE7bC6X7ZY06mrKiog==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"23712b2cfe25ac79e41f9196b44116cc\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Harald\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\9lxu56xo.default\\conduitCommon\\modules\\3.12.0.8");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_2faf7223", "356x332");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "086f4bfd-dd3f-405f-a45a-ee8da0e6cf0d");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 23 2012 13:16:20 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 23 2012 13:16:17 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "bfeb77cd-07f8-4ab7-92d5-76de222fdab0");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.bearshare.net");
Zeile gelöscht : user_pref("extensions.50ce08efddc40.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=350&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&apn_uid=7512447074654922&o=APN10641&q=");

-\\ Google Chrome v

[ Datei : C:\Users\Harald\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [29965 octets] - [22/12/2013 19:18:58]
AdwCleaner[S0].txt - [29604 octets] - [22/12/2013 19:20:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29665 octets] ##########
         
Junkware Removal Tool log:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Harald on 22/12/2013 at 19:23:53,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6e47d688-85ec-465a-9946-ec58220f14fc}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e47d688-85ec-465a-9946-ec58220f14fc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6e47d688-85ec-465a-9946-ec58220f14fc}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e47d688-85ec-465a-9946-ec58220f14fc}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Harald\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Harald\appdata\locallow\datamngr"
Failed to delete: [Folder] "C:\Program Files (x86)\bearshare applications"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{1BBE0B25-8520-42CA-822C-5C18EA5F1551}
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{20F71DEF-7A86-4476-8146-B3D920B54CB6}
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{3ED7225C-E3B9-4A5D-B558-65EFE32B3465}
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{40FC7DCE-B3DE-4BF3-8141-06559906465E}
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{53B7FB18-98EA-4685-8E1C-AA2F235AEC5E}
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{7016FDF1-A260-4EAF-9729-9D031E076202}
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{7A99D321-D20F-4467-ADE7-03573BFCAE46}
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{863D6131-6A50-4316-9C79-3A0CD0685258}
Successfully deleted: [Empty Folder] C:\Users\Harald\appdata\local\{FC6A4C34-BF77-4613-B587-7C68C4D4E3C8}



~~~ FireFox

Emptied folder: C:\Users\Harald\AppData\Roaming\mozilla\firefox\profiles\9lxu56xo.default\minidumps [385 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/12/2013 at 19:29:13,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01
Ran by Harald (administrator) on HARALD-PC on 22-12-2013 19:29:57
Running from C:\Users\Harald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Novell\Client\cusrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxebcoms.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(PTC) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
() C:\Program Files\Novell\Client\nwtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Akamai Technologies, Inc.) C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Windows\AsScrPro.exe
(Akamai Technologies, Inc.) C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [lxebmon.exe] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [766632 2009-04-28] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [139944 2009-04-28] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NWTRAY] - C:\Program Files\Novell\Client\nwtray.exe [40632 2013-05-29] ()
HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [370 2013-12-22] ()
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NuTCSetupEnviron] - C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37160 2009-11-23] (MKS Software Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 20 C:\Windows\SysWOW64\nutafun4.dll [164144] (MKS Software Inc.)
Winsock: Catalog9 21 C:\Windows\SysWOW64\nutafun4.dll [164144] (MKS Software Inc.)
Winsock: Catalog9-x64 20 %SystemRoot%\system32\nutafun4.dll [205024] (MKS Software Inc.)
Winsock: Catalog9-x64 21 %SystemRoot%\system32\nutafun4.dll [205024] (MKS Software Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A99B3AC1-DA36-4066-972D-95A1CC2DA9B3}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Games\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: Search-Results Toolbar - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{6e47d688-85ec-465a-9946-ec58220f14fc}
FF Extension: SaveIt - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\50ce08efddbb3@50ce08efddbec.com.xpi
FF Extension: {17e828e2-1258-4214-82e8-9aad3e2ac3ca} - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{17e828e2-1258-4214-82e8-9aad3e2ac3ca}.xpi
FF Extension: Video DivX Manager Light - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{7176597c-af68-4d9f-9f89-d4c3501b667d}.xpi
FF Extension: Adblock Plus - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\Harald\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 cusrvc; C:\Program Files\Novell\Client\cusrvc.exe [109240 2013-05-29] ()
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [33960 2009-04-24] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1032360 2009-04-24] ( )
R2 lxeb_device; C:\Windows\SysWow64\lxebcoms.exe [602792 2009-04-24] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [563424 2009-11-10] (MKS Software Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-11-09] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-11-09] ()
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [676864 2013-05-01] (PTC)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [21176 2013-05-29] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [113336 2013-05-29] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [115896 2013-05-29] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [91320 2013-05-29] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [121016 2013-05-29] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [27320 2013-05-29] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [32952 2013-05-29] (Novell, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [82616 2013-05-29] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [81080 2013-05-29] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [50360 2013-05-29] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [20664 2013-05-29] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [84664 2013-05-29] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [40120 2013-05-29] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [57016 2013-05-29] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [38584 2013-05-29] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [26296 2013-05-29] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [37048 2013-05-29] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [60600 2013-05-29] (Novell, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 sj; \??\C:\AeriaGames\EdenEternal\sjcs64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-07-17 01:25 - 2099-07-17 01:25 - 00000000 ____D C:\Users\Harald\AppData\Roaming\WinRAR
2099-07-17 01:25 - 2012-07-17 12:48 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-12-22 19:29 - 2013-12-22 19:29 - 00002592 _____ C:\Users\Harald\Desktop\JRT.txt
2013-12-22 19:29 - 2013-12-22 19:29 - 00000000 ____D C:\Users\Harald\Desktop\FRST-OlderVersion
2013-12-22 19:23 - 2013-12-22 19:23 - 00000000 ____D C:\Windows\ERUNT
2013-12-22 19:18 - 2013-12-22 19:20 - 00000000 ____D C:\AdwCleaner
2013-12-22 19:06 - 2013-12-22 19:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-22 19:06 - 2013-12-22 19:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-22 19:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-22 19:04 - 2013-12-22 19:04 - 01034531 _____ (Thisisu) C:\Users\Harald\Desktop\JRT.exe
2013-12-22 19:03 - 2013-12-22 19:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Harald\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 19:03 - 2013-12-22 19:03 - 01226750 _____ C:\Users\Harald\Desktop\adwcleaner.exe
2013-12-21 17:00 - 2013-12-21 17:00 - 00038900 _____ C:\ComboFix.txt
2013-12-21 16:27 - 2013-12-21 17:00 - 00000000 ____D C:\Qoobox
2013-12-21 16:27 - 2013-12-21 17:00 - 00000000 ____D C:\ComboFix
2013-12-21 16:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-21 16:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-21 16:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-21 16:26 - 2013-12-21 16:47 - 00000000 ____D C:\Windows\erdnt
2013-12-21 16:25 - 2013-12-21 16:25 - 05155033 ____R (Swearware) C:\Users\Harald\Desktop\ComboFix.exe
2013-12-20 17:02 - 2013-12-20 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 16:49 - 2013-12-20 16:50 - 00030755 _____ C:\Users\Harald\Desktop\Addition.txt
2013-12-20 16:48 - 2013-12-22 19:29 - 00020941 _____ C:\Users\Harald\Desktop\FRST.txt
2013-12-20 16:47 - 2013-12-22 19:29 - 01928280 _____ (Farbar) C:\Users\Harald\Desktop\FRST64.exe
2013-12-20 16:47 - 2013-12-22 19:29 - 00000000 ____D C:\FRST
2013-12-20 15:08 - 2013-12-20 15:08 - 00286632 _____ C:\Windows\Minidump\122013-23587-01.dmp
2013-12-19 18:10 - 2013-12-19 18:10 - 00286648 _____ C:\Windows\Minidump\121913-23290-01.dmp
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Malwarebytes
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 15:46 - 2013-12-15 15:46 - 00614784 _____ C:\Users\Harald\Desktop\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-12-12 20:56 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 20:56 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 20:56 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 20:56 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 20:55 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 20:55 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 20:55 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 20:55 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 20:55 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 20:55 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 20:55 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 20:55 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 20:55 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 20:55 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 20:55 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 20:55 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 20:55 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 20:55 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 20:55 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 20:55 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 20:55 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 20:55 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 20:55 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 20:55 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 20:55 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 20:55 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 20:55 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 20:55 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 20:55 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 20:55 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 20:55 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 20:55 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 20:55 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 20:55 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 20:55 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 00:29 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 00:29 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 00:29 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 00:29 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 00:29 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 00:29 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 00:29 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 00:29 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 00:29 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 00:29 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 00:29 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 00:29 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 00:29 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 00:29 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 00:29 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 00:29 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 00:29 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 00:29 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 00:29 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 01:27 - 2013-12-11 01:27 - 00002829 _____ C:\Users\Public\Desktop\WinShutdown.exe.lnk
2013-12-11 01:27 - 2013-12-11 01:27 - 00000000 ____D C:\Program Files (x86)\E3MC Clan
2013-12-11 01:25 - 2013-12-11 01:25 - 05212514 _____ (E3MC Clan              ) C:\Users\Harald\Downloads\WinShutdown_5.7_Full.exe
2013-12-10 21:54 - 2013-12-10 21:54 - 00286632 _____ C:\Windows\Minidump\121013-21434-01.dmp
2013-12-07 19:05 - 2013-12-07 19:19 - 00000000 ____D C:\Users\Harald\AppData\Local\PAYDAY 2
2013-12-06 01:09 - 2013-12-06 01:09 - 00286632 _____ C:\Windows\Minidump\120613-18891-01.dmp
2013-12-01 14:40 - 2013-12-01 14:40 - 00286632 _____ C:\Windows\Minidump\120113-25287-01.dmp
2013-11-30 17:28 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-30 17:24 - 2013-11-30 17:24 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-30 17:23 - 2013-11-30 17:28 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-28 00:43 - 2013-11-28 00:43 - 00286632 _____ C:\Windows\Minidump\112813-21247-01.dmp

==================== One Month Modified Files and Folders =======

2099-07-17 01:25 - 2099-07-17 01:25 - 00000000 ____D C:\Users\Harald\AppData\Roaming\WinRAR
2013-12-22 19:30 - 2013-12-20 16:48 - 00020941 _____ C:\Users\Harald\Desktop\FRST.txt
2013-12-22 19:29 - 2013-12-22 19:29 - 00002592 _____ C:\Users\Harald\Desktop\JRT.txt
2013-12-22 19:29 - 2013-12-22 19:29 - 00000000 ____D C:\Users\Harald\Desktop\FRST-OlderVersion
2013-12-22 19:29 - 2013-12-20 16:47 - 01928280 _____ (Farbar) C:\Users\Harald\Desktop\FRST64.exe
2013-12-22 19:29 - 2013-12-20 16:47 - 00000000 ____D C:\FRST
2013-12-22 19:29 - 2011-02-19 05:24 - 00708510 _____ C:\Windows\system32\perfh007.dat
2013-12-22 19:29 - 2011-02-19 05:24 - 00152114 _____ C:\Windows\system32\perfc007.dat
2013-12-22 19:29 - 2009-07-14 06:13 - 01644172 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-22 19:29 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 19:29 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 19:23 - 2013-12-22 19:23 - 00000000 ____D C:\Windows\ERUNT
2013-12-22 19:23 - 2011-12-14 23:06 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Skype
2013-12-22 19:22 - 2012-08-28 23:18 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 19:22 - 2012-01-22 17:30 - 05165743 _____ C:\ProgramData\lxebscan.log
2013-12-22 19:22 - 2011-12-14 22:42 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-12-22 19:21 - 2012-01-03 14:00 - 00129099 _____ C:\Windows\setupact.log
2013-12-22 19:21 - 2011-10-12 23:53 - 01926578 _____ C:\Windows\WindowsUpdate.log
2013-12-22 19:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 19:20 - 2013-12-22 19:18 - 00000000 ____D C:\AdwCleaner
2013-12-22 19:18 - 2012-08-28 23:18 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 19:06 - 2013-12-22 19:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-22 19:06 - 2013-12-22 19:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-22 19:04 - 2013-12-22 19:04 - 01034531 _____ (Thisisu) C:\Users\Harald\Desktop\JRT.exe
2013-12-22 19:03 - 2013-12-22 19:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Harald\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 19:03 - 2013-12-22 19:03 - 01226750 _____ C:\Users\Harald\Desktop\adwcleaner.exe
2013-12-22 18:59 - 2013-11-03 23:50 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Spotify
2013-12-22 18:59 - 2012-04-02 10:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-22 16:51 - 2011-12-30 14:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-21 17:00 - 2013-12-21 17:00 - 00038900 _____ C:\ComboFix.txt
2013-12-21 17:00 - 2013-12-21 16:27 - 00000000 ____D C:\Qoobox
2013-12-21 17:00 - 2013-12-21 16:27 - 00000000 ____D C:\ComboFix
2013-12-21 16:47 - 2013-12-21 16:26 - 00000000 ____D C:\Windows\erdnt
2013-12-21 16:44 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-21 16:42 - 2011-04-13 02:39 - 00822988 _____ C:\Windows\PFRO.log
2013-12-21 16:42 - 2009-07-14 03:34 - 88080384 _____ C:\Windows\system32\config\software.bak
2013-12-21 16:42 - 2009-07-14 03:34 - 22544384 _____ C:\Windows\system32\config\system.bak
2013-12-21 16:42 - 2009-07-14 03:34 - 00786432 _____ C:\Windows\system32\config\default.bak
2013-12-21 16:42 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-12-21 16:42 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-12-21 16:37 - 2012-01-22 17:37 - 01288364 _____ C:\ProgramData\lxeb.log
2013-12-21 16:25 - 2013-12-21 16:25 - 05155033 ____R (Swearware) C:\Users\Harald\Desktop\ComboFix.exe
2013-12-21 15:51 - 2012-04-26 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 03:30 - 2013-11-16 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-21 02:06 - 2013-11-03 23:51 - 00000000 ____D C:\Users\Harald\AppData\Local\Spotify
2013-12-20 17:02 - 2013-12-20 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 16:50 - 2013-12-20 16:49 - 00030755 _____ C:\Users\Harald\Desktop\Addition.txt
2013-12-20 15:08 - 2013-12-20 15:08 - 00286632 _____ C:\Windows\Minidump\122013-23587-01.dmp
2013-12-20 15:08 - 2013-11-08 18:11 - 405587437 _____ C:\Windows\MEMORY.DMP
2013-12-20 15:08 - 2012-11-02 14:59 - 00000000 ____D C:\Windows\Minidump
2013-12-19 18:10 - 2013-12-19 18:10 - 00286648 _____ C:\Windows\Minidump\121913-23290-01.dmp
2013-12-18 23:46 - 2013-08-12 18:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 23:46 - 2013-08-12 18:07 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 23:46 - 2013-08-12 18:07 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-15 17:43 - 2011-10-13 00:04 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-15 17:43 - 2011-10-13 00:04 - 00000000 ____D C:\Windows\system32\NV
2013-12-15 16:13 - 2013-07-13 21:56 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 16:09 - 2011-12-16 13:52 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Malwarebytes
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 15:46 - 2013-12-15 15:46 - 00614784 _____ C:\Users\Harald\Desktop\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-12-13 20:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 22:20 - 2011-04-13 03:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 21:21 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 21:19 - 2009-07-14 05:45 - 00438416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 20:56 - 2012-02-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 02:00 - 2012-04-02 10:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 02:00 - 2012-04-02 10:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 02:00 - 2011-12-22 22:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 01:27 - 2013-12-11 01:27 - 00002829 _____ C:\Users\Public\Desktop\WinShutdown.exe.lnk
2013-12-11 01:27 - 2013-12-11 01:27 - 00000000 ____D C:\Program Files (x86)\E3MC Clan
2013-12-11 01:27 - 2011-12-14 22:42 - 00115824 _____ C:\Users\Harald\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-11 01:25 - 2013-12-11 01:25 - 05212514 _____ (E3MC Clan              ) C:\Users\Harald\Downloads\WinShutdown_5.7_Full.exe
2013-12-10 21:54 - 2013-12-10 21:54 - 00286632 _____ C:\Windows\Minidump\121013-21434-01.dmp
2013-12-09 11:13 - 2012-08-28 23:18 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-09 11:13 - 2012-08-28 23:18 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-07 19:19 - 2013-12-07 19:05 - 00000000 ____D C:\Users\Harald\AppData\Local\PAYDAY 2
2013-12-07 19:04 - 2011-04-13 03:35 - 00742303 _____ C:\Windows\DirectX.log
2013-12-06 01:09 - 2013-12-06 01:09 - 00286632 _____ C:\Windows\Minidump\120613-18891-01.dmp
2013-12-01 14:42 - 2011-12-14 22:42 - 00001423 _____ C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-01 14:40 - 2013-12-01 14:40 - 00286632 _____ C:\Windows\Minidump\120113-25287-01.dmp
2013-12-01 06:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-30 17:28 - 2013-11-30 17:23 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-30 17:24 - 2013-11-30 17:24 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-28 00:59 - 2013-08-12 18:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-28 00:43 - 2013-11-28 00:43 - 00286632 _____ C:\Windows\Minidump\112813-21247-01.dmp
2013-11-26 12:54 - 2013-12-12 20:55 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-12 20:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-12 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-12 20:55 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-12 20:55 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-12 20:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-12 20:55 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-12 20:55 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-12 20:55 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-12 20:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-12 20:55 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-12 20:55 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-12 20:55 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-12 20:55 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-12 20:55 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-12 20:55 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-12 20:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-12 20:55 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-12 20:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-12 20:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-12 20:55 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-12 20:55 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-12 20:55 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-12 20:55 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-12 20:55 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-12 20:55 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-12 20:55 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-12 20:55 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-12 20:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-12 20:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-12 20:55 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 19:26 - 2013-12-12 00:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-12 00:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

Some content of TEMP:
====================
C:\Users\Harald\AppData\Local\Temp\avgnt.exe
C:\Users\Harald\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 17:33

==================== End Of Log ============================
         
--- --- ---

Alt 23.12.2013, 08:38   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.12.2013, 21:45   #9
HarryYoung
 
Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



ESET log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b8597b1f16bd90478fbffce7aa1b2b27
# engine=16376
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-23 07:24:12
# local_time=2013-12-23 08:24:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 10594 158497957 3373 0
# compatibility_mode=5893 16776573 100 94 186402 139456502 0 0
# scanned=261974
# found=1
# cleaned=0
# scan_time=5939
sh=849CA4539B97CC0B572E6473174BF0D7992DB22E ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\extensions\50ce08efddbb3@50ce08efddbec.com.xpi"
         
Security log:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.9.900.170  
 Mozilla Firefox (26.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

bis auf die eine "infizierte" Sache die nicht Weg mag passt alles soweit eigentlich.
Mein Browser ist jetzt auch wieder normal Vielen vielen Dank
Ihr macht hier echt einen sehr guten Job dickes Lob an das ganze Forum


Sorry hab den RST log vergessen:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013
Ran by Harald (administrator) on HARALD-PC on 23-12-2013 22:54:57
Running from C:\Users\Harald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Novell\Client\cusrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxebcoms.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(PTC) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
() C:\Program Files\Novell\Client\nwtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Windows\AsScrPro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [lxebmon.exe] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [766632 2009-04-28] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [139944 2009-04-28] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NWTRAY] - C:\Program Files\Novell\Client\nwtray.exe [40632 2013-05-29] ()
HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [370 2013-12-23] ()
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NuTCSetupEnviron] - C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37160 2009-11-23] (MKS Software Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Harald\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Harald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 20 C:\Windows\SysWOW64\nutafun4.dll [164144] (MKS Software Inc.)
Winsock: Catalog9 21 C:\Windows\SysWOW64\nutafun4.dll [164144] (MKS Software Inc.)
Winsock: Catalog9-x64 20 %SystemRoot%\system32\nutafun4.dll [205024] (MKS Software Inc.)
Winsock: Catalog9-x64 21 %SystemRoot%\system32\nutafun4.dll [205024] (MKS Software Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A99B3AC1-DA36-4066-972D-95A1CC2DA9B3}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Games\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: Search-Results Toolbar - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{6e47d688-85ec-465a-9946-ec58220f14fc}
FF Extension: SaveIt - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\50ce08efddbb3@50ce08efddbec.com.xpi
FF Extension: {17e828e2-1258-4214-82e8-9aad3e2ac3ca} - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{17e828e2-1258-4214-82e8-9aad3e2ac3ca}.xpi
FF Extension: Video DivX Manager Light - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{7176597c-af68-4d9f-9f89-d4c3501b667d}.xpi
FF Extension: Adblock Plus - C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\9lxu56xo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\Harald\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 cusrvc; C:\Program Files\Novell\Client\cusrvc.exe [109240 2013-05-29] ()
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [33960 2009-04-24] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1032360 2009-04-24] ( )
R2 lxeb_device; C:\Windows\SysWow64\lxebcoms.exe [602792 2009-04-24] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [563424 2009-11-10] (MKS Software Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-11-09] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-11-09] ()
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [676864 2013-05-01] (PTC)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [21176 2013-05-29] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [113336 2013-05-29] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [115896 2013-05-29] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [91320 2013-05-29] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [121016 2013-05-29] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [27320 2013-05-29] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [32952 2013-05-29] (Novell, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [82616 2013-05-29] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [81080 2013-05-29] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [50360 2013-05-29] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [20664 2013-05-29] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [84664 2013-05-29] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [40120 2013-05-29] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [57016 2013-05-29] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [38584 2013-05-29] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [26296 2013-05-29] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [37048 2013-05-29] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [60600 2013-05-29] (Novell, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 sj; \??\C:\AeriaGames\EdenEternal\sjcs64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-07-17 01:25 - 2099-07-17 01:25 - 00000000 ____D C:\Users\Harald\AppData\Roaming\WinRAR
2099-07-17 01:25 - 2012-07-17 12:48 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-12-23 22:36 - 2013-12-23 22:36 - 00891200 _____ C:\Users\Harald\Desktop\SecurityCheck.exe
2013-12-22 19:29 - 2013-12-23 22:54 - 00000000 ____D C:\Users\Harald\Desktop\FRST-OlderVersion
2013-12-22 19:29 - 2013-12-22 19:29 - 00002592 _____ C:\Users\Harald\Desktop\JRT.txt
2013-12-22 19:23 - 2013-12-22 19:23 - 00000000 ____D C:\Windows\ERUNT
2013-12-22 19:18 - 2013-12-22 19:20 - 00000000 ____D C:\AdwCleaner
2013-12-22 19:06 - 2013-12-22 19:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-22 19:06 - 2013-12-22 19:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-22 19:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-22 19:04 - 2013-12-22 19:04 - 01034531 _____ (Thisisu) C:\Users\Harald\Desktop\JRT.exe
2013-12-22 19:03 - 2013-12-22 19:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Harald\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 19:03 - 2013-12-22 19:03 - 01226750 _____ C:\Users\Harald\Desktop\adwcleaner.exe
2013-12-21 17:00 - 2013-12-21 17:00 - 00038900 _____ C:\ComboFix.txt
2013-12-21 16:27 - 2013-12-21 17:00 - 00000000 ____D C:\Qoobox
2013-12-21 16:27 - 2013-12-21 17:00 - 00000000 ____D C:\ComboFix
2013-12-21 16:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-21 16:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-21 16:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-21 16:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-21 16:26 - 2013-12-21 16:47 - 00000000 ____D C:\Windows\erdnt
2013-12-21 16:25 - 2013-12-21 16:25 - 05155033 ____R (Swearware) C:\Users\Harald\Desktop\ComboFix.exe
2013-12-20 17:02 - 2013-12-20 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 16:49 - 2013-12-20 16:50 - 00030755 _____ C:\Users\Harald\Desktop\Addition.txt
2013-12-20 16:48 - 2013-12-23 22:54 - 00021426 _____ C:\Users\Harald\Desktop\FRST.txt
2013-12-20 16:47 - 2013-12-23 22:54 - 01928604 _____ (Farbar) C:\Users\Harald\Desktop\FRST64.exe
2013-12-20 16:47 - 2013-12-23 22:54 - 00000000 ____D C:\FRST
2013-12-20 15:08 - 2013-12-20 15:08 - 00286632 _____ C:\Windows\Minidump\122013-23587-01.dmp
2013-12-19 18:10 - 2013-12-19 18:10 - 00286648 _____ C:\Windows\Minidump\121913-23290-01.dmp
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Malwarebytes
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 15:46 - 2013-12-15 15:46 - 00614784 _____ C:\Users\Harald\Desktop\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-12-12 20:56 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 20:56 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 20:56 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 20:56 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 20:55 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 20:55 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 20:55 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 20:55 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 20:55 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 20:55 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 20:55 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 20:55 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 20:55 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 20:55 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 20:55 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 20:55 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 20:55 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 20:55 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 20:55 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 20:55 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 20:55 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 20:55 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 20:55 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 20:55 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 20:55 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 20:55 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 20:55 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 20:55 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 20:55 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 20:55 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 20:55 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 20:55 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 20:55 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 20:55 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 20:55 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 00:29 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 00:29 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 00:29 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 00:29 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 00:29 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 00:29 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 00:29 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 00:29 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 00:29 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 00:29 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 00:29 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 00:29 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 00:29 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 00:29 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 00:29 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 00:29 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 00:29 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 00:29 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 00:29 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 01:27 - 2013-12-11 01:27 - 00002829 _____ C:\Users\Public\Desktop\WinShutdown.exe.lnk
2013-12-11 01:27 - 2013-12-11 01:27 - 00000000 ____D C:\Program Files (x86)\E3MC Clan
2013-12-11 01:25 - 2013-12-11 01:25 - 05212514 _____ (E3MC Clan              ) C:\Users\Harald\Downloads\WinShutdown_5.7_Full.exe
2013-12-10 21:54 - 2013-12-10 21:54 - 00286632 _____ C:\Windows\Minidump\121013-21434-01.dmp
2013-12-07 19:05 - 2013-12-07 19:19 - 00000000 ____D C:\Users\Harald\AppData\Local\PAYDAY 2
2013-12-06 01:09 - 2013-12-06 01:09 - 00286632 _____ C:\Windows\Minidump\120613-18891-01.dmp
2013-12-01 14:40 - 2013-12-01 14:40 - 00286632 _____ C:\Windows\Minidump\120113-25287-01.dmp
2013-11-30 17:28 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-30 17:24 - 2013-11-30 17:24 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-30 17:23 - 2013-11-30 17:28 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-28 00:43 - 2013-11-28 00:43 - 00286632 _____ C:\Windows\Minidump\112813-21247-01.dmp

==================== One Month Modified Files and Folders =======

2099-07-17 01:25 - 2099-07-17 01:25 - 00000000 ____D C:\Users\Harald\AppData\Roaming\WinRAR
2013-12-23 22:55 - 2013-12-20 16:48 - 00021426 _____ C:\Users\Harald\Desktop\FRST.txt
2013-12-23 22:54 - 2013-12-22 19:29 - 00000000 ____D C:\Users\Harald\Desktop\FRST-OlderVersion
2013-12-23 22:54 - 2013-12-20 16:47 - 01928604 _____ (Farbar) C:\Users\Harald\Desktop\FRST64.exe
2013-12-23 22:54 - 2013-12-20 16:47 - 00000000 ____D C:\FRST
2013-12-23 22:36 - 2013-12-23 22:36 - 00891200 _____ C:\Users\Harald\Desktop\SecurityCheck.exe
2013-12-23 22:18 - 2012-08-28 23:18 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 21:59 - 2012-04-02 10:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 21:30 - 2011-10-12 23:53 - 01963134 _____ C:\Windows\WindowsUpdate.log
2013-12-23 18:39 - 2011-02-19 05:24 - 00708510 _____ C:\Windows\system32\perfh007.dat
2013-12-23 18:39 - 2011-02-19 05:24 - 00152114 _____ C:\Windows\system32\perfc007.dat
2013-12-23 18:39 - 2009-07-14 06:13 - 01644172 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-23 18:38 - 2011-12-30 14:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-23 18:38 - 2011-12-14 23:06 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Skype
2013-12-23 12:30 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 12:30 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 12:22 - 2012-08-28 23:18 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 12:22 - 2012-01-22 17:30 - 05165963 _____ C:\ProgramData\lxebscan.log
2013-12-23 12:22 - 2012-01-03 14:00 - 00129267 _____ C:\Windows\setupact.log
2013-12-23 12:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 22:57 - 2013-11-03 23:50 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Spotify
2013-12-22 19:33 - 2011-12-14 22:42 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-12-22 19:29 - 2013-12-22 19:29 - 00002592 _____ C:\Users\Harald\Desktop\JRT.txt
2013-12-22 19:23 - 2013-12-22 19:23 - 00000000 ____D C:\Windows\ERUNT
2013-12-22 19:20 - 2013-12-22 19:18 - 00000000 ____D C:\AdwCleaner
2013-12-22 19:06 - 2013-12-22 19:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-22 19:06 - 2013-12-22 19:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-22 19:04 - 2013-12-22 19:04 - 01034531 _____ (Thisisu) C:\Users\Harald\Desktop\JRT.exe
2013-12-22 19:03 - 2013-12-22 19:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Harald\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 19:03 - 2013-12-22 19:03 - 01226750 _____ C:\Users\Harald\Desktop\adwcleaner.exe
2013-12-21 17:00 - 2013-12-21 17:00 - 00038900 _____ C:\ComboFix.txt
2013-12-21 17:00 - 2013-12-21 16:27 - 00000000 ____D C:\Qoobox
2013-12-21 17:00 - 2013-12-21 16:27 - 00000000 ____D C:\ComboFix
2013-12-21 16:47 - 2013-12-21 16:26 - 00000000 ____D C:\Windows\erdnt
2013-12-21 16:44 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-21 16:42 - 2011-04-13 02:39 - 00822988 _____ C:\Windows\PFRO.log
2013-12-21 16:42 - 2009-07-14 03:34 - 88080384 _____ C:\Windows\system32\config\software.bak
2013-12-21 16:42 - 2009-07-14 03:34 - 22544384 _____ C:\Windows\system32\config\system.bak
2013-12-21 16:42 - 2009-07-14 03:34 - 00786432 _____ C:\Windows\system32\config\default.bak
2013-12-21 16:42 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-12-21 16:42 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-12-21 16:37 - 2012-01-22 17:37 - 01288364 _____ C:\ProgramData\lxeb.log
2013-12-21 16:25 - 2013-12-21 16:25 - 05155033 ____R (Swearware) C:\Users\Harald\Desktop\ComboFix.exe
2013-12-21 15:51 - 2012-04-26 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 03:30 - 2013-11-16 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-21 02:06 - 2013-11-03 23:51 - 00000000 ____D C:\Users\Harald\AppData\Local\Spotify
2013-12-20 17:02 - 2013-12-20 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 16:50 - 2013-12-20 16:49 - 00030755 _____ C:\Users\Harald\Desktop\Addition.txt
2013-12-20 15:08 - 2013-12-20 15:08 - 00286632 _____ C:\Windows\Minidump\122013-23587-01.dmp
2013-12-20 15:08 - 2013-11-08 18:11 - 405587437 _____ C:\Windows\MEMORY.DMP
2013-12-20 15:08 - 2012-11-02 14:59 - 00000000 ____D C:\Windows\Minidump
2013-12-19 18:10 - 2013-12-19 18:10 - 00286648 _____ C:\Windows\Minidump\121913-23290-01.dmp
2013-12-18 23:46 - 2013-08-12 18:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 23:46 - 2013-08-12 18:07 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 23:46 - 2013-08-12 18:07 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-15 17:43 - 2011-10-13 00:04 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-15 17:43 - 2011-10-13 00:04 - 00000000 ____D C:\Windows\system32\NV
2013-12-15 16:13 - 2013-07-13 21:56 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 16:09 - 2011-12-16 13:52 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\Users\Harald\AppData\Roaming\Malwarebytes
2013-12-15 15:49 - 2013-12-15 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 15:46 - 2013-12-15 15:46 - 00614784 _____ C:\Users\Harald\Desktop\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-12-13 20:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 22:20 - 2011-04-13 03:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 21:21 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 21:19 - 2009-07-14 05:45 - 00438416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 20:56 - 2012-02-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 02:00 - 2012-04-02 10:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 02:00 - 2012-04-02 10:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 02:00 - 2011-12-22 22:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 01:27 - 2013-12-11 01:27 - 00002829 _____ C:\Users\Public\Desktop\WinShutdown.exe.lnk
2013-12-11 01:27 - 2013-12-11 01:27 - 00000000 ____D C:\Program Files (x86)\E3MC Clan
2013-12-11 01:27 - 2011-12-14 22:42 - 00115824 _____ C:\Users\Harald\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-11 01:25 - 2013-12-11 01:25 - 05212514 _____ (E3MC Clan              ) C:\Users\Harald\Downloads\WinShutdown_5.7_Full.exe
2013-12-10 21:54 - 2013-12-10 21:54 - 00286632 _____ C:\Windows\Minidump\121013-21434-01.dmp
2013-12-09 11:13 - 2012-08-28 23:18 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-09 11:13 - 2012-08-28 23:18 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-07 19:19 - 2013-12-07 19:05 - 00000000 ____D C:\Users\Harald\AppData\Local\PAYDAY 2
2013-12-07 19:04 - 2011-04-13 03:35 - 00742303 _____ C:\Windows\DirectX.log
2013-12-06 01:09 - 2013-12-06 01:09 - 00286632 _____ C:\Windows\Minidump\120613-18891-01.dmp
2013-12-01 14:42 - 2011-12-14 22:42 - 00001423 _____ C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-01 14:40 - 2013-12-01 14:40 - 00286632 _____ C:\Windows\Minidump\120113-25287-01.dmp
2013-12-01 06:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-30 17:28 - 2013-11-30 17:23 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-30 17:24 - 2013-11-30 17:24 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-30 17:24 - 2013-11-30 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-30 17:24 - 2013-11-30 17:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-30 17:24 - 2013-11-30 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-30 17:24 - 2013-11-30 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-30 17:24 - 2013-11-30 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-28 00:59 - 2013-08-12 18:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-28 00:43 - 2013-11-28 00:43 - 00286632 _____ C:\Windows\Minidump\112813-21247-01.dmp
2013-11-26 12:54 - 2013-12-12 20:55 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-12 20:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-12 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-12 20:55 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-12 20:55 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-12 20:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-12 20:55 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-12 20:55 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-12 20:55 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-12 20:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-12 20:55 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-12 20:55 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-12 20:55 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-12 20:55 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-12 20:55 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-12 20:55 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-12 20:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-12 20:55 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-12 20:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-12 20:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-12 20:55 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-12 20:55 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-12 20:55 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-12 20:55 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-12 20:55 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-12 20:55 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-12 20:55 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-12 20:55 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-12 20:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-12 20:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-12 20:55 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 19:26 - 2013-12-12 00:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-12 00:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

Some content of TEMP:
====================
C:\Users\Harald\AppData\Local\Temp\avgnt.exe
C:\Users\Harald\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 17:33

==================== End Of Log ============================
         
--- --- ---

Geändert von HarryYoung (23.12.2013 um 21:58 Uhr)

Alt 24.12.2013, 10:20   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Vermutung auf Trojaner - Standard

Windows7: Vermutung auf Trojaner



Firefox bitte komplett deinstallieren, keine Daten behalten, neu installieren.


Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows7: Vermutung auf Trojaner
administrator, anti-malware, appdata, browser, gelöscht, löschen, maleware, malwarebytes, microsoft, mozilla, pup.optional.1clickdownload.a, pup.optional.bearsharetb.a, pup.optional.conduit, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.searchqu.a, rundll32.exe, trojaner, windows, öffnen



Ähnliche Themen: Windows7: Vermutung auf Trojaner


  1. Vermutung auf Malware, was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2014 (11)
  2. Vermutung auf Trojaner
    Log-Analyse und Auswertung - 07.09.2014 (4)
  3. Android Trojaner mit Zugriff auf Betriebssystem..... Vermutung!
    Plagegeister aller Art und deren Bekämpfung - 03.04.2014 (1)
  4. Vermutung auf Viren
    Log-Analyse und Auswertung - 07.03.2014 (12)
  5. Vermutung auf Virus
    Log-Analyse und Auswertung - 07.01.2014 (15)
  6. Windows 7: PopUp Fenster "resyncloud" Vermutung auf Trojaner
    Log-Analyse und Auswertung - 26.09.2013 (11)
  7. Ständig Weisser Bildschirm nach XP Neustart Vermutung: Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (1)
  8. Vermutung auf Trojaner - eventuell Rootkit
    Plagegeister aller Art und deren Bekämpfung - 26.09.2011 (2)
  9. HijackThis Log. Vermutung auf Trojaner
    Log-Analyse und Auswertung - 22.03.2011 (1)
  10. Trojaner Vermutung
    Log-Analyse und Auswertung - 01.10.2010 (8)
  11. Hijackthis file...vermutung von trojaner :S
    Log-Analyse und Auswertung - 08.03.2010 (18)
  12. Vermutung auf Trojaner und Wurm
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (5)
  13. Trojaner-Vermutung
    Log-Analyse und Auswertung - 18.05.2009 (76)
  14. [Vermutung] Immernoch Trojaner und/oder Malware
    Plagegeister aller Art und deren Bekämpfung - 15.12.2008 (1)
  15. Kino.to | Vermutung Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.10.2008 (15)
  16. Virus vermutung
    Log-Analyse und Auswertung - 19.09.2008 (17)
  17. Vermutung auf einen Trojaner =/
    Mülltonne - 14.07.2006 (2)

Zum Thema Windows7: Vermutung auf Trojaner - Hallo, ich habe versucht meinen Browser schneller zu machen, weil der ewig braucht um links zu öffnen und wurde darauf hingewiesen ich sollte mal maleware über meinen PC laufen lassen. - Windows7: Vermutung auf Trojaner...
Archiv
Du betrachtest: Windows7: Vermutung auf Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.