Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira-Fund TR/Patched.Ren.Gen8

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.02.2014, 18:31   #1
Icetrack
 
Avira-Fund TR/Patched.Ren.Gen8 - Standard

Avira-Fund TR/Patched.Ren.Gen8



Hallo,

heute morgen meldete Avira Free Antivirus direkt nach dem Systemstart, dass ein unerlaubter Zugriff auf die "avgnt.exe" verhindert worden sei. Ich wollte mir dann die Details dazu anzeigen lassen, aber es öffnete sich lediglich die Standard-Antivir-Oberfläche. In der Quarantäne steht von diesem Fund nichts.
Im Logfile dagegen ist das folgendermaßen aufgeführt:

HTML-Code:
26.02.2014,08:54:53 [INFO] ---------------------------------------------------------
26.02.2014,08:54:53 [INFO] Engine-Version:  8.2.14.12
26.02.2014,08:54:53 [INFO] VDF-Version:  7.11.70.0
26.02.2014,08:54:53 [INFO] APC-Version:  2.6.5.2
26.02.2014,08:54:53 [INFO] RDF-Version:  14.0.3.26
26.02.2014,08:54:53 [INFO] Echtzeit-Scanner-Version: 14.00.03.336
26.02.2014,08:54:54 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
26.02.2014,08:54:54 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP 
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
      - Auszulassende Prozesse der Echtzeit-Scanner:
      	- \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
26.02.2014,08:55:00 [INFO] Online-Dienste stehen zur Verfügung.
26.02.2014,08:56:01 [FUND] Ist das Trojanische Pferd TR/Patched.Ren.Gen8!
  D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
26.02.2014,08:59:56 [INFO] Update-Auftrag gestartet!
26.02.2014,09:00:03 [INFO] ---------------------------------------------------------
26.02.2014,09:00:03 [INFO] Engine-Version:  8.2.14.12
26.02.2014,09:00:03 [INFO] VDF-Version:  7.11.70.0
26.02.2014,09:00:03 [INFO] APC-Version:  2.6.5.2
26.02.2014,09:00:03 [INFO] RDF-Version:  14.0.3.26
26.02.2014,09:00:03 [INFO] Echtzeit-Scanner-Version: 14.00.03.336
26.02.2014,09:01:33 [WARNUNG] Echtzeit-Scanner wurde deaktiviert
26.02.2014,09:23:27 [INFO] Echtzeit-Scanner wurde aktiviert
26.02.2014,09:50:05 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP 
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
      - Auszulassende Prozesse der Echtzeit-Scanner:
      	- \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Ich habe dann mit Antivir einen vollständigen Systemscan durchgeführt, sowie anschließend einen vollständigen Suchlauf mit Malwarebytes. Beide Programme haben keine Funde zu Tage gefördert.

Jetzt bin ich der Anleitung entsprechend vorgegangen und habe auch die entsprechenden Logfiles erstellt. Bei der Durchsicht ist mir aufgefallen, dass diese Popup-Infektions-Software Re-Markit in den Logs auftaucht. Probleme in den Browsern hatte ich damit aber keine - jedenfalls keine Erkennbaren (ich nutze nur Firefox, das gilt aber auch für den IE 11).
Nach dem Scan mit GMER konnte ich den Echtzeitscanner von Antivir nicht aktivieren. Auf das angegeben Gerät/den Pfad kann angeblich nicht zugegriffen werden oder mir fehlen die nötigen Berechtigungen. Ich starte daher gleich mal neu.

Nun die Logs:

defogger:
HTML-Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:53 on 26/02/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST 1:
HTML-Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014 01
Ran by ***** (administrator) on GTX770-8GB-I5 on 26-02-2014 17:54:19
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Samsung) D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - D:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [avgnt] - D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKU\S-1-5-21-3433850409-1594362354-2394267938-1000\...\Run: [] - D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E54BDDDADA1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\out617ip.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\out617ip.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-25]
FF HKCU\...\Firefox\Extensions: [{d97497ae-755d-453a-80bc-9d2460f183ce}] - C:\Program Files (x86)\Re-markit\150.xpi
FF StartMenuInternet: FIREFOX.EXE - d:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-24] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-16] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-08-26] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-08-26] ()
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-09-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30888 2013-10-14] (Razer Inc)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [171144 2007-05-01] (Saitek)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [181024 2013-04-30] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 17:54 - 2014-02-26 17:54 - 00012014 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\FRST
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-02-26 17:53 - 2014-02-26 17:51 - 02155008 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-02-26 17:48 - 2014-02-26 17:48 - 00079590 _____ () C:\Users\*****\Desktop\avguard.log
2014-02-26 14:19 - 2014-02-26 14:19 - 00023270 _____ () C:\Users\*****\Desktop\AVSCAN-20140226-111128-28FEA445.LOG
2014-02-26 13:19 - 2014-02-26 13:19 - 00011235 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-26 13:16 - 2014-02-26 13:16 - 00000000 ____D () C:\Users\*****\.thumbnails
2014-02-26 10:58 - 2014-02-26 10:58 - 00022094 _____ () C:\Users\*****\Desktop\Rootkits_AVSCAN-20140226-101323-8D0964D9.LOG
2014-02-26 10:09 - 2014-02-26 15:01 - 00000000 ____D () C:\Users\*****\AppData\Local\Battle.net
2014-02-26 10:09 - 2014-02-26 10:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Battle.net
2014-02-26 10:07 - 2014-02-26 10:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Blizzard Entertainment
2014-02-24 14:57 - 2014-02-24 15:01 - 00000000 ____D () C:\Users\*****\Documents\Assassin's Creed IV Black Flag
2014-02-19 09:55 - 2014-02-26 08:54 - 00000784 _____ () C:\Windows\setupact.log
2014-02-19 09:55 - 2014-02-19 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 12:17 - 2014-02-16 12:17 - 00000758 _____ () C:\Users\Public\Desktop\Baldur's Gate Trilogy.lnk
2014-02-15 22:51 - 2014-02-15 22:51 - 00003174 _____ () C:\Windows\System32\Tasks\{74D7530C-A7ED-451B-AF7C-C2F0C4B140A2}
2014-02-15 14:45 - 2014-02-15 21:32 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-02-15 12:09 - 2014-02-15 12:09 - 00605672 _____ (Macromedia, Inc.) C:\Windows\icewind1.exe
2014-02-15 12:09 - 2014-02-15 12:09 - 00049152 _____ () C:\Windows\icewind1.scr
2014-02-15 10:54 - 2014-02-15 21:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mp3tag
2014-02-14 11:35 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OpenOffice
2014-02-14 11:34 - 2014-02-14 11:34 - 00000000 ___SD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-02-13 12:48 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 12:48 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 12:48 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 12:48 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 12:48 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 12:48 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 12:48 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 12:48 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 12:48 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 12:48 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 12:48 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 12:47 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 12:47 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 12:47 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 12:47 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 12:47 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 12:47 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 12:47 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 12:47 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 12:47 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 12:47 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 12:47 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 12:47 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 12:47 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 12:47 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 12:47 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 12:47 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 12:47 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 12:47 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 12:47 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 12:47 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 12:47 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 12:47 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 12:47 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 12:47 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 12:47 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 12:47 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 12:47 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 12:47 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 12:47 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 12:47 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 12:10 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 12:10 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 12:10 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 12:10 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 12:10 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 12:10 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 12:10 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 12:10 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 12:10 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 12:10 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 12:10 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 12:09 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 12:09 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 12:09 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 12:09 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-02-12 18:18 - 2014-02-12 18:18 - 00000159 ___RH () C:\Windows\ctfile.rfc
2014-02-12 18:18 - 2009-03-26 14:48 - 00190976 _____ () C:\Windows\system32\APOMgr64.DLL
2014-02-12 18:18 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-12 18:18 - 2009-02-06 18:53 - 00089088 _____ () C:\Windows\system32\CmdRtr64.DLL
2014-02-12 18:18 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-02-12 18:18 - 2008-02-04 09:27 - 00102400 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\cttele32.dll
2014-02-12 18:09 - 2014-02-12 18:18 - 00000000 ____D () C:\Program Files\Creative
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 17:31 - 2014-02-12 17:31 - 00000029 _____ () C:\Windows\sfbm.INI
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\SysWOW64\treble.ini
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\system32\treble.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\SysWOW64\bass.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\system32\bass.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\SysWOW64\Balance.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\system32\Balance.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\SysWOW64\mids.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\system32\mids.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\SysWOW64\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\system32\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\SysWOW64\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\system32\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\SysWOW64\FlashPlayer.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\system32\FlashPlayer.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\SysWOW64\Filter.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\system32\Filter.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\2.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\2.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\SysWOW64\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\system32\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\SysWOW64\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\system32\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\5.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\5.1surroundsound.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\SysWOW64\GameMode.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\system32\GameMode.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\SysWOW64\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\system32\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\SysWOW64\speaker.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\system32\speaker.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\SysWOW64\What-U-Hear.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\system32\What-U-Hear.ini
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Realmware
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Realmware
2014-02-02 17:12 - 2014-02-02 17:12 - 00000717 _____ () C:\Users\Public\Desktop\Overseer.lnk
2014-02-02 17:12 - 1997-11-12 23:00 - 00179200 _____ (Intel Corporation) C:\Windows\SysWOW64\rsx.dll
2014-02-02 17:12 - 1997-11-12 23:00 - 00011776 _____ (Intel Corporation) C:\Windows\SysWOW64\aaudio.dll
2014-02-02 14:28 - 2014-02-02 14:30 - 00000741 _____ () C:\Users\*****\Desktop\Launch Wing Commander Saga.lnk
2014-02-02 14:28 - 2014-02-02 14:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2014-02-02 14:20 - 2014-02-02 14:30 - 00000000 ____D () C:\ProgramData\InstallMate
2014-01-29 10:52 - 2014-01-29 10:52 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-01-27 12:49 - 2014-01-27 12:49 - 00000000 ___SD () C:\Users\*****\Documents\Meine Datenquellen

==================== One Month Modified Files and Folders =======

2014-02-26 17:54 - 2014-02-26 17:54 - 00012014 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-26 17:54 - 2014-02-26 17:54 - 00000000 ____D () C:\FRST
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-02-26 17:53 - 2013-08-25 14:52 - 00000000 ____D () C:\Users\*****
2014-02-26 17:51 - 2014-02-26 17:53 - 02155008 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-02-26 17:48 - 2014-02-26 17:48 - 00079590 _____ () C:\Users\*****\Desktop\avguard.log
2014-02-26 17:43 - 2013-08-25 14:52 - 01651699 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 17:27 - 2013-08-25 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 15:01 - 2014-02-26 10:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Battle.net
2014-02-26 14:19 - 2014-02-26 14:19 - 00023270 _____ () C:\Users\*****\Desktop\AVSCAN-20140226-111128-28FEA445.LOG
2014-02-26 13:19 - 2014-02-26 13:19 - 00011235 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-26 13:19 - 2013-09-30 11:15 - 00000000 ____D () C:\Users\*****\AppData\Local\gtk-2.0
2014-02-26 13:19 - 2013-08-25 19:08 - 00000000 ____D () C:\Users\*****\.gimp-2.8
2014-02-26 13:16 - 2014-02-26 13:16 - 00000000 ____D () C:\Users\*****\.thumbnails
2014-02-26 10:58 - 2014-02-26 10:58 - 00022094 _____ () C:\Users\*****\Desktop\Rootkits_AVSCAN-20140226-101323-8D0964D9.LOG
2014-02-26 10:10 - 2014-02-26 10:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Battle.net
2014-02-26 10:07 - 2014-02-26 10:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Blizzard Entertainment
2014-02-26 09:29 - 2013-08-25 21:30 - 00000000 ____D () C:\ProgramData\Origin
2014-02-26 09:02 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 09:02 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 09:01 - 2013-08-25 18:46 - 01602716 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 09:01 - 2009-07-14 18:58 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 09:01 - 2009-07-14 18:58 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 09:00 - 2009-07-14 06:13 - 01602716 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 08:54 - 2014-02-19 09:55 - 00000784 _____ () C:\Windows\setupact.log
2014-02-26 08:54 - 2013-11-23 00:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-26 08:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 22:32 - 2013-08-26 13:47 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{69EF16A0-F618-4808-BB93-FD15DC0B4CDE}
2014-02-24 23:01 - 2013-08-25 19:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TS3Client
2014-02-24 15:40 - 2013-08-25 23:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Ubisoft Game Launcher
2014-02-24 15:01 - 2014-02-24 14:57 - 00000000 ____D () C:\Users\*****\Documents\Assassin's Creed IV Black Flag
2014-02-24 14:57 - 2013-08-26 08:44 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-24 14:57 - 2013-08-26 08:44 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-24 12:36 - 2013-10-03 11:45 - 03123272 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-02-23 22:14 - 2013-08-26 08:44 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-02-22 13:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-21 10:27 - 2013-08-25 20:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 10:27 - 2013-08-25 20:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 10:27 - 2013-08-25 20:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-19 09:55 - 2014-02-19 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-18 23:23 - 2013-08-25 21:29 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Notepad++
2014-02-17 16:23 - 2013-08-25 16:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 16:22 - 2013-08-25 16:31 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 12:17 - 2014-02-16 12:17 - 00000758 _____ () C:\Users\Public\Desktop\Baldur's Gate Trilogy.lnk
2014-02-15 22:51 - 2014-02-15 22:51 - 00003174 _____ () C:\Windows\System32\Tasks\{74D7530C-A7ED-451B-AF7C-C2F0C4B140A2}
2014-02-15 21:42 - 2014-02-15 10:54 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mp3tag
2014-02-15 21:32 - 2014-02-15 14:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-02-15 12:09 - 2014-02-15 12:09 - 00605672 _____ (Macromedia, Inc.) C:\Windows\icewind1.exe
2014-02-15 12:09 - 2014-02-15 12:09 - 00049152 _____ () C:\Windows\icewind1.scr
2014-02-14 13:48 - 2013-08-25 18:51 - 00131520 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 13:36 - 2009-07-14 05:45 - 00484488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-14 11:35 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OpenOffice
2014-02-14 11:34 - 2014-02-14 11:34 - 00000000 ___SD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-02-13 12:54 - 2013-08-25 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 12:49 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-02-12 18:23 - 2013-08-25 20:53 - 00000000 ____D () C:\ProgramData\Creative
2014-02-12 18:19 - 2013-08-25 20:53 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-02-12 18:18 - 2014-02-12 18:18 - 00000159 ___RH () C:\Windows\ctfile.rfc
2014-02-12 18:18 - 2014-02-12 18:09 - 00000000 ____D () C:\Program Files\Creative
2014-02-12 18:18 - 2013-08-25 20:53 - 00000000 ___HD () C:\Program Files (x86)\Creative Installation Information
2014-02-12 18:18 - 2013-08-25 20:52 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00000000 ____D () C:\Windows\system32\Data
2014-02-12 18:18 - 2013-08-25 15:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:31 - 2014-02-12 17:31 - 00000029 _____ () C:\Windows\sfbm.INI
2014-02-10 11:05 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\SysWOW64\treble.ini
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\system32\treble.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\SysWOW64\bass.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\system32\bass.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\SysWOW64\Balance.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\system32\Balance.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\SysWOW64\mids.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\system32\mids.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\SysWOW64\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\system32\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\SysWOW64\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\system32\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\SysWOW64\FlashPlayer.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\system32\FlashPlayer.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\SysWOW64\Filter.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\system32\Filter.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\2.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\2.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\SysWOW64\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\system32\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\SysWOW64\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\system32\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\5.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\5.1surroundsound.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\SysWOW64\GameMode.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\system32\GameMode.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\SysWOW64\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\system32\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\SysWOW64\speaker.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\system32\speaker.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\SysWOW64\What-U-Hear.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\system32\What-U-Hear.ini
2014-02-09 17:54 - 2013-08-26 12:07 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Realmware
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Realmware
2014-02-06 13:16 - 2014-02-13 12:47 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 12:47 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 12:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 12:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 12:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 12:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 12:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 12:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 12:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 12:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 12:47 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 12:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 12:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 12:47 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 12:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 12:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 12:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 12:47 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 12:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 12:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 12:47 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 12:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 12:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 12:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 12:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-13 12:47 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-13 12:47 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 12:47 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 12:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 12:47 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 12:47 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 12:47 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 12:47 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 12:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 12:47 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 12:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 20:05 - 2013-08-25 19:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-02-02 17:12 - 2014-02-02 17:12 - 00000717 _____ () C:\Users\Public\Desktop\Overseer.lnk
2014-02-02 14:30 - 2014-02-02 14:28 - 00000741 _____ () C:\Users\*****\Desktop\Launch Wing Commander Saga.lnk
2014-02-02 14:30 - 2014-02-02 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2014-02-02 14:30 - 2014-02-02 14:20 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-02 13:20 - 2013-08-25 19:14 - 00000000 ____D () C:\Users\*****\AppData\Local\DOSBox
2014-02-01 18:29 - 2013-08-28 07:05 - 00000000 ____D () C:\Users\*****\Documents\Gothic3
2014-01-29 10:52 - 2014-01-29 10:52 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-01-27 13:21 - 2013-08-25 19:24 - 00000000 ____D () C:\Users\*****\AppData\Local\Microsoft Help
2014-01-27 12:49 - 2014-01-27 12:49 - 00000000 ___SD () C:\Users\*****\Documents\Meine Datenquellen

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 17:53

==================== End Of Log ============================
FRST - Addition:
HTML-Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2014 01
Ran by ***** at 2014-02-26 17:54:54
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
AnyRail5DE (HKLM-x32\...\{0886CCF3-FC51-410B-AD1C-BD35B005E828}) (Version: 5.4.2 - DRail Modelspoor Software)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
Baldur's Gate -  The Original Saga (HKLM-x32\...\GOGPACKBALDURSGATE1_is1) (Version: 2.0.0.20 - GOG.com)
Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.1.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Commandos 2: Men of Courage (HKLM-x32\...\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}) (Version:  - )
Commandos Ammo Pack (HKLM-x32\...\GOGPACKCOMMANDOS1_is1) (Version: 2.0.0.19 - GOG.com)
ContentMod2.6 (HKLM-x32\...\ContentMod_2.6) (Version:  - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative AutoMode Switcher (HKLM-x32\...\Creative AutoMode Switcher) (Version: 1.00 - Creative Technology Limited)
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3823EC5A-1CA4-42CA-9D5B-F94ABD65410D}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
Grewe Scanner-Interface 7 (HKLM-x32\...\{B1C3F49A-DE7D-1AC1-0913-039C1A8B9B82}) (Version: 7 - Grewe Computertechnik GmbH)
Heroes of Might and Magic 2 GOLD (HKLM-x32\...\GOGPACKHOMM2GOLD_is1) (Version: 2.0.0.24 - GOG.com)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lautstärkefenster (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Master of Orion 1 and 2 (HKLM-x32\...\GOGPACKMASTEROFORION12_is1) (Version: 2.0.0.16 - GOG.com)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version:  - Blackhole)
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 27.0.1 (x86 de) (HKCU\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Overseer (HKLM-x32\...\GOGPACKTEX5_is1) (Version: 2.0.0.21 - GOG.com)
Port Royale 3 (HKLM-x32\...\{68DED384-1F74-4AEE-8B8E-95AF15572FE3}) (Version: 1.3.2.0 - Gaming Minds Studios GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
ROCCAT Ryos Keyboard Driver (HKLM-x32\...\{70F3EF93-44F4-446A-90B8-33DAB2799AF1}) (Version: 1.27.0000 - Roccat GmbH)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3.56.24 - Roxio)
Roxio Creator Business v10 (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (x32 Version: 10.1.349 - Roxio) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.10 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Softwarenetz MyDVD3 (HKLM-x32\...\MyDVD3) (Version:  - )
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
StarCitizen (HKLM-x32\...\StarCitizen) (Version: 1.0 - Cloud Imperium Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
THX-Einrichtungskonsole (HKLM-x32\...\THX_Console_Unicode) (Version:  - )
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
TSLRCM 1.8.1 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{59446CD0-D49A-4154-BDD5-59CB3B6F89AC}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{BA61259D-63F0-4177-A0E1-E4064EC2B470}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Wing Commander Saga 1.0.2.7795 (HKLM\...\{F6FD24B4-34A3-4635-8ECD-7B5C791EAE5F}) (Version: 1.0.2.7795 - Wing Commander Saga Team)
Wing Commander Saga 1.1.0.7822 (HKLM\...\{5BECA583-A49D-4C21-ADFD-89C844F1F1A1}) (Version: 1.1.0.7822 - Wing Commander Saga Team)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version:  - Egosoft)

==================== Restore Points  =========================

22-02-2014 12:18:11 Geplanter Prüfpunkt
26-02-2014 07:58:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {78CBC5A2-9A71-42D8-A2C2-7BD4B1214DC1} - \AmiUpdXp No Task File
Task: {811944B3-F398-417A-AE04-198DEB1FCF80} - System32\Tasks\{D5FEAAA7-042C-45F5-8D99-A607EA10AD7D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.60.104/de/abandoninstall?page=tsPlugin
Task: {D80AFA79-36DB-45A4-AF90-90BA3C2BDCB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {EC98EF31-80AF-4937-A90B-31E2C339A593} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {F3D6EC66-DD46-4A24-BD43-ACC8B2CD074C} - \Re-markit Update No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-23 00:26 - 2013-11-11 16:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-26 08:44 - 2014-02-24 14:57 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () d:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-12-23 13:14 - 2013-12-16 17:17 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-10-16 10:39 - 2012-10-16 10:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-08-25 19:01 - 2013-07-18 07:02 - 00394824 _____ () D:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-12-18 19:43 - 2013-12-18 19:43 - 00019968 _____ () D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2014-02-12 18:18 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-12 18:18 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-08-25 20:52 - 2006-06-09 19:20 - 00003072 _____ () C:\Windows\system32\CTXFIGER.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => D:\Program Files (x86)\New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: KiesAirMessage => D:\Program Files (x86)\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => D:\Program Files (x86)\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => D:\Program Files (x86)\Kies\KiesTrayAgent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2014 02:40:11 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/26/2014 00:58:22 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/26/2014 00:30:40 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/26/2014 11:14:41 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/26/2014 10:05:04 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/26/2014 09:09:32 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/26/2014 09:02:37 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/26/2014 08:56:43 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Ryos MK Monitor.exe, Version: 1.3.2.0, Zeitstempel: 0x52b153bd
Name des fehlerhaften Moduls: HID.DLL, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd9ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001b19
ID des fehlerhaften Prozesses: 0xbec
Startzeit der fehlerhaften Anwendung: 0xRyos MK Monitor.exe0
Pfad der fehlerhaften Anwendung: Ryos MK Monitor.exe1
Pfad des fehlerhaften Moduls: Ryos MK Monitor.exe2
Berichtskennung: Ryos MK Monitor.exe3

Error: (02/25/2014 10:35:46 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/25/2014 10:28:30 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (02/26/2014 09:09:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/26/2014 09:09:30 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (02/25/2014 10:35:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/25/2014 10:35:46 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (02/20/2014 08:30:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/20/2014 08:30:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (02/19/2014 00:18:25 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.

Error: (02/19/2014 09:58:22 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (02/17/2014 05:22:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (02/16/2014 06:18:59 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005


Microsoft Office Sessions:
=========================
Error: (02/26/2014 02:40:11 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/26/2014 00:58:22 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/26/2014 00:30:40 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/26/2014 11:14:41 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/26/2014 10:05:04 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/26/2014 09:09:32 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/26/2014 09:02:37 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/26/2014 08:56:43 AM) (Source: Application Error)(User: )
Description: Ryos MK Monitor.exe1.3.2.052b153bdHID.DLL6.1.7600.163854a5bd9ecc000000500001b19bec01cf32c831656dfaC:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exeC:\Windows\system32\HID.DLL87c60876-9ebb-11e3-8886-002522f52040

Error: (02/25/2014 10:35:46 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/25/2014 10:28:30 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


CodeIntegrity Errors:
===================================
  Date: 2013-08-29 08:32:50.810
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:50.778
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:48.396
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:48.364
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:44.694
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:44.626
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:40.397
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:40.354
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:37.673
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:37.640
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8172.45 MB
Available physical RAM: 5383.56 MB
Total Pagefile: 16343.09 MB
Available Pagefile: 13891.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:101.34 GB) (Free:41.62 GB) NTFS
Drive d: (Programme/Games) (Fixed) (Total:830.07 GB) (Free:463.74 GB) NTFS
Drive e: (Extern) (Fixed) (Total:931.51 GB) (Free:802.2 GB) NTFS
Drive h: (Windows XP) (Fixed) (Total:19.59 GB) (Free:5.85 GB) NTFS
Drive i: (XP - Programme, Games, Daten) (Fixed) (Total:133.79 GB) (Free:108.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C53C2725)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 153 GB) (Disk ID: 095B095A)
Partition 1: (Not Active) - (Size=20 GB) - (Type=OF Extended)
Partition 2: (Not Active) - (Size=134 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER

HTML-Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-26 18:10:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB
Running: k0f13hf7.exe; Driver: C:\Users\*****\AppData\Local\Temp\kxddipow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                 fffff80002dfd000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                 fffff80002dfd02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                            00000000724c1a22 2 bytes [4C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                            00000000724c1ad0 2 bytes [4C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                            00000000724c1b08 2 bytes [4C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                            00000000724c1bba 2 bytes [4C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                            00000000724c1bda 2 bytes [4C, 72]
.text     D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe[2556] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                 0000000077a6000c 1 byte [C3]
.text     D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe[2556] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                            0000000077aef8ea 5 bytes JMP 0000000177a9d5c1
.text     C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000771e1465 2 bytes [1E, 77]
.text     C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000771e14bb 2 bytes [1E, 77]
.text     ...                                                                                                                                                * 2

---- Registry - GMER 2.1 ----

Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*****\xb3ppers\Desktop\ComboFix.exe  1

---- EOF - GMER 2.1 ----

Alt 26.02.2014, 18:36   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Avira-Fund TR/Patched.Ren.Gen8 - Standard

Avira-Fund TR/Patched.Ren.Gen8



Hi,

Jede Software in der Additional.txt, wo <==== Atttention dahinter steht, deinstallieren.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 27.02.2014, 10:56   #3
Icetrack
 
Avira-Fund TR/Patched.Ren.Gen8 - Standard

Avira-Fund TR/Patched.Ren.Gen8



Hi schrauber! Danke für die schnelle Antwort und Hilfe!

Ich habe die Additional.txt durchgesehen, meine aber keine Einträge mit dieser Bemerkung zu sehen. Kann das sein?

Mit dem adwcleaner hat das geklappt:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.019 - Bericht erstellt am 26/02/2014 um 18:44:20
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ***** - GTX770-8GB-I5
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\out617ip.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [891 octets] - [26/02/2014 18:43:30]
AdwCleaner[S0].txt - [813 octets] - [26/02/2014 18:44:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [872 octets] ##########
         
--- --- ---


Mit JRT habe ich ein Problem. Es kommt der Hinweis "bad module detected". Ich werde gefragt, ob ich neustarten will, um das zu entfernen. Wenn ich dann "y" eingebe, startet der PC auch neu, nach den Neustart öffnet sich die cmd dann aber nur kurz, nachdem ich das als Admin authorisiert habe und es wird kein Logfile generiert.
Ich habe JRT daher noch einmal gestartet, bekomme dann aber erneut den "bad module detected" Hinweis.


Edit: Ich bin auf die Idee gekommen bei JRT nach dem "bad module detected" Hinweis (siehe oben) mal "no" zu wählen. Er meckert an der Stelle zwar weiterhin, aber das Log ist jetzt da:

HTML-Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 27.02.2014 at 10:43:03,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.02.2014 at 10:46:50,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by ***** (administrator) on GTX770-8GB-I5 on 27-02-2014 10:50:19
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Samsung) D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - D:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [avgnt] - D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKU\S-1-5-21-3433850409-1594362354-2394267938-1000\...\Run: [] - D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E54BDDDADA1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\out617ip.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\out617ip.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-25]
FF HKCU\...\Firefox\Extensions: [{d97497ae-755d-453a-80bc-9d2460f183ce}] - C:\Program Files (x86)\Re-markit\150.xpi
FF StartMenuInternet: FIREFOX.EXE - d:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-24] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-16] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-08-26] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-08-26] ()
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-09-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30888 2013-10-14] (Razer Inc)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [171144 2007-05-01] (Saitek)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [181024 2013-04-30] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 10:48 - 2014-02-27 10:50 - 00012014 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-27 10:47 - 2014-02-27 10:47 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-02-27 10:46 - 2014-02-27 10:46 - 00000633 _____ () C:\Users\*****\Desktop\JRT.txt
2014-02-26 18:43 - 2014-02-26 18:44 - 00000000 ____D () C:\AdwCleaner
2014-02-26 18:41 - 2014-02-26 18:41 - 01241834 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-26 18:41 - 2014-02-26 18:41 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-26 17:54 - 2014-02-27 10:50 - 00000000 ____D () C:\FRST
2014-02-26 17:53 - 2014-02-27 10:47 - 02155520 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-02-26 13:19 - 2014-02-26 13:19 - 00011235 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-26 13:16 - 2014-02-26 13:16 - 00000000 ____D () C:\Users\*****\.thumbnails
2014-02-26 10:09 - 2014-02-26 23:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Battle.net
2014-02-26 10:09 - 2014-02-26 10:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Battle.net
2014-02-26 10:07 - 2014-02-26 10:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Blizzard Entertainment
2014-02-24 14:57 - 2014-02-24 15:01 - 00000000 ____D () C:\Users\*****\Documents\Assassin's Creed IV Black Flag
2014-02-19 09:55 - 2014-02-27 09:24 - 00001064 _____ () C:\Windows\setupact.log
2014-02-19 09:55 - 2014-02-19 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 12:17 - 2014-02-16 12:17 - 00000758 _____ () C:\Users\Public\Desktop\Baldur's Gate Trilogy.lnk
2014-02-15 22:51 - 2014-02-15 22:51 - 00003174 _____ () C:\Windows\System32\Tasks\{74D7530C-A7ED-451B-AF7C-C2F0C4B140A2}
2014-02-15 14:45 - 2014-02-15 21:32 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-02-15 12:09 - 2014-02-15 12:09 - 00605672 _____ (Macromedia, Inc.) C:\Windows\icewind1.exe
2014-02-15 12:09 - 2014-02-15 12:09 - 00049152 _____ () C:\Windows\icewind1.scr
2014-02-15 10:54 - 2014-02-15 21:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mp3tag
2014-02-14 11:35 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OpenOffice
2014-02-14 11:34 - 2014-02-14 11:34 - 00000000 ___SD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-02-13 12:48 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 12:48 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 12:48 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 12:48 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 12:48 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 12:48 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 12:48 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 12:48 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 12:48 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 12:48 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 12:48 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 12:47 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 12:47 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 12:47 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 12:47 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 12:47 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 12:47 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 12:47 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 12:47 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 12:47 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 12:47 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 12:47 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 12:47 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 12:47 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 12:47 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 12:47 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 12:47 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 12:47 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 12:47 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 12:47 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 12:47 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 12:47 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 12:47 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 12:47 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 12:47 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 12:47 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 12:47 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 12:47 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 12:47 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 12:47 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 12:47 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 12:10 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 12:10 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 12:10 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 12:10 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 12:10 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 12:10 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 12:10 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 12:10 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 12:10 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 12:10 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 12:10 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 12:09 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 12:09 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 12:09 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 12:09 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-02-12 18:18 - 2014-02-12 18:18 - 00000159 ___RH () C:\Windows\ctfile.rfc
2014-02-12 18:18 - 2009-03-26 14:48 - 00190976 _____ () C:\Windows\system32\APOMgr64.DLL
2014-02-12 18:18 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-12 18:18 - 2009-02-06 18:53 - 00089088 _____ () C:\Windows\system32\CmdRtr64.DLL
2014-02-12 18:18 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-02-12 18:18 - 2008-02-04 09:27 - 00102400 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\cttele32.dll
2014-02-12 18:09 - 2014-02-12 18:18 - 00000000 ____D () C:\Program Files\Creative
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 17:31 - 2014-02-12 17:31 - 00000029 _____ () C:\Windows\sfbm.INI
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\SysWOW64\treble.ini
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\system32\treble.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\SysWOW64\bass.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\system32\bass.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\SysWOW64\Balance.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\system32\Balance.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\SysWOW64\mids.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\system32\mids.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\SysWOW64\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\system32\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\SysWOW64\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\system32\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\SysWOW64\FlashPlayer.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\system32\FlashPlayer.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\SysWOW64\Filter.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\system32\Filter.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\2.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\2.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\SysWOW64\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\system32\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\SysWOW64\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\system32\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\5.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\5.1surroundsound.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\SysWOW64\GameMode.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\system32\GameMode.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\SysWOW64\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\system32\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\SysWOW64\speaker.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\system32\speaker.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\SysWOW64\What-U-Hear.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\system32\What-U-Hear.ini
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Realmware
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Realmware
2014-02-02 17:12 - 2014-02-02 17:12 - 00000717 _____ () C:\Users\Public\Desktop\Overseer.lnk
2014-02-02 17:12 - 1997-11-12 23:00 - 00179200 _____ (Intel Corporation) C:\Windows\SysWOW64\rsx.dll
2014-02-02 17:12 - 1997-11-12 23:00 - 00011776 _____ (Intel Corporation) C:\Windows\SysWOW64\aaudio.dll
2014-02-02 14:28 - 2014-02-02 14:30 - 00000741 _____ () C:\Users\*****\Desktop\Launch Wing Commander Saga.lnk
2014-02-02 14:28 - 2014-02-02 14:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2014-02-02 14:20 - 2014-02-02 14:30 - 00000000 ____D () C:\ProgramData\InstallMate
2014-01-29 10:52 - 2014-01-29 10:52 - 00000000 ____D () C:\Users\Public\Documents\CrashDump

==================== One Month Modified Files and Folders =======

2014-02-27 10:50 - 2014-02-27 10:48 - 00012014 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-27 10:50 - 2014-02-26 17:54 - 00000000 ____D () C:\FRST
2014-02-27 10:47 - 2014-02-27 10:47 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-02-27 10:47 - 2014-02-26 17:53 - 02155520 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-02-27 10:47 - 2013-08-25 19:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TS3Client
2014-02-27 10:46 - 2014-02-27 10:46 - 00000633 _____ () C:\Users\*****\Desktop\JRT.txt
2014-02-27 10:27 - 2013-08-25 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 09:32 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 09:32 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 09:28 - 2013-08-25 14:52 - 01693162 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 09:25 - 2013-08-25 14:52 - 00000000 ____D () C:\Users\*****
2014-02-27 09:24 - 2014-02-19 09:55 - 00001064 _____ () C:\Windows\setupact.log
2014-02-27 09:24 - 2013-11-23 00:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-27 09:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 23:45 - 2014-02-26 10:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Battle.net
2014-02-26 23:43 - 2013-08-26 09:38 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-26 23:43 - 2013-08-25 19:13 - 00000000 ____D () C:\Users\*****\Documents\StarCraft II
2014-02-26 23:33 - 2013-08-25 21:30 - 00000000 ____D () C:\ProgramData\Origin
2014-02-26 23:13 - 2013-08-26 13:47 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{69EF16A0-F618-4808-BB93-FD15DC0B4CDE}
2014-02-26 18:44 - 2014-02-26 18:43 - 00000000 ____D () C:\AdwCleaner
2014-02-26 18:41 - 2014-02-26 18:41 - 01241834 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-26 18:41 - 2014-02-26 18:41 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-02-26 13:19 - 2014-02-26 13:19 - 00011235 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-26 13:19 - 2013-09-30 11:15 - 00000000 ____D () C:\Users\*****\AppData\Local\gtk-2.0
2014-02-26 13:19 - 2013-08-25 19:08 - 00000000 ____D () C:\Users\*****\.gimp-2.8
2014-02-26 13:16 - 2014-02-26 13:16 - 00000000 ____D () C:\Users\*****\.thumbnails
2014-02-26 10:10 - 2014-02-26 10:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Battle.net
2014-02-26 10:07 - 2014-02-26 10:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Blizzard Entertainment
2014-02-26 09:01 - 2013-08-25 18:46 - 01602716 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 09:01 - 2009-07-14 18:58 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 09:01 - 2009-07-14 18:58 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 09:00 - 2009-07-14 06:13 - 01602716 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-24 15:40 - 2013-08-25 23:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Ubisoft Game Launcher
2014-02-24 15:01 - 2014-02-24 14:57 - 00000000 ____D () C:\Users\*****\Documents\Assassin's Creed IV Black Flag
2014-02-24 14:57 - 2013-08-26 08:44 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-24 14:57 - 2013-08-26 08:44 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-24 12:36 - 2013-10-03 11:45 - 03123272 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-02-23 22:14 - 2013-08-26 08:44 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-02-22 13:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-21 10:27 - 2013-08-25 20:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 10:27 - 2013-08-25 20:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 10:27 - 2013-08-25 20:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-19 09:55 - 2014-02-19 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-18 23:23 - 2013-08-25 21:29 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Notepad++
2014-02-17 16:23 - 2013-08-25 16:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 16:22 - 2013-08-25 16:31 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 12:17 - 2014-02-16 12:17 - 00000758 _____ () C:\Users\Public\Desktop\Baldur's Gate Trilogy.lnk
2014-02-15 22:51 - 2014-02-15 22:51 - 00003174 _____ () C:\Windows\System32\Tasks\{74D7530C-A7ED-451B-AF7C-C2F0C4B140A2}
2014-02-15 21:42 - 2014-02-15 10:54 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mp3tag
2014-02-15 21:32 - 2014-02-15 14:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-02-15 12:09 - 2014-02-15 12:09 - 00605672 _____ (Macromedia, Inc.) C:\Windows\icewind1.exe
2014-02-15 12:09 - 2014-02-15 12:09 - 00049152 _____ () C:\Windows\icewind1.scr
2014-02-14 13:48 - 2013-08-25 18:51 - 00131520 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 13:36 - 2009-07-14 05:45 - 00484488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-14 11:35 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OpenOffice
2014-02-14 11:34 - 2014-02-14 11:34 - 00000000 ___SD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-02-13 12:54 - 2013-08-25 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 12:49 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-02-12 18:23 - 2013-08-25 20:53 - 00000000 ____D () C:\ProgramData\Creative
2014-02-12 18:19 - 2013-08-25 20:53 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-02-12 18:18 - 2014-02-12 18:18 - 00000159 ___RH () C:\Windows\ctfile.rfc
2014-02-12 18:18 - 2014-02-12 18:09 - 00000000 ____D () C:\Program Files\Creative
2014-02-12 18:18 - 2013-08-25 20:53 - 00000000 ___HD () C:\Program Files (x86)\Creative Installation Information
2014-02-12 18:18 - 2013-08-25 20:52 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00000000 ____D () C:\Windows\system32\Data
2014-02-12 18:18 - 2013-08-25 15:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:31 - 2014-02-12 17:31 - 00000029 _____ () C:\Windows\sfbm.INI
2014-02-10 11:05 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\SysWOW64\treble.ini
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\system32\treble.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\SysWOW64\bass.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\system32\bass.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\SysWOW64\Balance.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\system32\Balance.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\SysWOW64\mids.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\system32\mids.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\SysWOW64\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\system32\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\SysWOW64\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\system32\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\SysWOW64\FlashPlayer.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\system32\FlashPlayer.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\SysWOW64\Filter.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\system32\Filter.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\2.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\2.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\SysWOW64\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\system32\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\SysWOW64\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\system32\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\5.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\5.1surroundsound.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\SysWOW64\GameMode.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\system32\GameMode.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\SysWOW64\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\system32\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\SysWOW64\speaker.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\system32\speaker.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\SysWOW64\What-U-Hear.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\system32\What-U-Hear.ini
2014-02-09 17:54 - 2013-08-26 12:07 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Realmware
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Realmware
2014-02-06 13:16 - 2014-02-13 12:47 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 12:47 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 12:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 12:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 12:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 12:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 12:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 12:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 12:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 12:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 12:47 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 12:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 12:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 12:47 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 12:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 12:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 12:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 12:47 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 12:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 12:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 12:47 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 12:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 12:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 12:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 12:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-13 12:47 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-13 12:47 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 12:47 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 12:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 12:47 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 12:47 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 12:47 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 12:47 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 12:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 12:47 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 12:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 20:05 - 2013-08-25 19:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-02-02 17:12 - 2014-02-02 17:12 - 00000717 _____ () C:\Users\Public\Desktop\Overseer.lnk
2014-02-02 14:30 - 2014-02-02 14:28 - 00000741 _____ () C:\Users\*****\Desktop\Launch Wing Commander Saga.lnk
2014-02-02 14:30 - 2014-02-02 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2014-02-02 14:30 - 2014-02-02 14:20 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-02 13:20 - 2013-08-25 19:14 - 00000000 ____D () C:\Users\*****\AppData\Local\DOSBox
2014-02-01 18:29 - 2013-08-28 07:05 - 00000000 ____D () C:\Users\*****\Documents\Gothic3
2014-01-29 10:52 - 2014-01-29 10:52 - 00000000 ____D () C:\Users\Public\Documents\CrashDump

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 17:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

HTML-Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by  at 2014-02-27 10:50:30
Running from C:\Users\\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
AnyRail5DE (HKLM-x32\...\{0886CCF3-FC51-410B-AD1C-BD35B005E828}) (Version: 5.4.2 - DRail Modelspoor Software)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
Baldur's Gate -  The Original Saga (HKLM-x32\...\GOGPACKBALDURSGATE1_is1) (Version: 2.0.0.20 - GOG.com)
Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.1.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Commandos 2: Men of Courage (HKLM-x32\...\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}) (Version:  - )
Commandos Ammo Pack (HKLM-x32\...\GOGPACKCOMMANDOS1_is1) (Version: 2.0.0.19 - GOG.com)
ContentMod2.6 (HKLM-x32\...\ContentMod_2.6) (Version:  - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative AutoMode Switcher (HKLM-x32\...\Creative AutoMode Switcher) (Version: 1.00 - Creative Technology Limited)
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3823EC5A-1CA4-42CA-9D5B-F94ABD65410D}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
Grewe Scanner-Interface 7 (HKLM-x32\...\{B1C3F49A-DE7D-1AC1-0913-039C1A8B9B82}) (Version: 7 - Grewe Computertechnik GmbH)
Heroes of Might and Magic 2 GOLD (HKLM-x32\...\GOGPACKHOMM2GOLD_is1) (Version: 2.0.0.24 - GOG.com)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lautstärkefenster (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Master of Orion 1 and 2 (HKLM-x32\...\GOGPACKMASTEROFORION12_is1) (Version: 2.0.0.16 - GOG.com)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version:  - Blackhole)
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 27.0.1 (x86 de) (HKCU\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Overseer (HKLM-x32\...\GOGPACKTEX5_is1) (Version: 2.0.0.21 - GOG.com)
Port Royale 3 (HKLM-x32\...\{68DED384-1F74-4AEE-8B8E-95AF15572FE3}) (Version: 1.3.2.0 - Gaming Minds Studios GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
ROCCAT Ryos Keyboard Driver (HKLM-x32\...\{70F3EF93-44F4-446A-90B8-33DAB2799AF1}) (Version: 1.27.0000 - Roccat GmbH)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3.56.24 - Roxio)
Roxio Creator Business v10 (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (x32 Version: 10.1.349 - Roxio) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.10 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Softwarenetz MyDVD3 (HKLM-x32\...\MyDVD3) (Version:  - )
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
StarCitizen (HKLM-x32\...\StarCitizen) (Version: 1.0 - Cloud Imperium Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
THX-Einrichtungskonsole (HKLM-x32\...\THX_Console_Unicode) (Version:  - )
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
TSLRCM 1.8.1 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{59446CD0-D49A-4154-BDD5-59CB3B6F89AC}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FF62F7C1-9491-457C-BBAE-DBC6FD1DB968}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{BA61259D-63F0-4177-A0E1-E4064EC2B470}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Wing Commander Saga 1.0.2.7795 (HKLM\...\{F6FD24B4-34A3-4635-8ECD-7B5C791EAE5F}) (Version: 1.0.2.7795 - Wing Commander Saga Team)
Wing Commander Saga 1.1.0.7822 (HKLM\...\{5BECA583-A49D-4C21-ADFD-89C844F1F1A1}) (Version: 1.1.0.7822 - Wing Commander Saga Team)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version:  - Egosoft)

==================== Restore Points  =========================

22-02-2014 12:18:11 Geplanter Prüfpunkt
26-02-2014 07:58:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {78CBC5A2-9A71-42D8-A2C2-7BD4B1214DC1} - \AmiUpdXp No Task File
Task: {811944B3-F398-417A-AE04-198DEB1FCF80} - System32\Tasks\{D5FEAAA7-042C-45F5-8D99-A607EA10AD7D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.60.104/de/abandoninstall?page=tsPlugin
Task: {D80AFA79-36DB-45A4-AF90-90BA3C2BDCB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {EC98EF31-80AF-4937-A90B-31E2C339A593} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {F3D6EC66-DD46-4A24-BD43-ACC8B2CD074C} - \Re-markit Update No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-23 00:26 - 2013-11-11 16:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-26 08:44 - 2014-02-24 14:57 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-23 13:14 - 2013-12-16 17:17 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-10-16 10:39 - 2012-10-16 10:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () d:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-08-25 19:01 - 2013-07-18 07:02 - 00394824 _____ () D:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-12-18 19:43 - 2013-12-18 19:43 - 00019968 _____ () D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2014-02-12 18:18 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-12 18:18 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-08-25 20:52 - 2006-06-09 19:20 - 00003072 _____ () C:\Windows\system32\CTXFIGER.DLL
2014-02-15 08:33 - 2014-02-15 08:33 - 03578992 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => D:\Program Files (x86)\New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: KiesAirMessage => D:\Program Files (x86)\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => D:\Program Files (x86)\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => D:\Program Files (x86)\Kies\KiesTrayAgent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-29 08:32:50.810
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:50.778
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:48.396
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:48.364
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:44.694
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:44.626
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:40.397
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:40.354
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:37.673
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-29 08:32:37.640
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 8172.45 MB
Available physical RAM: 6213.61 MB
Total Pagefile: 16343.09 MB
Available Pagefile: 14231.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:101.34 GB) (Free:41.48 GB) NTFS
Drive d: (Programme/Games) (Fixed) (Total:830.07 GB) (Free:463.51 GB) NTFS
Drive e: (Extern) (Fixed) (Total:931.51 GB) (Free:802.21 GB) NTFS
Drive h: (Windows XP) (Fixed) (Total:19.59 GB) (Free:5.85 GB) NTFS
Drive i: (XP - Programme, Games, Daten) (Fixed) (Total:133.79 GB) (Free:108.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C53C2725)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 153 GB) (Disk ID: 095B095A)
Partition 1: (Not Active) - (Size=20 GB) - (Type=OF Extended)
Partition 2: (Not Active) - (Size=134 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)

Partition: GPT Partition Type.

==================== End Of Log ============================
__________________

Alt 27.02.2014, 18:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Avira-Fund TR/Patched.Ren.Gen8 - Standard

Avira-Fund TR/Patched.Ren.Gen8



Passt schon.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.02.2014, 15:35   #5
Icetrack
 
Avira-Fund TR/Patched.Ren.Gen8 - Standard

Avira-Fund TR/Patched.Ren.Gen8



Antivir hat sich jedenfalls nicht mehr gemeldet, wegen unerlaubtem Zugriff auf diese antivir-eigene exe. Vielleicht hatte es sich nur vor sich selbst erschreckt. Ich muss da unbedingt mal umsteigen. Über die Uni könnte ich als Student Sophos beziehen, weiß aber nicht so recht, was ich davon halten soll.

In der Registry ist scheinbar immer noch ein Eintrag von Re-Markit. Sieht man im FRST-Log. Wäre es sinnig das manuell zu löschen?

Die Firefox-Version ist, wenn man im Browser nachsieht, übrigens 27.0.1 und nicht 23, wie beim Security-Check Log steht.

HTML-Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8831ac9ae47d114cac34d248ee1cf4e6
# engine=17262
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-28 01:41:22
# local_time=2014-02-28 02:41:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 17007 259018172 58258 0
# compatibility_mode=5893 16776574 100 94 16142595 145224732 0 0
# scanned=608941
# found=0
# cleaned=0
# scan_time=12981
HTML-Code:
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/u][/b][u][/u] 
 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] 
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/u][/b][u][/u] 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
  Adobe Flash Player 12.0.0.70 [b][color=red]Flash Player out of Date![/color][/b]  
 Mozilla Firefox 23.0.1 [color=red][b]Firefox out of Date![/b][/color]  
[b][u]````````Process Check: objlist.exe by Laurent````````[/u][/b][u][/u]  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
[b][u]`````````````````System Health check`````````````````[/u][/b][u][/u] 
 Total Fragmentation on Drive C:  
[b][u]````````````````````End of Log``````````````````````[/u][/b][u][/u] 


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by ***** (administrator) on GTX770-8GB-I5 on 28-02-2014 15:23:35
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Samsung) D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Avira Operations GmbH & Co. KG) D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - D:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [avgnt] - D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKU\S-1-5-21-3433850409-1594362354-2394267938-1000\...\Run: [] - D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E54BDDDADA1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\out617ip.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\out617ip.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-25]
FF HKCU\...\Firefox\Extensions: [{d97497ae-755d-453a-80bc-9d2460f183ce}] - C:\Program Files (x86)\Re-markit\150.xpi
FF StartMenuInternet: FIREFOX.EXE - d:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-24] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-16] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-08-26] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-08-26] ()
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-09-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30888 2013-10-14] (Razer Inc)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [171144 2007-05-01] (Saitek)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [181024 2013-04-30] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 15:23 - 2014-02-28 15:23 - 00012237 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-28 15:20 - 2014-02-28 15:20 - 00000921 _____ () C:\Users\*****\Desktop\checkup.txt
2014-02-28 15:18 - 2014-02-28 15:18 - 00987425 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-02-26 18:43 - 2014-02-26 18:44 - 00000000 ____D () C:\AdwCleaner
2014-02-26 18:41 - 2014-02-26 18:41 - 01241834 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-26 18:41 - 2014-02-26 18:41 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-26 17:54 - 2014-02-28 15:23 - 00000000 ____D () C:\FRST
2014-02-26 17:53 - 2014-02-27 10:47 - 02155520 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-02-26 13:19 - 2014-02-26 13:19 - 00011235 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-26 13:16 - 2014-02-26 13:16 - 00000000 ____D () C:\Users\*****\.thumbnails
2014-02-26 10:09 - 2014-02-28 11:40 - 00000000 ____D () C:\Users\*****\AppData\Local\Battle.net
2014-02-26 10:09 - 2014-02-26 10:10 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Battle.net
2014-02-26 10:07 - 2014-02-26 10:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Blizzard Entertainment
2014-02-24 14:57 - 2014-02-24 15:01 - 00000000 ____D () C:\Users\*****\Documents\Assassin's Creed IV Black Flag
2014-02-19 09:55 - 2014-02-28 14:48 - 00001176 _____ () C:\Windows\setupact.log
2014-02-19 09:55 - 2014-02-19 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 12:17 - 2014-02-16 12:17 - 00000758 _____ () C:\Users\Public\Desktop\Baldur's Gate Trilogy.lnk
2014-02-15 22:51 - 2014-02-15 22:51 - 00003174 _____ () C:\Windows\System32\Tasks\{74D7530C-A7ED-451B-AF7C-C2F0C4B140A2}
2014-02-15 14:45 - 2014-02-15 21:32 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-02-15 12:09 - 2014-02-15 12:09 - 00605672 _____ (Macromedia, Inc.) C:\Windows\icewind1.exe
2014-02-15 12:09 - 2014-02-15 12:09 - 00049152 _____ () C:\Windows\icewind1.scr
2014-02-15 10:54 - 2014-02-15 21:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mp3tag
2014-02-14 11:35 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OpenOffice
2014-02-14 11:34 - 2014-02-14 11:34 - 00000000 ___SD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-02-13 12:48 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 12:48 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 12:48 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 12:48 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 12:48 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 12:48 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 12:48 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 12:48 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 12:48 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 12:48 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 12:48 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 12:47 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 12:47 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 12:47 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 12:47 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 12:47 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 12:47 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 12:47 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 12:47 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 12:47 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 12:47 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 12:47 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 12:47 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 12:47 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 12:47 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 12:47 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 12:47 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 12:47 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 12:47 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 12:47 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 12:47 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 12:47 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 12:47 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 12:47 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 12:47 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 12:47 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 12:47 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 12:47 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 12:47 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 12:47 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 12:47 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 12:10 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 12:10 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 12:10 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 12:10 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 12:10 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 12:10 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 12:10 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 12:10 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 12:10 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 12:10 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 12:10 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 12:10 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 12:10 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 12:10 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 12:10 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 12:09 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 12:09 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 12:09 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 12:09 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-02-12 18:18 - 2014-02-12 18:18 - 00000159 ___RH () C:\Windows\ctfile.rfc
2014-02-12 18:18 - 2009-03-26 14:48 - 00190976 _____ () C:\Windows\system32\APOMgr64.DLL
2014-02-12 18:18 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-12 18:18 - 2009-02-06 18:53 - 00089088 _____ () C:\Windows\system32\CmdRtr64.DLL
2014-02-12 18:18 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-02-12 18:18 - 2008-02-04 09:27 - 00102400 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\cttele32.dll
2014-02-12 18:09 - 2014-02-12 18:18 - 00000000 ____D () C:\Program Files\Creative
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 17:31 - 2014-02-12 17:31 - 00000029 _____ () C:\Windows\sfbm.INI
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\SysWOW64\treble.ini
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\system32\treble.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\SysWOW64\bass.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\system32\bass.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\SysWOW64\Balance.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\system32\Balance.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\SysWOW64\mids.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\system32\mids.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\SysWOW64\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\system32\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\SysWOW64\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\system32\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\SysWOW64\FlashPlayer.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\system32\FlashPlayer.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\SysWOW64\Filter.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\system32\Filter.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\2.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\2.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\SysWOW64\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\system32\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\SysWOW64\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\system32\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\5.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\5.1surroundsound.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\SysWOW64\GameMode.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\system32\GameMode.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\SysWOW64\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\system32\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\SysWOW64\speaker.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\system32\speaker.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\SysWOW64\What-U-Hear.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\system32\What-U-Hear.ini
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Realmware
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Realmware
2014-02-02 17:12 - 2014-02-02 17:12 - 00000717 _____ () C:\Users\Public\Desktop\Overseer.lnk
2014-02-02 17:12 - 1997-11-12 23:00 - 00179200 _____ (Intel Corporation) C:\Windows\SysWOW64\rsx.dll
2014-02-02 17:12 - 1997-11-12 23:00 - 00011776 _____ (Intel Corporation) C:\Windows\SysWOW64\aaudio.dll
2014-02-02 14:28 - 2014-02-02 14:30 - 00000741 _____ () C:\Users\*****\Desktop\Launch Wing Commander Saga.lnk
2014-02-02 14:28 - 2014-02-02 14:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2014-02-02 14:20 - 2014-02-02 14:30 - 00000000 ____D () C:\ProgramData\InstallMate
2014-01-29 10:52 - 2014-01-29 10:52 - 00000000 ____D () C:\Users\Public\Documents\CrashDump

==================== One Month Modified Files and Folders =======

2014-02-28 15:23 - 2014-02-28 15:23 - 00012237 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-28 15:23 - 2014-02-26 17:54 - 00000000 ____D () C:\FRST
2014-02-28 15:20 - 2014-02-28 15:20 - 00000921 _____ () C:\Users\*****\Desktop\checkup.txt
2014-02-28 15:18 - 2014-02-28 15:18 - 00987425 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-02-28 14:56 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 14:56 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 14:52 - 2013-08-25 14:52 - 01750082 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 14:48 - 2014-02-19 09:55 - 00001176 _____ () C:\Windows\setupact.log
2014-02-28 14:48 - 2013-11-23 00:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-28 14:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 14:27 - 2013-08-25 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 11:40 - 2014-02-26 10:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Battle.net
2014-02-28 11:34 - 2013-08-25 21:30 - 00000000 ____D () C:\ProgramData\Origin
2014-02-28 11:00 - 2013-08-25 14:52 - 00000000 ____D () C:\Users\*****
2014-02-28 02:21 - 2013-08-25 19:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TS3Client
2014-02-27 23:55 - 2013-08-26 13:47 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{69EF16A0-F618-4808-BB93-FD15DC0B4CDE}
2014-02-27 10:47 - 2014-02-26 17:53 - 02155520 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-02-26 23:43 - 2013-08-26 09:38 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-26 23:43 - 2013-08-25 19:13 - 00000000 ____D () C:\Users\*****\Documents\StarCraft II
2014-02-26 18:44 - 2014-02-26 18:43 - 00000000 ____D () C:\AdwCleaner
2014-02-26 18:41 - 2014-02-26 18:41 - 01241834 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-26 18:41 - 2014-02-26 18:41 - 01037734 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-26 17:53 - 2014-02-26 17:53 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-02-26 13:19 - 2014-02-26 13:19 - 00011235 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-02-26 13:19 - 2013-09-30 11:15 - 00000000 ____D () C:\Users\*****\AppData\Local\gtk-2.0
2014-02-26 13:19 - 2013-08-25 19:08 - 00000000 ____D () C:\Users\*****\.gimp-2.8
2014-02-26 13:16 - 2014-02-26 13:16 - 00000000 ____D () C:\Users\*****\.thumbnails
2014-02-26 10:10 - 2014-02-26 10:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Battle.net
2014-02-26 10:07 - 2014-02-26 10:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Blizzard Entertainment
2014-02-26 09:01 - 2013-08-25 18:46 - 01602716 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 09:01 - 2009-07-14 18:58 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 09:01 - 2009-07-14 18:58 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 09:00 - 2009-07-14 06:13 - 01602716 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-24 15:40 - 2013-08-25 23:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Ubisoft Game Launcher
2014-02-24 15:01 - 2014-02-24 14:57 - 00000000 ____D () C:\Users\*****\Documents\Assassin's Creed IV Black Flag
2014-02-24 14:57 - 2013-08-26 08:44 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-24 14:57 - 2013-08-26 08:44 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-24 12:36 - 2013-10-03 11:45 - 03123272 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-02-23 22:14 - 2013-08-26 08:44 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-02-22 13:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-21 10:27 - 2013-08-25 20:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 10:27 - 2013-08-25 20:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 10:27 - 2013-08-25 20:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-19 09:55 - 2014-02-19 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-18 23:23 - 2013-08-25 21:29 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Notepad++
2014-02-17 16:23 - 2013-08-25 16:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 16:22 - 2013-08-25 16:31 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 12:17 - 2014-02-16 12:17 - 00000758 _____ () C:\Users\Public\Desktop\Baldur's Gate Trilogy.lnk
2014-02-15 22:51 - 2014-02-15 22:51 - 00003174 _____ () C:\Windows\System32\Tasks\{74D7530C-A7ED-451B-AF7C-C2F0C4B140A2}
2014-02-15 21:42 - 2014-02-15 10:54 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mp3tag
2014-02-15 21:32 - 2014-02-15 14:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-02-15 12:09 - 2014-02-15 12:09 - 00605672 _____ (Macromedia, Inc.) C:\Windows\icewind1.exe
2014-02-15 12:09 - 2014-02-15 12:09 - 00049152 _____ () C:\Windows\icewind1.scr
2014-02-14 13:48 - 2013-08-25 18:51 - 00131520 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 13:36 - 2009-07-14 05:45 - 00484488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-14 11:35 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OpenOffice
2014-02-14 11:34 - 2014-02-14 11:34 - 00000000 ___SD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-02-13 12:54 - 2013-08-25 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 12:49 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-02-13 00:30 - 2014-02-13 00:30 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-02-12 18:23 - 2013-08-25 20:53 - 00000000 ____D () C:\ProgramData\Creative
2014-02-12 18:19 - 2013-08-25 20:53 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-02-12 18:18 - 2014-02-12 18:18 - 00000159 ___RH () C:\Windows\ctfile.rfc
2014-02-12 18:18 - 2014-02-12 18:09 - 00000000 ____D () C:\Program Files\Creative
2014-02-12 18:18 - 2013-08-25 20:53 - 00000000 ___HD () C:\Program Files (x86)\Creative Installation Information
2014-02-12 18:18 - 2013-08-25 20:52 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-02-12 18:18 - 2013-08-25 20:52 - 00000000 ____D () C:\Windows\system32\Data
2014-02-12 18:18 - 2013-08-25 15:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-02-12 17:53 - 2014-02-12 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:31 - 2014-02-12 17:31 - 00000029 _____ () C:\Windows\sfbm.INI
2014-02-10 11:05 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\SysWOW64\treble.ini
2014-02-10 01:14 - 2014-02-10 01:14 - 00012421 _____ () C:\Windows\system32\treble.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\SysWOW64\bass.ini
2014-02-10 01:10 - 2014-02-10 01:10 - 00012018 _____ () C:\Windows\system32\bass.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\SysWOW64\Balance.ini
2014-02-10 01:07 - 2014-02-10 01:07 - 00199244 _____ () C:\Windows\system32\Balance.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\SysWOW64\mids.ini
2014-02-10 01:02 - 2014-02-10 01:02 - 00020023 _____ () C:\Windows\system32\mids.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\SysWOW64\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00035090 _____ () C:\Windows\system32\Optimize.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\SysWOW64\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001620 _____ () C:\Windows\system32\microphone.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\SysWOW64\FlashPlayer.ini
2014-02-10 01:01 - 2014-02-10 01:01 - 00001590 _____ () C:\Windows\system32\FlashPlayer.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\SysWOW64\Filter.ini
2014-02-10 00:59 - 2014-02-10 00:59 - 00034482 _____ () C:\Windows\system32\Filter.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\SysWOW64\2.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\4.1surroundsound.ini
2014-02-10 00:58 - 2014-02-10 00:58 - 00001943 _____ () C:\Windows\system32\2.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\SysWOW64\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023420 _____ () C:\Windows\system32\AudioCreationMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\SysWOW64\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00023312 _____ () C:\Windows\system32\EntertainmentMode.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\SysWOW64\5.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\7.1surroundsound.ini
2014-02-10 00:57 - 2014-02-10 00:57 - 00001943 _____ () C:\Windows\system32\5.1surroundsound.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\SysWOW64\GameMode.ini
2014-02-10 00:56 - 2014-02-10 00:56 - 00023328 _____ () C:\Windows\system32\GameMode.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\SysWOW64\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00032156 _____ () C:\Windows\system32\tweaks.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\SysWOW64\speaker.ini
2014-02-10 00:50 - 2014-02-10 00:50 - 00029504 _____ () C:\Windows\system32\speaker.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\SysWOW64\What-U-Hear.ini
2014-02-10 00:40 - 2014-02-10 00:40 - 00001425 _____ () C:\Windows\system32\What-U-Hear.ini
2014-02-09 17:54 - 2013-08-26 12:07 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Realmware
2014-02-09 17:45 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\*****\AppData\Local\Realmware
2014-02-06 13:16 - 2014-02-13 12:47 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 12:47 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 12:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 12:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 12:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 12:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 12:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 12:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 12:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 12:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 12:47 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 12:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 12:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 12:47 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 12:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 12:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 12:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 12:47 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 12:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 12:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 12:47 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 12:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 12:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 12:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 12:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-13 12:47 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-13 12:47 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 12:47 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 12:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 12:47 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 12:47 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 12:47 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 12:47 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 12:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 12:47 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 12:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 20:05 - 2013-08-25 19:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-02-02 17:12 - 2014-02-02 17:12 - 00000717 _____ () C:\Users\Public\Desktop\Overseer.lnk
2014-02-02 14:30 - 2014-02-02 14:28 - 00000741 _____ () C:\Users\*****\Desktop\Launch Wing Commander Saga.lnk
2014-02-02 14:30 - 2014-02-02 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2014-02-02 14:30 - 2014-02-02 14:20 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-02 13:20 - 2013-08-25 19:14 - 00000000 ____D () C:\Users\*****\AppData\Local\DOSBox
2014-02-01 18:29 - 2013-08-28 07:05 - 00000000 ____D () C:\Users\*****\Documents\Gothic3
2014-01-29 10:52 - 2014-01-29 10:52 - 00000000 ____D () C:\Users\Public\Documents\CrashDump

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 17:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 01.03.2014, 12:07   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Avira-Fund TR/Patched.Ren.Gen8 - Standard

Avira-Fund TR/Patched.Ren.Gen8



Das ist ein inaktiver Rest, der kann bleiben wo er is.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Avira-Fund TR/Patched.Ren.Gen8

Alt 01.03.2014, 20:22   #7
Icetrack
 
Avira-Fund TR/Patched.Ren.Gen8 - Standard

Avira-Fund TR/Patched.Ren.Gen8



Vielen Dank für die hervorragende Hilfe, deine Zeit und Geduld, sowie die Tipps am Ende! Du kanst "mich" nun aus deinen Abos löschen.

Alt 02.03.2014, 18:26   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Avira-Fund TR/Patched.Ren.Gen8 - Standard

Avira-Fund TR/Patched.Ren.Gen8



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Avira-Fund TR/Patched.Ren.Gen8
.com, avira, blackhole, browser, excel, failed, flash player, frage, helper, home, homepage, ie 11, iexplore.exe, installation, launch, logfile, monitor.exe, mozilla, mp3, ntdll.dll, prozesse, registry, security, services.exe, svchost.exe, tablet, tr/patched.ren.gen8, warnung, windows xp



Ähnliche Themen: Avira-Fund TR/Patched.Ren.Gen8


  1. TR/Patched/Ren.Gen8 - Befall!
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (7)
  2. AVIRA findet ständig TR/Patched.Ren.Gen
    Log-Analyse und Auswertung - 14.01.2014 (17)
  3. Avira Echtzeitscanner findet TR/Patched.Ren.Gen
    Log-Analyse und Auswertung - 07.11.2013 (11)
  4. Win7; Avira-Fund:TR/Mevade.A.95 (143 Virenfunde laut Avira)
    Log-Analyse und Auswertung - 06.10.2013 (11)
  5. Trojaner tr/crypt.xpack.gen8 von Avira Gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (12)
  6. Probleme mit der Tastatur und dann TR/Crypt.ZPACK.Gen8 von Avira gefunden...
    Log-Analyse und Auswertung - 31.05.2013 (4)
  7. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  8. TR/Crypt/ZPACK.Gen8 in Avira Quarantäne
    Log-Analyse und Auswertung - 04.03.2013 (20)
  9. AVIRA meldet 'TR/Crypt.ZPACK.Gen8' (C:\System Volume Information\_restore{...}\RP353\A0103375.exe)
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (11)
  10. TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (21)
  11. Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?
    Log-Analyse und Auswertung - 14.11.2012 (8)
  12. TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)
    Log-Analyse und Auswertung - 12.10.2012 (21)
  13. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  14. Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  15. Avira hat Befall mit Trojaner TR/Fraud.Gen8 gefunden und gelöscht. Ist der PC wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  16. Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (22)
  17. Fund Echtzeitscanner Antivir - 'TR/Damaged.Gen8' [trojan]
    Log-Analyse und Auswertung - 28.02.2012 (3)

Zum Thema Avira-Fund TR/Patched.Ren.Gen8 - Hallo, heute morgen meldete Avira Free Antivirus direkt nach dem Systemstart, dass ein unerlaubter Zugriff auf die "avgnt.exe" verhindert worden sei. Ich wollte mir dann die Details dazu anzeigen lassen, - Avira-Fund TR/Patched.Ren.Gen8...
Archiv
Du betrachtest: Avira-Fund TR/Patched.Ren.Gen8 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.