Ich war Heute auf einer Seite unterwegs, eine von vielen die mich nicht wirklich gejuckt haben, bis jetzt. Ich hatte schon ein komisches Gefühl als der Browser für 4.5 sekunden nicht reagiert hat, denn ich habe allem Anschein nach etwas eingefangen.

Da ich Windows 7 habe und Administrator-Rechte, hat es von "Admin-Rechten" Anfragen um den Registry-Editor zu öffnen nur noch geregnet. Konnte es abschirmen in dem ich CTRL + ENTF und dann Task-Manager gespammt habe. Nun ist nichts mehr, doch wird der Task-Manager nach 1 Sekunde wieder geschlossen.

Erst habe ich mit Spybot Search & Destroy gescannt - Mehrere kleine malwares und schädliche cookies (Das Übliche) und dann auch noch ein Eintrag von Registry Change.
Habe alles entfernen bzw beseitigen lassen - dennoch nichts gebracht. Nach dem dritten Scannen, war dann der Eintrag vom Registry Change entfernt. Nach dem erzwungenen Neustart von Defogger, hat Spybot wieder gefunden....

Habe Malwarebytes gestartet, nichts gefunden. Habe laut dem Tutorial mit den Vier Schritten, zuerst Defogger genutzt und jetzt Farbar. Hier die Logs:


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by **** (administrator) on **** on 06-03-2014 12:54:54
Running from C:\Users\****\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sphinx Software) C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe [1132032 2012-09-21] (Sphinx Software)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-13] (VIA)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-444598096-601825015-3693010935-1000\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-08] ()
HKU\S-1-5-21-444598096-601825015-3693010935-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-444598096-601825015-3693010935-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6beqoo.lnk
ShortcutTarget: j6beqoo.lnk -> C:\ProgramData\ooqeb6j.cpp (Microsoft Corporation)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\qjmw0.dat (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7EEF4C65EFBDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {77F7508B-26DF-49C0-B119-C28A85894EC5} URL = 
SearchScopes: HKCU - {77F7508B-26DF-49C0-B119-C28A85894EC5} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwxd7f.default
FF user.js: detected! => C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwxd7f.default\user.js
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Personas Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwxd7f.default\Extensions\personas@christopher.beard.xpi [2013-03-01]
FF Extension: Secure Login - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwxd7f.default\Extensions\secureLogin@blueimp.net.xpi [2012-11-15]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwxd7f.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwxd7f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-08]
FF Extension: DownThemAll! - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwxd7f.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-07-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-08]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-08]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-08]
CHR Extension: (Google-Suche) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-08]
CHR Extension: (User-Agent Switcher) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2013-11-08]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR Extension: (Google Mail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5102040 2013-03-18] (INCA Internet Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-07-13] (VIA Technologies, Inc.)
R2 Windows7FirewallService; C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [764416 2012-09-21] (Sphinx Software)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-11-06] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\Program Files (x86)\Aura Kingdom\AuraKingdom\avital\hxsy64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 12:54 - 2014-03-06 12:55 - 00016609 _____ () C:\Users\****\Downloads\FRST.txt
2014-03-06 12:54 - 2014-03-06 12:54 - 02156544 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-03-06 12:54 - 2014-03-06 12:54 - 00000000 ____D () C:\FRST
2014-03-06 12:36 - 2014-03-06 12:36 - 00000056 _____ () C:\Windows\setupact.log
2014-03-06 12:34 - 2014-03-06 12:34 - 00000660 _____ () C:\Users\****\Downloads\defogger_disable.log
2014-03-06 12:34 - 2014-03-06 12:34 - 00000188 _____ () C:\Users\****\defogger_reenable
2014-03-06 12:33 - 2014-03-06 12:33 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2014-03-06 12:17 - 2014-03-06 12:17 - 00613200 _____ (Chip Digital GmbH) C:\Users\****\Downloads\HijackThis - CHIP-Downloader.exe
2014-03-06 10:54 - 2014-03-06 12:54 - 95027928 ____T () C:\ProgramData\j6beqoo.fee
2014-03-06 10:54 - 2014-03-06 10:54 - 00331504 ____T (Microsoft Corporation) C:\ProgramData\j6beqoo.zvv
2014-03-06 10:54 - 2014-03-06 10:54 - 00224297 _____ (Microsoft Corporation) C:\ProgramData\ooqeb6j.cpp
2014-03-05 18:06 - 2014-03-05 18:09 - 00000000 ____D () C:\Program Files (x86)\The Walking Dead
2014-03-05 13:25 - 2014-03-05 13:25 - 00001652 _____ () C:\Users\****\Desktop\South Park - The Stick of Truth - Verknüpfung.lnk
2014-03-04 21:36 - 2014-03-04 21:50 - 00000000 ____D () C:\Program Files (x86)\South Park
2014-03-04 21:34 - 2014-03-04 22:01 - 918760493 _____ () C:\Users\****\Downloads\SC-74874EEE2.rar
2014-03-04 10:43 - 2014-03-04 10:43 - 00000003 _____ () C:\Users\****\Desktop\135.txt
2014-03-04 10:39 - 2014-03-04 10:39 - 00001154 _____ () C:\Users\****\Downloads\SC-S97487DLC.rar
2014-03-01 23:51 - 2014-03-01 23:51 - 00000000 ____D () C:\Users\****\Documents\Thief
2014-03-01 23:44 - 2014-03-01 23:44 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (3)
2014-03-01 23:27 - 2014-03-01 23:43 - 506951190 _____ () C:\Users\****\Downloads\3213421421-thfv11dlc.rar
2014-03-01 22:48 - 2014-03-01 23:24 - 1233667935 _____ () C:\Users\****\Downloads\SC-SHRE874157.rar
2014-02-28 21:28 - 2014-02-28 21:29 - 00000000 ____D () C:\Users\****\Downloads\Bluestacks
2014-02-28 19:43 - 2014-03-01 18:53 - 00004133 _____ () C:\Users\****\Desktop\Al.txt
2014-02-27 09:02 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-27 09:02 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-26 08:52 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-26 08:52 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-26 08:52 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-26 08:52 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-26 08:52 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-26 08:52 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-26 08:52 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-26 08:52 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-26 08:52 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-26 08:52 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-26 08:52 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-26 08:52 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-26 08:52 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-26 08:52 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-26 08:52 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-26 08:52 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-26 08:48 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-26 08:48 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-22 19:16 - 2014-02-25 06:55 - 00012307 _____ () C:\Users\****\Desktop\Geisha.txt
2014-02-22 10:00 - 2014-02-22 10:00 - 00000937 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-02-22 10:00 - 2014-02-22 10:00 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-02-22 09:59 - 2014-02-23 18:05 - 00000000 ____D () C:\Users\****\Documents\Guild Wars 2
2014-02-22 09:59 - 2014-02-22 09:59 - 00000000 ____D () C:\Users\****\AppData\Roaming\Guild Wars 2
2014-02-22 09:55 - 2014-02-22 09:56 - 22716480 _____ (ArenaNet) C:\Users\****\Downloads\Gw2Setup.exe
2014-02-20 22:06 - 2014-02-20 22:09 - 115136162 _____ () C:\Users\****\Downloads\SC-PIE-EA745.rar
2014-02-20 22:03 - 2014-02-20 22:06 - 114123866 _____ () C:\Users\****\Downloads\SC-CCNv1038741.rar
2014-02-19 22:20 - 2014-02-19 22:23 - 00000000 ____D () C:\Users\****\Documents\Strife
2014-02-19 22:20 - 2014-02-19 22:20 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-02-19 22:15 - 2014-02-28 21:00 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-02-18 13:45 - 2014-02-18 13:47 - 91013137 _____ () C:\Users\****\Downloads\SC-B4157G.rar
2014-02-15 22:51 - 2014-02-15 22:51 - 00000000 ____D () C:\Users\****\AppData\Local\Echobit
2014-02-15 22:51 - 2014-02-15 22:51 - 00000000 ____D () C:\ProgramData\Echobit
2014-02-15 19:42 - 2014-02-15 19:42 - 03258328 _____ (Echobit LLC) C:\Users\****\Downloads\EvolveSetup.exe
2014-02-15 19:08 - 2014-02-15 19:08 - 00000000 ____D () C:\Users\****\AppData\Local\Funcom
2014-02-15 00:16 - 2014-02-15 00:18 - 90226447 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part07.rar
2014-02-15 00:13 - 2014-02-15 00:16 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part06.rar
2014-02-15 00:10 - 2014-02-15 00:13 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part05.rar
2014-02-15 00:06 - 2014-02-15 00:09 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part04.rar
2014-02-15 00:02 - 2014-02-15 00:05 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part03.rar
2014-02-14 23:59 - 2014-02-15 00:01 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part02.rar
2014-02-14 23:56 - 2014-02-14 23:58 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part01.rar
2014-02-14 20:23 - 2014-02-14 20:25 - 53147436 _____ () C:\Users\****\Downloads\9846513487-mtalslug3.rar
2014-02-14 16:20 - 2014-02-14 16:20 - 00000000 ____D () C:\Users\****\AppData\Roaming\StunlockStudios
2014-02-14 15:21 - 2014-02-14 15:21 - 00000222 _____ () C:\Users\****\Desktop\Dead Island Epidemic.url
2014-02-14 11:04 - 2014-02-14 11:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 23:53 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 23:53 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 23:52 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 23:52 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 23:52 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 23:52 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 23:52 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 23:52 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 23:52 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 23:52 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 23:52 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 23:52 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 23:52 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 23:52 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 23:52 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 23:52 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 23:52 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 23:52 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 23:52 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 23:52 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 23:52 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 23:52 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 23:52 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 23:52 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 23:52 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 23:52 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 23:52 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 23:52 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 23:52 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 23:52 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 23:52 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 23:52 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 23:52 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 23:52 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 23:52 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 23:52 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 23:52 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 23:52 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 23:52 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 23:52 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 23:52 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 20:38 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 20:38 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 20:37 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 20:37 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 20:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 20:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 20:35 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 20:35 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 20:35 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 20:35 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 20:35 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 20:35 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 20:35 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 20:35 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 20:35 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 20:35 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 20:35 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 20:35 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 20:35 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 20:35 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 20:35 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 20:35 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 20:35 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 20:35 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:33 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:33 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 20:33 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 20:33 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 14:35 - 2014-02-12 14:46 - 00000000 ____D () C:\Program Files (x86)\Borderlands 2
2014-02-12 13:11 - 2014-02-12 13:39 - 1073741824 _____ () C:\Users\****\Downloads\SC-CLOS222dD.part1.rar
2014-02-12 13:01 - 2014-02-12 13:08 - 264567533 _____ () C:\Users\****\Downloads\SC-CLOS222dD.part2.rar
2014-02-11 18:15 - 2014-02-11 18:15 - 00000000 ____D () C:\Users\****\AppData\Local\Daedalic Entertainment GmbH
2014-02-08 19:58 - 2014-02-08 20:14 - 494480865 _____ () C:\Users\****\Downloads\SC-7D22DD.rar
2014-02-08 17:10 - 2014-02-08 17:13 - 47919570 _____ () C:\Users\****\Downloads\SC-S7145H.rar
2014-02-08 11:13 - 2014-02-08 11:16 - 116064724 _____ () C:\Users\****\Downloads\21-2-06.rar
2014-02-06 14:00 - 2014-02-06 14:00 - 00001274 _____ () C:\Users\Public\Desktop\Borderlands 2.lnk
2014-02-06 08:45 - 2014-02-06 09:03 - 647934611 _____ () C:\Users\****\Downloads\SC-KBWOTNIAFD415.rar
2014-02-05 22:04 - 2014-02-05 22:05 - 00000000 __SHD () C:\ProgramData\Windows Service Manager0
2014-02-05 20:22 - 2014-02-05 20:22 - 00000000 ____D () C:\Users\****\Documents\Confrontation
2014-02-05 20:19 - 2014-02-05 20:19 - 00000000 ____D () C:\ProgramData\RELOADED

==================== One Month Modified Files and Folders =======

2014-03-06 12:55 - 2014-03-06 12:54 - 00016609 _____ () C:\Users\****
2014-03-06 12:54 - 2014-03-06 12:54 - 02156544 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-03-06 12:54 - 2014-03-06 12:54 - 00000000 ____D () C:\FRST
2014-03-06 12:54 - 2014-03-06 10:54 - 95027928 ____T () C:\ProgramData\j6beqoo.fee
2014-03-06 12:54 - 2012-11-08 11:29 - 00000000 ____D () C:\Users\****\AppData\Local\PMB Files
2014-03-06 12:45 - 2009-07-14 05:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 12:45 - 2009-07-14 05:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 12:41 - 2012-11-06 15:05 - 01164673 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 12:38 - 2012-11-07 18:24 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-03-06 12:36 - 2014-03-06 12:36 - 00000056 _____ () C:\Windows\setupact.log
2014-03-06 12:36 - 2012-10-10 09:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-06 12:34 - 2014-03-06 12:34 - 00000660 _____ () C:\Users\****\Downloads\defogger_disable.log
2014-03-06 12:34 - 2014-03-06 12:34 - 00000188 _____ () C:\Users\****\defogger_reenable
2014-03-06 12:34 - 2012-11-06 15:10 - 00000000 ____D () C:\Users\****
2014-03-06 12:33 - 2014-03-06 12:33 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2014-03-06 12:17 - 2014-03-06 12:17 - 00613200 _____ (Chip Digital GmbH) C:\Users\****\Downloads\HijackThis - CHIP-Downloader.exe
2014-03-06 10:54 - 2014-03-06 10:54 - 00331504 ____T (Microsoft Corporation) C:\ProgramData\j6beqoo.zvv
2014-03-06 10:54 - 2014-03-06 10:54 - 00224297 _____ (Microsoft Corporation) C:\ProgramData\ooqeb6j.cpp
2014-03-06 10:54 - 2012-11-06 15:10 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 18:09 - 2014-03-05 18:06 - 00000000 ____D () C:\Program Files (x86)\The Walking Dead
2014-03-05 13:25 - 2014-03-05 13:25 - 00001652 _____ () C:\Users\****\Desktop\South Park - The Stick of Truth - Verknüpfung.lnk
2014-03-04 22:01 - 2014-03-04 21:34 - 918760493 _____ () C:\Users\****\Downloads\SC-74874EEE2.rar
2014-03-04 21:50 - 2014-03-04 21:36 - 00000000 ____D () C:\Program Files (x86)\South Park
2014-03-04 21:50 - 2012-11-06 17:26 - 00000000 ____D () C:\Users\****\Documents\My Games
2014-03-04 13:29 - 2012-11-17 18:47 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-03-04 11:58 - 2010-11-21 07:50 - 00699052 _____ () C:\Windows\system32\perfh007.dat
2014-03-04 11:58 - 2010-11-21 07:50 - 00149228 _____ () C:\Windows\system32\perfc007.dat
2014-03-04 11:58 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 10:43 - 2014-03-04 10:43 - 00000003 _____ () C:\Users\****\Desktop\135.txt
2014-03-04 10:39 - 2014-03-04 10:39 - 00001154 _____ () C:\Users\****\Downloads\SC-S97487DLC.rar
2014-03-03 23:27 - 2012-12-10 15:08 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner
2014-03-02 23:21 - 2012-11-26 15:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-01 23:51 - 2014-03-01 23:51 - 00000000 ____D () C:\Users\****\Documents\Thief
2014-03-01 23:44 - 2014-03-01 23:44 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (3)
2014-03-01 23:43 - 2014-03-01 23:27 - 506951190 _____ () C:\Users\****\Downloads\3213421421-thfv11dlc.rar
2014-03-01 23:24 - 2014-03-01 22:48 - 1233667935 _____ () C:\Users\****\Downloads\SC-SHRE874157.rar
2014-03-01 18:53 - 2014-02-28 19:43 - 00004133 _____ () C:\Users\****\Desktop\Al.txt
2014-02-28 21:29 - 2014-02-28 21:28 - 00000000 ____D () C:\Users\****\Downloads\Bluestacks
2014-02-28 21:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-28 21:00 - 2014-02-19 22:15 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-02-28 20:58 - 2013-10-28 18:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-02-26 08:51 - 2012-10-10 09:36 - 01603288 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 09:24 - 2013-07-13 11:55 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (4)
2014-02-25 06:55 - 2014-02-22 19:16 - 00012307 _____ () C:\Users\****\Desktop\Geisha.txt
2014-02-23 18:05 - 2014-02-22 09:59 - 00000000 ____D () C:\Users\****\Documents\Guild Wars 2
2014-02-22 10:00 - 2014-02-22 10:00 - 00000937 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-02-22 10:00 - 2014-02-22 10:00 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-02-22 09:59 - 2014-02-22 09:59 - 00000000 ____D () C:\Users\****\AppData\Roaming\Guild Wars 2
2014-02-22 09:56 - 2014-02-22 09:55 - 22716480 _____ (ArenaNet) C:\Users\****\Downloads\Gw2Setup.exe
2014-02-20 22:09 - 2014-02-20 22:06 - 115136162 _____ () C:\Users\****\Downloads\SC-PIE-EA745.rar
2014-02-20 22:06 - 2014-02-20 22:03 - 114123866 _____ () C:\Users\****\Downloads\SC-CCNv1038741.rar
2014-02-20 09:49 - 2012-10-10 09:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-20 09:49 - 2012-10-10 09:46 - 00000000 ____D () C:\ProgramData\Skype
2014-02-20 09:46 - 2010-11-21 04:47 - 00145422 _____ () C:\Windows\PFRO.log
2014-02-19 22:23 - 2014-02-19 22:20 - 00000000 ____D () C:\Users\****\Documents\Strife
2014-02-19 22:20 - 2014-02-19 22:20 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-02-19 18:36 - 2013-12-10 12:35 - 00008502 _____ () C:\Users\****\Desktop\Neues Textdokument (5).txt
2014-02-18 13:47 - 2014-02-18 13:45 - 91013137 _____ () C:\Users\****\Downloads\SC-B4157G.rar
2014-02-17 02:37 - 2013-07-13 21:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 02:35 - 2012-11-07 17:25 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 22:51 - 2014-02-15 22:51 - 00000000 ____D () C:\Users\****\AppData\Local\Echobit
2014-02-15 22:51 - 2014-02-15 22:51 - 00000000 ____D () C:\ProgramData\Echobit
2014-02-15 19:42 - 2014-02-15 19:42 - 03258328 _____ (Echobit LLC) C:\Users\****\Downloads\EvolveSetup.exe
2014-02-15 19:08 - 2014-02-15 19:08 - 00000000 ____D () C:\Users\****\AppData\Local\Funcom
2014-02-15 08:59 - 2012-11-07 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 00:18 - 2014-02-15 00:16 - 90226447 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part07.rar
2014-02-15 00:16 - 2014-02-15 00:13 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part06.rar
2014-02-15 00:13 - 2014-02-15 00:10 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part05.rar
2014-02-15 00:09 - 2014-02-15 00:06 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part04.rar
2014-02-15 00:05 - 2014-02-15 00:02 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part03.rar
2014-02-15 00:01 - 2014-02-14 23:59 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part02.rar
2014-02-14 23:58 - 2014-02-14 23:56 - 109051904 _____ () C:\Users\****\Downloads\CR2_v1_0_0.part01.rar
2014-02-14 20:25 - 2014-02-14 20:23 - 53147436 _____ () C:\Users\****\Downloads\9846513487-mtalslug3.rar
2014-02-14 16:20 - 2014-02-14 16:20 - 00000000 ____D () C:\Users\****\AppData\Roaming\StunlockStudios
2014-02-14 15:21 - 2014-02-14 15:21 - 00000222 _____ () C:\Users\****\Desktop\Dead Island Epidemic.url
2014-02-14 11:04 - 2014-02-14 11:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 14:46 - 2014-02-12 14:35 - 00000000 ____D () C:\Program Files (x86)\Borderlands 2
2014-02-12 13:39 - 2014-02-12 13:11 - 1073741824 _____ () C:\Users\****\Downloads\SC-CLOS222dD.part1.rar
2014-02-12 13:08 - 2014-02-12 13:01 - 264567533 _____ () C:\Users\****\Downloads\SC-CLOS222dD.part2.rar
2014-02-11 18:15 - 2014-02-11 18:15 - 00000000 ____D () C:\Users\****\AppData\Local\Daedalic Entertainment GmbH
2014-02-10 19:22 - 2013-06-13 10:02 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-02-08 20:14 - 2014-02-08 19:58 - 494480865 _____ () C:\Users\****\Downloads\SC-7D22DD.rar
2014-02-08 17:13 - 2014-02-08 17:10 - 47919570 _____ () C:\Users\****\Downloads\SC-S7145H.rar
2014-02-08 11:16 - 2014-02-08 11:13 - 116064724 _____ () C:\Users\****\Downloads\21-2-06.rar
2014-02-08 11:02 - 2013-09-01 16:36 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (5)
2014-02-06 14:00 - 2014-02-06 14:00 - 00001274 _____ () C:\Users\Public\Desktop\Borderlands 2.lnk
2014-02-06 13:16 - 2014-02-12 23:52 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 23:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 23:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 23:52 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 23:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 23:52 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 23:52 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 23:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 23:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 23:52 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 23:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 23:52 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 23:52 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 23:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 23:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 23:52 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 23:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 23:52 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 23:52 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 23:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 23:52 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 23:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 23:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 23:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 23:52 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 23:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 23:52 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 23:52 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 23:52 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 23:52 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 23:52 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 23:52 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 23:52 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 23:52 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 23:52 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 23:52 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 09:03 - 2014-02-06 08:45 - 647934611 _____ () C:\Users\****\Downloads\SC-KBWOTNIAFD415.rar
2014-02-05 22:05 - 2014-02-05 22:04 - 00000000 __SHD () C:\ProgramData\Windows Service Manager0
2014-02-05 21:45 - 2012-11-19 21:05 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-05 21:44 - 2012-11-19 21:05 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-05 20:22 - 2014-02-05 20:22 - 00000000 ____D () C:\Users\****\Documents\Confrontation
2014-02-05 20:19 - 2014-02-05 20:19 - 00000000 ____D () C:\ProgramData\RELOADED
2014-02-05 17:49 - 2014-01-08 09:42 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-02-05 14:39 - 2014-01-08 09:49 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-02-04 10:44 - 2014-01-29 22:02 - 00010233 _____ () C:\Users\****\Desktop\Nero.txt

Files to move or delete:
====================
C:\ProgramData\0wmjq.bat
C:\ProgramData\0wmjq.pad
C:\ProgramData\0wmjq.reg
C:\ProgramData\inq3v.bat
C:\ProgramData\inq3v.js
C:\ProgramData\inq3v.pad
C:\ProgramData\inq3v.reg
C:\ProgramData\j6beqoo.fee
C:\ProgramData\j6beqoo.zvv
C:\ProgramData\jlrb.bat
C:\ProgramData\jlrb.js
C:\ProgramData\jlrb.pad
C:\ProgramData\jlrb.reg
C:\ProgramData\ocvl9.bat
C:\ProgramData\ocvl9.js
C:\ProgramData\ocvl9.pad
C:\ProgramData\ocvl9.reg
C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk


Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\avgnt.exe
C:\Users\****\AppData\Local\Temp\_is6BF0.exe
C:\Users\****\AppData\Local\Temp\_isD97.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-03 15:23

==================== End Of Log ============================
         

--- --- ---


Addition:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-03-2014
Ran by **** at 2014-03-06 12:55:23
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agarest Generations of War (HKLM-x32\...\QWdhcmVzdEdlbmVyYXRpb25zb2ZXYXI=_is1) (Version: 1 - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Archeblade (HKLM-x32\...\Steam App 207230) (Version:  - CodeBrush Games)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 All in One DLC-Pack Plus Update 16 (v1.5.0) 1.00 (HKLM-x32\...\Borderlands 2 All in One DLC-Pack Plus Update 16 (v1.5.0) 1.00) (Version: 1.00 - .x.X.RIDDICK.X.x.)
Borderlands 2 All in One Update - Pack 1.00 (HKLM-x32\...\Borderlands 2 All in One Update - Pack 1.00) (Version: 1.00 - .x.X.RIDDICK.X.x.)
Borderlands 2 update 1.5 incl DLC (c) 2K Games version 1 (HKLM-x32\...\Qm9yZGVybGFuZHMgMiB1cGRhdGUgMS41IGluY2wgRExD_is1) (Version: 1 - )
Borderlands 2 version 5.1 (HKLM-x32\...\{B810D852-DFD6-BORDERLS-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.0.8.0552 - DT Soft Ltd) <==== ATTENTION
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Evil Player v1.31 (HKLM-x32\...\Evil Player) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ISY USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - ISY)
ISY USB Wireless Adapter (x32 Version: 1.0.0.13 - ISY) Hidden
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.1.4 - www.leaguereplays.com)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1969.1 - Hi-Rez Studios)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
The Sims™ 3 Diesel Каталог (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Katy Perry Сладкие радости (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 В сумерках (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Все возрасты (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Городская жизнь Каталог (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 Изысканная спальня Каталог (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Карьера (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
The Sims™ 3 Мир приключений (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.9.10 - Electronic Arts)
The Sims™ 3 Отдых на природе Каталог (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
The Sims™ 3 Питомцы (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Сверхъестественное (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Скоростной режим Каталог (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.8.1 - Electronic Arts)
The Sims™ 3 Современная роскошь Каталог (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.9.6 - Electronic Arts)
The Sims™ 3 Шоу-бизнес (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Wolf Among Us (HKLM-x32\...\VGhlV29sZkFtb25nVXM=_is1) (Version: 1 - )
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 0.9.9 (HKLM-x32\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows7FirewallControl (x64) 5.1.7.69 (HKLM\...\Windows7FirewallControl_is1) (Version: 5.1.7.69 - Sphinx Software)
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {83BBECCE-BA02-4CF0-B0B6-2E707D45BFDF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {D4600684-327E-4093-8ECE-7B8B5BFB747E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-25] (Adobe Systems Incorporated)
Task: {DFC0E2EC-9323-428E-BE99-72B6E70675C0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef05dec0999f3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-10-10 09:29 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-08 11:29 - 2012-11-08 11:29 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2012-10-10 11:57 - 2012-07-13 19:47 - 00078480 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-10-10 11:57 - 2012-07-13 19:47 - 00386192 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-11-06 17:45 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-28 11:10 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-28 11:10 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-28 11:10 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-28 11:10 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-28 11:10 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-01-28 11:10 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-02-14 11:04 - 2014-02-14 11:04 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-25 09:26 - 2014-01-25 09:26 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\****\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2014 07:53:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TheWalkingDead2.exe, Version: 2013.12.16.27013, Zeitstempel: 0x52af9832
Name des fehlerhaften Moduls: TheWalkingDead2.exe, Version: 2013.12.16.27013, Zeitstempel: 0x52af9832
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00436ff4
ID des fehlerhaften Prozesses: 0x1614
Startzeit der fehlerhaften Anwendung: 0xTheWalkingDead2.exe0
Pfad der fehlerhaften Anwendung: TheWalkingDead2.exe1
Pfad des fehlerhaften Moduls: TheWalkingDead2.exe2
Berichtskennung: TheWalkingDead2.exe3

Error: (03/03/2014 00:25:16 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 4.3.0.487, Zeitstempel: 0x530c09d0
Name des fehlerhaften Moduls: League of Legends.exe, Version: 4.3.0.487, Zeitstempel: 0x530c09d0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00436e5f
ID des fehlerhaften Prozesses: 0x1488
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (03/02/2014 11:53:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0xe14
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3

Error: (03/02/2014 08:57:03 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/02/2014 08:56:18 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/02/2014 08:52:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 4.3.0.487, Zeitstempel: 0x530c09d0
Name des fehlerhaften Moduls: League of Legends.exe, Version: 4.3.0.487, Zeitstempel: 0x530c09d0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00436e5f
ID des fehlerhaften Prozesses: 0xd8c
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (03/02/2014 01:43:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 4.3.0.487, Zeitstempel: 0x530c09d0
Name des fehlerhaften Moduls: League of Legends.exe, Version: 4.3.0.487, Zeitstempel: 0x530c09d0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00436e5f
ID des fehlerhaften Prozesses: 0x115c
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (03/01/2014 07:48:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Borderlands2.exe, Version: 1.0.10.24011, Zeitstempel: 0x51cb7785
Name des fehlerhaften Moduls: Borderlands2.exe, Version: 1.0.10.24011, Zeitstempel: 0x51cb7785
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0059fee7
ID des fehlerhaften Prozesses: 0x1714
Startzeit der fehlerhaften Anwendung: 0xBorderlands2.exe0
Pfad der fehlerhaften Anwendung: Borderlands2.exe1
Pfad des fehlerhaften Moduls: Borderlands2.exe2
Berichtskennung: Borderlands2.exe3

Error: (03/01/2014 07:48:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Borderlands2.exe, Version: 1.0.10.24011, Zeitstempel: 0x51cb7785
Name des fehlerhaften Moduls: Borderlands2.exe, Version: 1.0.10.24011, Zeitstempel: 0x51cb7785
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0059bae2
ID des fehlerhaften Prozesses: 0x1714
Startzeit der fehlerhaften Anwendung: 0xBorderlands2.exe0
Pfad der fehlerhaften Anwendung: Borderlands2.exe1
Pfad des fehlerhaften Moduls: Borderlands2.exe2
Berichtskennung: Borderlands2.exe3

Error: (03/01/2014 05:03:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 4.3.0.487, Zeitstempel: 0x530c09d0
Name des fehlerhaften Moduls: League of Legends.exe, Version: 4.3.0.487, Zeitstempel: 0x530c09d0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00436e5f
ID des fehlerhaften Prozesses: 0x1080
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3


System errors:
=============
Error: (03/06/2014 00:40:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/06/2014 00:34:45 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/06/2014 00:01:42 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (03/06/2014 09:18:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/06/2014 00:12:01 AM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (03/05/2014 00:58:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/05/2014 09:31:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/04/2014 11:23:23 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (03/04/2014 08:42:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/03/2014 02:17:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (03/05/2014 07:53:33 PM) (Source: Application Error)(User: )
Description: TheWalkingDead2.exe2013.12.16.2701352af9832TheWalkingDead2.exe2013.12.16.2701352af9832c000000500436ff4161401cf3896873f7a72C:\Program Files (x86)\The Walking Dead\TheWalkingDead2.exeC:\Program Files (x86)\The Walking Dead\TheWalkingDead2.exe73126299-a497-11e3-9a4e-3085a93d8ada

Error: (03/03/2014 00:25:16 AM) (Source: Application Error)(User: )
Description: League of Legends.exe4.3.0.487530c09d0League of Legends.exe4.3.0.487530c09d0c000000500436e5f148801cf366b6b78e533C:\Program Files (x86)\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.12\deploy\League of Legends.exeC:\Program Files (x86)\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.12\deploy\League of Legends.exee8c3c183-a261-11e3-9b27-3085a93d8ada

Error: (03/02/2014 11:53:20 PM) (Source: Application Error)(User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b8554e1401cf366a33c8bbdbC:\Program Files (x86)\League of Legends\League of Legends\RADS\system\rads_user_kernel.exeC:\Program Files (x86)\League of Legends\League of Legends\RADS\system\rads_user_kernel.exe72a06d45-a25d-11e3-9b27-3085a93d8ada

Error: (03/02/2014 08:57:03 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/02/2014 08:56:18 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/02/2014 08:52:56 PM) (Source: Application Error)(User: )
Description: League of Legends.exe4.3.0.487530c09d0League of Legends.exe4.3.0.487530c09d0c000000500436e5fd8c01cf364b10ed817aC:\Program Files (x86)\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.12\deploy\League of Legends.exeC:\Program Files (x86)\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.12\deploy\League of Legends.exe3f2dd3c0-a244-11e3-9b27-3085a93d8ada

Error: (03/02/2014 01:43:34 PM) (Source: Application Error)(User: )
Description: League of Legends.exe4.3.0.487530c09d0League of Legends.exe4.3.0.487530c09d0c000000500436e5f115c01cf3611db659e23C:\Program Files (x86)\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.12\deploy\League of Legends.exeC:\Program Files (x86)\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.12\deploy\League of Legends.exe441117d5-a208-11e3-9b27-3085a93d8ada

Error: (03/01/2014 07:48:15 PM) (Source: Application Error)(User: )
Description: Borderlands2.exe1.0.10.2401151cb7785Borderlands2.exe1.0.10.2401151cb7785c00000050059fee7171401cf357ec4ceeb5cC:\Program Files (x86)\Borderlands 2\Binaries\Win32\Borderlands2.exeC:\Program Files (x86)\Borderlands 2\Binaries\Win32\Borderlands2.exe0bb2f8d1-a172-11e3-8dc3-3085a93d8ada

Error: (03/01/2014 07:48:11 PM) (Source: Application Error)(User: )
Description: Borderlands2.exe1.0.10.2401151cb7785Borderlands2.exe1.0.10.2401151cb7785c00000050059bae2171401cf357ec4ceeb5cC:\Program Files (x86)\Borderlands 2\Binaries\Win32\Borderlands2.exeC:\Program Files (x86)\Borderlands 2\Binaries\Win32\Borderlands2.exe092d2edd-a172-11e3-8dc3-3085a93d8ada

Error: (03/01/2014 05:03:46 PM) (Source: Application Error)(User: )
Description: League of Legends.exe4.3.0.487530c09d0League of Legends.exe4.3.0.487530c09d0c000000500436e5f108001cf356418b913f8C:\Program Files (x86)\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.12\deploy\League of Legends.exeC:\Program Files (x86)\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.12\deploy\League of Legends.exe10f8ce5d-a15b-11e3-8dc3-3085a93d8ada


==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 4034.73 MB
Available physical RAM: 1441.56 MB
Total Pagefile: 8067.64 MB
Available Pagefile: 5105.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Dante) (Fixed) (Total:453.75 GB) (Free:86.66 GB) NTFS
Drive i: (Yamato) (Fixed) (Total:298.09 GB) (Free:1.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 74F6AEA8)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 298 GB) (Disk ID: C2E8DCCF)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Erst einmal möchte ich einen Guten Tag wünschen und danken für die bisherige und womöglich (wenn etwas noch aussteht, wie mögliche Vorsorge-Scan ecetera) kommende weitere Hilfestellung.

Alles ohne Fehler und Probleme ausgeführt - Task-Manager lässt sich nun wieder öffnen.

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 14-03-05.01 - **** 06.03.2014  13:50:20.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1031.18.4035.2197 [GMT 1:00]
Running from: c:\users\****\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0wmjq.bat
c:\programdata\0wmjq.pad
c:\programdata\inq3v.bat
c:\programdata\inq3v.pad
c:\programdata\j6beqoo.zvv
c:\programdata\jlrb.pad
c:\programdata\ocvl9.bat
c:\programdata\ocvl9.pad
c:\programdata\ooqeb6j.cpp
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-06 to 2014-03-06  )))))))))))))))))))))))))))))))
.
.
2014-03-06 13:05 . 2014-03-06 13:05	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-03-06 13:05 . 2014-03-06 13:05	--------	d-----w-	c:\users\matt\AppData\Local\temp
2014-03-06 13:05 . 2014-03-06 13:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-06 11:54 . 2014-03-06 11:55	--------	d-----w-	C:\FRST
2014-03-05 17:06 . 2014-03-05 17:09	--------	d-----w-	c:\program files (x86)\The Walking Dead
2014-03-04 20:36 . 2014-03-04 20:50	--------	d-----w-	c:\program files (x86)\South Park
2014-02-27 08:02 . 2014-01-09 02:22	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-02-27 08:02 . 2014-01-03 22:44	6574592	----a-w-	c:\windows\system32\mstscax.dll
2014-02-26 07:48 . 2013-09-25 02:23	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-02-26 07:48 . 2013-09-25 01:57	792576	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-02-22 09:00 . 2014-02-22 09:00	--------	d-----w-	c:\program files (x86)\Guild Wars 2
2014-02-22 08:59 . 2014-02-22 08:59	--------	d-----w-	c:\users\****\AppData\Roaming\Guild Wars 2
2014-02-19 21:15 . 2014-02-28 20:00	--------	d-----w-	c:\program files (x86)\Strife
2014-02-15 21:51 . 2014-02-15 21:51	--------	d-----w-	c:\programdata\Echobit
2014-02-15 21:51 . 2014-02-15 21:51	--------	d-----w-	c:\users\****\AppData\Local\Echobit
2014-02-15 18:08 . 2014-02-15 18:08	--------	d-----w-	c:\users\****\AppData\Local\Funcom
2014-02-14 15:20 . 2014-02-14 15:20	--------	d-----w-	c:\users\****\AppData\Roaming\StunlockStudios
2014-02-12 22:53 . 2013-12-21 09:53	548864	----a-w-	c:\windows\system32\vbscript.dll
2014-02-12 22:53 . 2013-12-21 08:56	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-02-12 19:37 . 2013-12-06 02:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-02-12 19:37 . 2013-12-06 02:30	1882112	----a-w-	c:\windows\system32\msxml3.dll
2014-02-12 19:37 . 2013-12-06 02:02	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2014-02-12 19:37 . 2013-12-06 02:02	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2014-02-12 19:33 . 2013-12-24 23:09	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-02-12 19:33 . 2013-12-24 22:48	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-02-12 19:33 . 2013-11-26 08:16	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2014-02-12 19:33 . 2013-11-22 22:48	3928064	----a-w-	c:\windows\system32\d2d1.dll
2014-02-12 13:35 . 2014-02-12 13:46	--------	d-----w-	c:\program files (x86)\Borderlands 2
2014-02-11 17:15 . 2014-02-11 17:15	--------	d-----w-	c:\users\****\AppData\Local\Daedalic Entertainment GmbH
2014-02-05 21:04 . 2014-02-05 21:05	--------	d-sh--w-	c:\programdata\Windows Service Manager0
2014-02-05 19:19 . 2014-02-05 19:19	--------	d-----w-	c:\programdata\RELOADED
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-17 01:35 . 2012-11-07 16:25	88567024	----a-w-	c:\windows\system32\MRT.exe
2014-01-25 08:26 . 2012-11-07 18:15	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-25 08:26 . 2012-11-07 18:15	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-17 15:01 . 2013-05-07 10:54	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-12-17 15:01 . 2013-03-21 14:03	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-12-17 15:01 . 2013-03-21 14:03	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-08 20:48	220632	----a-w-	c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-08 20:48	220632	----a-w-	c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-08 20:48	220632	----a-w-	c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-08 3093624]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-07-13 5256336]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
j6beqoo.lnk - c:\windows\System32\rundll32.exe c:\progra~3\ooqeb6j.cpp,XXS1 [2009-7-14 45568]
msconfig.lnk - c:\windows\System32\rundll32.exe c:\progra~3\qjmw0.dat,FG00 [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hxsyol;hxsyol;c:\program files (x86)\Aura Kingdom\AuraKingdom\avital\hxsy64.sys;c:\program files (x86)\Aura Kingdom\AuraKingdom\avital\hxsy64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-15 06:53	1211672	----a-w-	c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 08:26]
.
2013-11-27 c:\windows\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}.job
- c:\windows\system32\msfeedssync.exe [2013-11-26 21:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-08 20:48	244696	----a-w-	c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-08 20:48	244696	----a-w-	c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-08 20:48	244696	----a-w-	c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows7FirewallControl"="c:\program files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-09-21 1132032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwxd7f.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Audacity_is1 - c:\program files (x86)\Audacity\unins000.exe
AddRemove-BandiMPEG1 - c:\program files (x86)\BandiMPEG1\uninstall.exe
AddRemove-Party of Sin - c:\program files (x86)\Crankshaft Games\Party of Sin\uninstall.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-LOLReplay - c:\program files (x86)\LOLReplay\uninstall.exe
AddRemove-Qm9yZGVybGFuZHMgMiB1cGRhdGUgMS41IGluY2wgRExD_is1 - c:\program files (x86)\Borderlands 2\Borderlands 2 update 1.5 incl DLC\unins000.exe
AddRemove-{08A25478-C5DD-4EA7-B168-3D687CA987FF} - c:\program files\InstallShield Installation Information\{08A25478-C5DD-4EA7-B168-3D687CA987FF}\Sims3SP05Setup.exe
AddRemove-{117B6BF6-82C3-420C-B284-9247C8568E53} - c:\program files\InstallShield Installation Information\{117B6BF6-82C3-420C-B284-9247C8568E53}\setup.exe
AddRemove-{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43} - c:\program files\InstallShield Installation Information\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}\Sims3SP07Setup.exe
AddRemove-{3BBFD444-5FAB-49F6-98B1-A1954E831399} - c:\program files\InstallShield Installation Information\{3BBFD444-5FAB-49F6-98B1-A1954E831399}\Sims3EP06Setup.exe
AddRemove-{45057FCE-5784-48BE-8176-D9D00AF56C3C} - c:\program files\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\setup.exe
AddRemove-{71828142-5A24-4BD0-97E7-976DA08CE6CF} - c:\program files\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\setup.exe
AddRemove-{7B11296A-F894-449C-8DF6-6AAAA7D4D118} - c:\program files\InstallShield Installation Information\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}\Sims3SP04Setup.exe
AddRemove-{910F4A29-1134-49E0-AD8B-56E4A3152BD1} - c:\program files\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\setup.exe
AddRemove-{9B2506E3-9A3F-45B5-96BF-509CAD584650} - c:\program files\InstallShield Installation Information\{9B2506E3-9A3F-45B5-96BF-509CAD584650}\Sims3SP06Setup.exe
AddRemove-{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1} - c:\program files\InstallShield Installation Information\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}\Sims3EP07Setup.exe
AddRemove-{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC} - c:\program files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\setup.exe
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe
AddRemove-{C12631C6-804D-4B32-B0DD-8A496462F106} - c:\program files\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-8A496462F106}\Sims3EP05Setup.exe
AddRemove-{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC} - c:\program files\InstallShield Installation Information\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}\Sims3EP04Setup.exe
AddRemove-{ED436EA8-4145-4703-AE5D-4D09DD24AF5A} - c:\program files\InstallShield Installation Information\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�Æ*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\D*a*w*n*g*a*t*e*"!\Zone]
"Name"="EnableAll"
"Result"=dword:00000000
"Advised"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-06  14:12:00
ComboFix-quarantined-files.txt  2014-03-06 13:11
.
Pre-Run: 7 Verzeichnis(se), 92.491.517.952 Bytes frei
Post-Run: 9 Verzeichnis(se), 93.552.775.168 Bytes frei
.
- - End Of File - - CB94F75403E46A52E1C4EB01240BB2BE
         

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/PHP]

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.