Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Download Protect 2.20 in Chrome lässt sich nicht entfernen!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.03.2014, 10:37   #1
ToflixGamer
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Hey alle zusammen!

Mir ist heute aufgefallen, dass ich die Software "Download Protect" als Add-On in meinem Chrome-Browser installiert habe. Allerdings habe ich keine Ahnung, wo ich das bekommen hätten können, da ich normalerweise immer die "Extras" in irgendwelchen Installationen ablehne.

Ich habe jetzt auch versucht, das Programm durch Deinstallation mehrer (für mich unnötige) Programme zu löschen, allerdings funktioniert auch das nicht. Genauso wie eine Nutzung des adwcleaner hat bei mir nichts gebracht.

Was kann ich noch tun, um das Programm zu löschen?



EDIT: Ok, dank CCleaner hab ich das Programm mittlerweile schon mal deaktiviert. Trotzdem möchte ich es natürlich komplett vom PC entfernen. Wär super, wenn ihr mir da Hilfe geben könntet.

Geändert von ToflixGamer (29.03.2014 um 10:53 Uhr)

Alt 29.03.2014, 11:04   #2
Bootsektor
/// TB-Ausbilder
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [code][/code]
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also [CODE] Logfile [/CODE]
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Lass uns mal schauen
Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 29.03.2014, 12:13   #3
ToflixGamer
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Alles klar.

Einmal hier die Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Tobi at 2014-03-29 13:10:28
Running from C:\Users\Tobi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Antichamber (HKLM-x32\...\Antichamber) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\{4209F371-2541-6C11-55DB-6103A83FCB9B}_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Antivirus Premium (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.0.30637 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.16.910 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{FB93553A-CBA7-44FE-BD70-A996C859DD06}) (Version: 0.7.16.910 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.6 - Activision) Hidden
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.6410 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.0.2812 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink MediaShow 6 (x32 Version: 6.0.5019 - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (x32 Version: 7.0.0.3328 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5507.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.5225 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Rising 2 (x32 Version: 1.0.0002.130 - Capcom) Hidden
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.7 - Dropbox, Inc.)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version:  - )
Dxtory version 2.0.123 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.123 - ExKode Co. Ltd.)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.34.225 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.34.225 - DVDVideoSoft Ltd.)
FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.431.0 - InsaneMatt)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
Guacamelee (Remove Only) (HKLM-x32\...\Guacamelee) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
ICQ 8.2 (build 6870) (HKCU\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JC2-MP version 0.0.16 (Build 546) (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.16 (Build 546) - )
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
Kingsoft Writer  (8.1.0.2948) (HKLM-x32\...\Kingsoft Writer) (Version: 8.1.0.2948 - Kingsoft Corp.)
K-Lite Codec Pack 10.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 24.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.4 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.4 - Multi Theft Auto)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
POSTAL 2 Complete (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
RapidShare Manager 2 (HKLM-x32\...\6103-4188-8184-5707) (Version: 2 - RapidShare AG)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Renegade X (HKLM-x32\...\UDK-4fc3a6b6-3d0e-4dce-b127-8e60191e2b1e) (Version: Open Beta 1 - Totem Arts)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Shutdown4U (HKLM-x32\...\Shutdown4U) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sound Blaster Omni Extras (HKLM-x32\...\{C9120656-8F23-409A-8B4D-278FEAA33856}) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.23358 Beta - TeamViewer)
Tom Clancy's H.A.W.X. 2 (HKLM-x32\...\{76A232AF-B7D6-41A4-B795-6B355E6D32B1}) (Version: 1.0.1 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Viscera Cleanup Detail: Santa's Rampage (HKLM-x32\...\Steam App 265210) (Version:  - RuneStorm)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Wise Care 365 Version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.9.3 - WiseCleaner.com, Inc.)
World of Diving version 0.1 (HKLM-x32\...\{565DD917-140A-4314-A17F-521FCE07FF02}}_is1) (Version: 0.1 - Vertigo Games B.V.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

25-03-2014 16:51:01 Windows Update
29-03-2014 10:21:36 Entfernt Dolby Digital Live Pack
29-03-2014 10:23:35 Removed GameSpy Comrade.
29-03-2014 10:23:49 Removed GameSpy Comrade.
29-03-2014 10:25:44 Removed Overwolf
29-03-2014 10:28:14 Removed Microsoft Games for Windows - LIVE Redistributable

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {202E6CCC-F011-4229-9D43-B3CC583DE0CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {2A8908E5-E876-4BC0-9718-54FAD490B821} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {372BAD00-ABAD-4AEF-A26C-3BA0EBDE4F12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {4B8B722D-538D-49BB-804C-DCB758BC3D9F} - System32\Tasks\AnVir Task Manager => C:\Program Files (x86)\AnVir Task Manager\anvir.exe
Task: {9B48888D-F137-4E27-972A-CF8CD3F3B712} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30] (Google Inc.)
Task: {A6623BAB-2F8D-4956-965B-DAEFA8EF9311} - System32\Tasks\WpsUpdateTask_Tobi => C:\Program Files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe [2011-08-24] (Kingsoft Corp. Ltd.)
Task: {B0DEBCBD-D649-4C59-BE0E-ABFA940BF8EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {C947EA7F-00D2-4DF0-B3F2-1951309D7E87} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-12-09] (WiseCleaner.COM)
Task: {DAC77882-5719-4266-809F-0F09F215F6A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E0D9214B-9D40-4BC2-B56F-4478AF96FCFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30] (Google Inc.)
Task: {ECA45280-0F50-4977-9A8B-4972D060E017} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Tobi.job => C:\Program Files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-13 04:40 - 2009-11-13 04:40 - 00027648 _____ () C:\Windows\System32\ssy2cl6.dll
2013-12-28 10:49 - 2011-08-22 12:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
2013-12-21 19:03 - 2013-12-21 19:03 - 00118784 _____ () C:\Windows\system32\shfoldes.exe
2013-10-05 14:00 - 2014-01-20 21:06 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-30 12:20 - 2013-07-30 12:18 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-29 11:32 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-29 11:32 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-29 11:32 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-29 11:32 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-29 11:32 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-15 11:44 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-26 19:11 - 2014-03-29 11:14 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2014-03-15 11:44 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 11:44 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 11:44 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 11:44 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 11:44 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 11:44 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
2013-12-14 11:25 - 2014-03-13 20:12 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-03-04 21:40 - 2014-03-13 20:12 - 00470016 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-07-01 07:20 - 2014-03-17 19:06 - 00754176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-07-26 13:46 - 2014-03-27 19:52 - 01135808 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-15 13:32 - 2014-03-03 20:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-13 17:06 - 2014-03-13 17:06 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\Users\Tobi\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Tobi\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: WiseBootAssistant => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk => C:\Windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Tobi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tobi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: BackgroundContainer => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tobi\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BitTorrent => "C:\Users\Tobi\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ConduitFloatingPlugin_cfigonhgidedenkkhlilmefgodjpefna => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tobi\AppData\Local\Temp\CT3317892\plugins\TBVerifier.dll",RunConduitFloatingPlugin cfigonhgidedenkkhlilmefgodjpefna
MSCONFIG\startupreg: Dxtory Update Checker 2.0 => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Tobi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Grid => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LGODDFU => C:\Program Files (x86)\lg_fwupdate\lgfw.exe blrun
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TgbVpn => "C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2014 00:00:57 PM) (Source: Application Hang) (User: )
Description: Programm avscan.exe, Version 14.0.3.332 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f58

Startzeit: 01cf4b3ba8e06cab

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: 3305e750-b731-11e3-9d3d-8c89a599acf4

Error: (03/29/2014 11:17:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 11:15:57 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/29/2014 11:07:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 11:05:42 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 08:31:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 08:30:08 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 04:16:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 04:15:29 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 09:02:43 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (03/29/2014 11:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/29/2014 11:15:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/29/2014 11:05:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/29/2014 11:05:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/28/2014 08:30:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/28/2014 08:29:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/28/2014 04:15:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/28/2014 04:15:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/27/2014 09:44:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/27/2014 09:44:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.


Microsoft Office Sessions:
=========================
Error: (03/29/2014 00:00:57 PM) (Source: Application Hang)(User: )
Description: avscan.exe14.0.3.332f5801cf4b3ba8e06cab60000C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe3305e750-b731-11e3-9d3d-8c89a599acf4

Error: (03/29/2014 11:17:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 11:15:57 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/29/2014 11:07:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 11:05:42 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 08:31:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 08:30:08 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 04:16:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 04:15:29 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 09:02:43 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


CodeIntegrity Errors:
===================================
  Date: 2013-12-23 21:51:00.829
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Tobi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-23 21:51:00.797
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Tobi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-23 21:51:00.496
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-23 21:51:00.466
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 8173.64 MB
Available physical RAM: 4701.59 MB
Total Pagefile: 16345.46 MB
Available Pagefile: 12419.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:683.72 GB) NTFS
Drive d: (MassEffect2) (CDROM) (Total:7.31 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 407A0749)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Und hier die FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tobi (administrator) on TOBI-PC on 29-03-2014 13:10:13
Running from C:\Users\Tobi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spotify Ltd) C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
() C:\Windows\system32\shfoldes.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\MountPoints2: {32b3b54b-f90f-11e2-b9a4-806e6f6e6963} - D:\pushinst.exe
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\MountPoints2: {531c2fab-a6ad-11e3-9f15-806e6f6e6963} - D:\autorun.exe -auto
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] - C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-30] (Spotify Ltd)
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {32b3b54b-f90f-11e2-b9a4-806e6f6e6963} - D:\pushinst.exe
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {531c2fab-a6ad-11e3-9f15-806e6f6e6963} - D:\autorun.exe -auto
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64 - Verknüpfung.lnk
ShortcutTarget: RAVCpl64 - Verknüpfung.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=87.263.210:45
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {389A13A9-ACF2-4BB9-8FDE-BADDC3D6AD32} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN37012196571243915&UM=2
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\rr75nzpd.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Tobi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\rr75nzpd.default\Extensions\staged [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{D55933A3-981A-477B-8EDB-D54CA363AD30}] - C:\Windows\Installer\{26EE2A3B-8FF0-45FB-9D54-FBF1ACAB9D05}\{D55933A3-981A-477B-8EDB-D54CA363AD30}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{26EE2A3B-8FF0-45FB-9D54-FBF1ACAB9D05}\{D55933A3-981A-477B-8EDB-D54CA363AD30}.xpi [2014-03-29]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de?hl=de&gl=de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-03-29]
CHR Extension: (Angry Birds) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-30]
CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-30]
CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-30]
CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-27]
CHR Extension: (YouRepeat) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2014-01-06]
CHR Extension: (SteamGifts Plus Alternative) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjlighkgeendkpncecpcidcegejbmedb [2013-11-07]
CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-30]
CHR Extension: (RSS Feed Reader) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-03-20]
CHR HKCU\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Tobi\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Tobi\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-04] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-07-17] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.)
S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
R2 ntprintd; C:\Windows\system32\shfoldes.exe [118784 2013-12-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-01-20] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S4 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)
S2 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數Ā" [X]

==================== Drivers (Whitelisted) ====================

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-07-17] (BlueStack Systems)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [2056192 2013-09-04] (Creative Technology Ltd.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-29] (Malwarebytes Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [38584 2013-01-21] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [139960 2013-01-21] (TheGreenBow)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 13:08 - 2014-03-29 13:10 - 00018063 _____ () C:\Users\Tobi\Desktop\FRST.txt
2014-03-29 13:08 - 2014-03-29 13:10 - 00000000 ____D () C:\FRST
2014-03-29 13:08 - 2014-03-29 13:09 - 00045531 _____ () C:\Users\Tobi\Desktop\Addition.txt
2014-03-29 13:07 - 2014-03-29 13:07 - 02157056 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2014-03-29 11:45 - 2014-03-29 11:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 11:45 - 2014-03-29 11:45 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 11:44 - 2014-03-29 11:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 11:44 - 2014-03-29 11:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-29 11:44 - 2014-03-29 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 11:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-29 11:44 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-29 11:44 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 11:38 - 2014-03-29 11:38 - 00000000 ____D () C:\Users\Tobi\Documents\ProcAlyzer Dumps
2014-03-29 11:32 - 2014-03-29 11:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-29 11:32 - 2014-03-29 11:32 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-29 11:32 - 2014-03-29 11:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-29 11:32 - 2014-03-29 11:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-29 11:32 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-29 11:31 - 2014-03-29 11:31 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Tobi\Downloads\spybot-2.2.exe
2014-03-29 11:30 - 2014-03-29 11:30 - 00710848 _____ ( ) C:\Users\Tobi\Desktop\COMPUTER_BILD-Download-Manager_fuer_spybot-2.2.exe
2014-03-29 11:14 - 2014-03-29 11:28 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:13 - 2014-03-29 11:13 - 01950720 _____ () C:\Users\Tobi\Desktop\adwcleaner.exe
2014-03-27 17:18 - 2014-03-27 17:18 - 00001105 _____ () C:\Users\Public\Desktop\World of Diving OVR.lnk
2014-03-27 17:18 - 2014-03-27 17:18 - 00001085 _____ () C:\Users\Public\Desktop\World of Diving.lnk
2014-03-27 17:17 - 2014-03-27 17:17 - 00000000 ____D () C:\Program Files (x86)\World of Diving
2014-03-27 17:07 - 2014-03-27 17:17 - 305814330 _____ (Vertigo Games B.V. ) C:\Users\Tobi\Desktop\wod_stage_0.exe
2014-03-26 19:11 - 2014-03-29 11:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-23 17:45 - 2014-03-23 17:45 - 00002126 _____ () C:\Users\Tobi\Documents\Mass Effect 2 1.02.log
2014-03-23 12:08 - 2014-03-23 12:08 - 00000000 ____D () C:\Users\Tobi\Documents\BioWare
2014-03-23 12:08 - 2014-03-23 12:08 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Ubisoft
2014-03-23 11:31 - 2014-03-23 11:31 - 00000802 _____ () C:\Users\Public\Desktop\Mass Effect 2.lnk
2014-03-23 11:31 - 2014-03-23 11:31 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2014-03-23 11:11 - 2014-03-23 11:31 - 00017384 _____ () C:\Users\Tobi\Documents\Install Mass Effect 2.log
2014-03-22 12:39 - 2014-03-22 12:39 - 00121069 _____ () C:\Users\Tobi\Desktop\memtest86+-5.01.usb.installer.zip
2014-03-21 22:41 - 2014-03-21 22:41 - 00000062 _____ () C:\Windows\wininit.ini
2014-03-21 22:40 - 2014-03-21 22:40 - 00017204 _____ () C:\Windows\AVMInstall.Log
2014-03-21 22:40 - 2010-10-01 00:00 - 00480632 ____N (AVM Berlin) C:\Windows\instwcli.dex
2014-03-20 21:50 - 2014-03-29 11:27 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-19 22:08 - 2014-03-19 22:09 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-03-19 22:06 - 2014-03-19 22:28 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\KeePass
2014-03-18 17:42 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 17:42 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 17:42 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 17:42 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 17:42 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 17:42 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 17:42 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 17:42 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 17:42 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 17:42 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 17:42 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 17:42 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 17:42 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-18 17:42 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 17:42 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 17:42 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-18 17:42 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 17:42 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 17:42 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 17:42 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 17:42 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 17:42 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 17:42 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 17:42 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 17:42 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 17:42 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 17:42 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 17:42 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 17:42 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 17:42 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 17:42 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 17:42 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 17:42 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 17:42 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 17:42 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 17:42 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 17:42 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 17:42 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 17:42 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 17:42 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 17:41 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 17:41 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 17:41 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 17:41 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 17:41 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-18 17:41 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 17:41 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 17:41 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-17 19:00 - 2014-03-17 19:00 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\MPC-HC
2014-03-17 18:56 - 2014-03-17 18:59 - 00518616 _____ () C:\Users\Tobi\Desktop\waaaaaaaaaaaaaaaaaas.wmv.wav
2014-03-16 11:45 - 2014-03-16 11:45 - 00000000 ____D () C:\Users\Tobi\Documents\CyberLink
2014-03-15 11:12 - 2014-03-15 11:12 - 00278863 _____ () C:\Users\Tobi\Documents\Unbenannt (5).wma
2014-03-15 11:11 - 2014-03-15 11:11 - 00332743 _____ () C:\Users\Tobi\Documents\Unbenannt (4).wma
2014-03-13 21:44 - 2014-03-13 21:44 - 00153143 _____ () C:\Users\Tobi\Documents\Unbenannt (3).wma
2014-03-13 21:39 - 2014-03-13 21:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
2014-03-13 21:39 - 2014-03-13 21:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Creative
2014-03-13 17:36 - 2014-03-21 22:49 - 00000000 ____D () C:\ProgramData\Creative
2014-03-13 17:36 - 2014-03-13 17:36 - 00000000 ____D () C:\ProgramData\Creative Labs
2014-03-13 17:25 - 2014-03-13 17:25 - 00085793 _____ () C:\Users\Tobi\Documents\Unbenannt (2).wma
2014-03-13 17:18 - 2013-04-03 14:01 - 00006601 ____N () C:\Windows\system32\CTOPT399.cat
2014-03-13 17:18 - 2013-04-03 09:54 - 00088576 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT399.dll
2014-03-13 17:18 - 2009-12-24 03:49 - 00809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp6671.tmp
2014-03-13 17:18 - 2008-12-22 20:13 - 00049664 ____N (Creative Technology Ltd) C:\Windows\system32\CTChkAud.dll
2014-03-13 17:18 - 2006-10-06 07:17 - 00053248 ____N (Creative Technology Ltd ) C:\Windows\Ctregrun.exe
2014-03-13 17:18 - 2003-06-12 23:25 - 00007062 _____ () C:\Windows\SysWOW64\audiopid.vxd
2014-03-13 17:08 - 2013-09-04 07:07 - 02056192 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\ksaud.sys
2014-03-13 17:08 - 2013-08-30 07:44 - 02535936 _____ (Creative Technology Ltd.) C:\Windows\system32\KsMalc64.DLL
2014-03-13 17:08 - 2013-08-30 07:44 - 02127872 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KsMalc32.dll
2014-03-13 17:08 - 2013-08-29 04:13 - 00115712 _____ (Creative Technology Ltd.) C:\Windows\system32\SBAVMon.dll
2014-03-13 17:08 - 2013-08-15 10:56 - 01140736 _____ (Creative Technology Ltd.) C:\Windows\system32\KSAPO64.dll
2014-03-13 17:08 - 2013-08-15 10:56 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\KSPPLD64.dll
2014-03-13 17:08 - 2013-08-15 10:55 - 00944640 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KSAPO32.dll
2014-03-13 17:08 - 2013-07-29 11:57 - 00305729 _____ () C:\Windows\system32\DeviceDefaultVista.reg
2014-03-13 17:08 - 2013-07-10 05:12 - 00417792 _____ (Creative Technology Ltd.) C:\Windows\system32\KSVSPI64.dll
2014-03-13 17:08 - 2013-07-10 05:11 - 00305664 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KSVSPI32.dll
2014-03-13 17:08 - 2013-07-01 02:55 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\SBAVMonL.dll
2014-03-13 17:08 - 2013-07-01 02:35 - 00001772 _____ () C:\ProgramData\cfSB1095A.ini
2014-03-13 17:08 - 2013-07-01 02:35 - 00000806 _____ () C:\ProgramData\cfSB1300A.ini
2014-03-13 17:08 - 2013-06-11 10:37 - 00001980 _____ () C:\ProgramData\cfSB1560.ini
2014-03-13 17:08 - 2013-05-23 09:27 - 00001697 _____ () C:\ProgramData\CfGH0250.ini
2014-03-13 17:08 - 2013-05-23 09:27 - 00001696 _____ () C:\ProgramData\CfGH0280.ini
2014-03-13 17:08 - 2013-03-08 09:15 - 00003077 _____ () C:\ProgramData\cfSB1290A.ini
2014-03-13 17:08 - 2013-03-08 09:15 - 00002844 _____ () C:\ProgramData\cfSB1240A.ini
2014-03-13 17:08 - 2012-12-07 11:01 - 00000715 _____ () C:\ProgramData\CfSB1532.ini
2014-03-13 17:08 - 2012-12-07 11:01 - 00000715 _____ () C:\ProgramData\CfSB1530.ini
2014-03-13 17:08 - 2012-03-12 10:53 - 00003416 _____ () C:\Windows\system32\SBX.bmp
2014-03-13 17:08 - 2012-02-09 08:11 - 00000715 _____ () C:\ProgramData\CfSB1390.ini
2014-03-13 17:08 - 2012-02-09 08:11 - 00000715 _____ () C:\ProgramData\CfSB1380.ini
2014-03-13 17:08 - 2011-09-26 09:33 - 00000715 _____ () C:\ProgramData\CfSB1360.ini
2014-03-13 17:08 - 2011-06-29 11:36 - 00235520 _____ (Creative Technology Limited) C:\Windows\system32\KsDvInst.dll
2014-03-13 17:08 - 2011-06-03 03:28 - 00487424 _____ (Creative Technology Ltd.) C:\Windows\system32\JDetect.exe
2014-03-13 17:08 - 2010-11-26 04:07 - 00000806 _____ () C:\ProgramData\cfSB1300.ini
2014-03-13 17:08 - 2010-07-08 02:42 - 00053760 _____ (Creative Technology Ltd.) C:\Windows\system32\KSPPCn64.dll
2014-03-13 17:08 - 2010-07-08 02:41 - 00074240 _____ (Creative Technology Ltd.) C:\Windows\system32\KSWrap64.dll
2014-03-13 17:08 - 2010-06-29 08:04 - 00001772 _____ () C:\ProgramData\cfSB1095.ini
2014-03-13 17:08 - 2010-06-23 07:54 - 00003077 _____ () C:\ProgramData\cfSB1290.ini
2014-03-13 17:08 - 2010-05-06 04:16 - 00067584 _____ (Creative Technology Ltd.) C:\Windows\system32\KSDGFX64.dll
2014-03-13 17:08 - 2009-11-17 08:54 - 00002844 _____ () C:\ProgramData\cfSB1240.ini
2014-03-13 17:08 - 2009-03-20 11:07 - 00000939 _____ () C:\ProgramData\CfSB1170.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001352 _____ () C:\ProgramData\cfSB1090.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001352 _____ () C:\ProgramData\cfSB0910.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001346 _____ () C:\ProgramData\cfSB1100.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001302 _____ () C:\ProgramData\cfSB0300.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001282 _____ () C:\ProgramData\cfSB0471.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001208 _____ () C:\ProgramData\cfSB0490.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001027 _____ () C:\ProgramData\cfSB0560.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001026 _____ () C:\ProgramData\cfSB0271.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00001026 _____ () C:\ProgramData\cfSB0270.ini
2014-03-13 17:08 - 2009-02-24 07:27 - 00000590 _____ () C:\ProgramData\cfSB0950.ini
2014-03-13 17:07 - 2014-03-21 22:49 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-10 20:59 - 2014-03-10 20:59 - 00000000 ____D () C:\Users\Public\CyberLink
2014-03-08 21:09 - 2014-03-08 21:09 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Power2Go
2014-03-08 18:11 - 2014-03-08 18:11 - 00002147 _____ () C:\Users\Tobi\Desktop\Renegade X.lnk
2014-03-08 18:11 - 2014-03-08 18:11 - 00001057 _____ () C:\Users\Tobi\Desktop\Renegade X Launcher.lnk
2014-03-08 18:10 - 2014-03-08 18:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renegade X
2014-03-08 18:10 - 2014-03-08 18:10 - 00000000 ____D () C:\Program Files (x86)\Renegade X
2014-03-08 17:09 - 2014-03-08 17:55 - 1768010393 ____R () C:\Users\Tobi\Downloads\RenegadeX-OpenBeta-01.exe
2014-03-08 14:29 - 2014-03-08 14:29 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\HandBrake
2014-03-08 14:17 - 2014-03-09 11:04 - 00000343 _____ () C:\Windows\lgfwup.ini
2014-03-08 14:17 - 2014-03-08 14:17 - 00001404 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2014-03-08 14:16 - 2014-03-09 11:04 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-03-08 14:16 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2014-03-08 14:16 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2014-03-08 14:16 - 1998-07-22 00:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2014-03-08 14:16 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6KO.DLL
2014-03-08 14:16 - 1998-06-24 00:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-03-08 14:14 - 2014-03-08 14:14 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Packages
2014-03-08 14:13 - 2014-03-08 14:13 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-08 14:13 - 2014-03-08 14:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-08 14:13 - 2014-03-08 14:13 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-03-08 14:10 - 2014-03-16 11:45 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\CyberLink
2014-03-08 14:10 - 2014-03-08 14:11 - 00000000 ____D () C:\Users\Tobi\AppData\Local\CyberLink
2014-03-08 14:09 - 2014-03-08 14:17 - 00000000 ____D () C:\ProgramData\install_clap
2014-03-08 11:55 - 2014-03-08 14:17 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-08 11:55 - 2014-03-08 14:08 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-03-08 11:55 - 2014-03-08 11:55 - 00000000 ____D () C:\ProgramData\CLSK
2014-03-08 11:53 - 2014-03-16 11:45 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-07 12:20 - 2014-03-07 12:20 - 00000824 _____ () C:\Users\Tobi\Desktop\Handbrake.lnk
2014-03-07 12:20 - 2014-03-07 12:20 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-07 12:20 - 2014-03-07 12:20 - 00000000 ____D () C:\Program Files\Handbrake
2014-03-06 20:36 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-06 20:36 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-04 22:07 - 2014-03-04 22:07 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-03 11:18 - 2014-03-03 11:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 11:18 - 2014-03-03 11:19 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 11:18 - 2014-03-03 11:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 11:18 - 2014-03-03 11:18 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-03-29 13:10 - 2014-03-29 13:08 - 00018063 _____ () C:\Users\Tobi\Desktop\FRST.txt
2014-03-29 13:10 - 2014-03-29 13:08 - 00000000 ____D () C:\FRST
2014-03-29 13:10 - 2013-07-30 12:12 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Deployment
2014-03-29 13:09 - 2014-03-29 13:08 - 00045531 _____ () C:\Users\Tobi\Desktop\Addition.txt
2014-03-29 13:09 - 2013-12-23 21:33 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\NetSpeedMonitor
2014-03-29 13:07 - 2014-03-29 13:07 - 02157056 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2014-03-29 13:03 - 2013-09-15 16:24 - 00000372 _____ () C:\Windows\Tasks\WpsUpdateTask_Tobi.job
2014-03-29 12:43 - 2013-07-30 12:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 12:35 - 2013-11-24 11:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 12:09 - 2013-07-30 13:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-29 11:46 - 2014-03-29 11:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 11:45 - 2014-03-29 11:45 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 11:45 - 2014-03-29 11:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 11:44 - 2014-03-29 11:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-29 11:44 - 2014-03-29 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 11:38 - 2014-03-29 11:38 - 00000000 ____D () C:\Users\Tobi\Documents\ProcAlyzer Dumps
2014-03-29 11:38 - 2014-03-29 11:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-29 11:32 - 2014-03-29 11:32 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-29 11:32 - 2014-03-29 11:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-29 11:32 - 2014-03-29 11:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-29 11:31 - 2014-03-29 11:31 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Tobi\Downloads\spybot-2.2.exe
2014-03-29 11:31 - 2014-01-21 19:09 - 00069008 _____ () C:\Users\Tobi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 11:30 - 2014-03-29 11:30 - 00710848 _____ ( ) C:\Users\Tobi\Desktop\COMPUTER_BILD-Download-Manager_fuer_spybot-2.2.exe
2014-03-29 11:28 - 2014-03-29 11:14 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:28 - 2013-10-14 17:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-29 11:27 - 2014-03-20 21:50 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-29 11:27 - 2013-09-11 20:50 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\uTorrent
2014-03-29 11:24 - 2014-01-20 21:08 - 00000000 ____D () C:\Users\Tobi\AppData\Local\GameSpy
2014-03-29 11:23 - 2013-10-29 16:11 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-03-29 11:23 - 2013-10-16 18:15 - 00000000 ____D () C:\Program Files (x86)\ubitus
2014-03-29 11:23 - 2009-07-14 05:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 11:23 - 2009-07-14 05:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 11:22 - 2013-10-17 16:55 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-03-29 11:19 - 2014-01-21 20:53 - 01461605 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 11:15 - 2014-02-11 22:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-29 11:15 - 2014-01-21 20:49 - 00014581 _____ () C:\Windows\setupact.log
2014-03-29 11:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 11:14 - 2014-03-26 19:11 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-29 11:13 - 2014-03-29 11:13 - 01950720 _____ () C:\Users\Tobi\Desktop\adwcleaner.exe
2014-03-27 19:05 - 2013-08-28 17:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-27 17:38 - 2014-02-11 22:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 17:38 - 2013-07-30 12:12 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 17:18 - 2014-03-27 17:18 - 00001105 _____ () C:\Users\Public\Desktop\World of Diving OVR.lnk
2014-03-27 17:18 - 2014-03-27 17:18 - 00001085 _____ () C:\Users\Public\Desktop\World of Diving.lnk
2014-03-27 17:17 - 2014-03-27 17:17 - 00000000 ____D () C:\Program Files (x86)\World of Diving
2014-03-27 17:17 - 2014-03-27 17:07 - 305814330 _____ (Vertigo Games B.V. ) C:\Users\Tobi\Desktop\wod_stage_0.exe
2014-03-26 19:11 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-25 19:00 - 2013-12-24 19:54 - 00000400 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-03-23 17:45 - 2014-03-23 17:45 - 00002126 _____ () C:\Users\Tobi\Documents\Mass Effect 2 1.02.log
2014-03-23 15:47 - 2014-01-21 20:49 - 00018026 _____ () C:\Windows\PFRO.log
2014-03-23 14:00 - 2013-11-23 13:03 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\GameSave Manager 3
2014-03-23 12:08 - 2014-03-23 12:08 - 00000000 ____D () C:\Users\Tobi\Documents\BioWare
2014-03-23 12:08 - 2014-03-23 12:08 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Ubisoft
2014-03-23 12:03 - 2013-11-23 13:04 - 00000000 ____D () C:\Program Files (x86)\GameSave Manager v3
2014-03-23 11:31 - 2014-03-23 11:31 - 00000802 _____ () C:\Users\Public\Desktop\Mass Effect 2.lnk
2014-03-23 11:31 - 2014-03-23 11:31 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2014-03-23 11:31 - 2014-03-23 11:11 - 00017384 _____ () C:\Users\Tobi\Documents\Install Mass Effect 2.log
2014-03-23 11:12 - 2013-09-15 15:58 - 00000000 ____D () C:\Games
2014-03-22 12:39 - 2014-03-22 12:39 - 00121069 _____ () C:\Users\Tobi\Desktop\memtest86+-5.01.usb.installer.zip
2014-03-21 22:49 - 2014-03-13 17:36 - 00000000 ____D () C:\ProgramData\Creative
2014-03-21 22:49 - 2014-03-13 17:07 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-21 22:49 - 2013-10-03 20:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-21 22:47 - 2013-12-25 14:56 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-03-21 22:47 - 2013-11-27 17:12 - 00000000 ____D () C:\AeriaGames
2014-03-21 22:41 - 2014-03-21 22:41 - 00000062 _____ () C:\Windows\wininit.ini
2014-03-21 22:41 - 2013-09-07 11:43 - 00000000 ____D () C:\Program Files (x86)\gravitysensation.com
2014-03-21 22:40 - 2014-03-21 22:40 - 00017204 _____ () C:\Windows\AVMInstall.Log
2014-03-21 22:40 - 2013-08-05 19:42 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3
2014-03-21 22:40 - 2013-08-05 19:42 - 00000000 ____D () C:\Users\Tobi\AppData\Local\BeamNG
2014-03-21 22:39 - 2013-10-23 18:10 - 00000000 ____D () C:\Users\Tobi\Documents\16 Bit Arena
2014-03-21 17:45 - 2011-04-12 08:43 - 00710178 _____ () C:\Windows\system32\perfh007.dat
2014-03-21 17:45 - 2011-04-12 08:43 - 00154508 _____ () C:\Windows\system32\perfc007.dat
2014-03-21 17:45 - 2009-07-14 06:13 - 01650358 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 22:28 - 2014-03-19 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\KeePass
2014-03-19 22:09 - 2014-03-19 22:08 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-03-19 17:10 - 2009-07-14 05:45 - 00302344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 17:45 - 2013-08-25 12:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 17:43 - 2013-08-02 20:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 19:00 - 2014-03-17 19:00 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\MPC-HC
2014-03-17 18:59 - 2014-03-17 18:56 - 00518616 _____ () C:\Users\Tobi\Desktop\waaaaaaaaaaaaaaaaaas.wmv.wav
2014-03-17 18:59 - 2013-08-09 11:21 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Audacity
2014-03-17 18:58 - 2014-02-06 20:59 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc
2014-03-16 11:45 - 2014-03-16 11:45 - 00000000 ____D () C:\Users\Tobi\Documents\CyberLink
2014-03-16 11:45 - 2014-03-08 14:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\CyberLink
2014-03-16 11:45 - 2014-03-08 11:53 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-15 17:53 - 2014-02-16 17:07 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\GameTracker
2014-03-15 11:12 - 2014-03-15 11:12 - 00278863 _____ () C:\Users\Tobi\Documents\Unbenannt (5).wma
2014-03-15 11:11 - 2014-03-15 11:11 - 00332743 _____ () C:\Users\Tobi\Documents\Unbenannt (4).wma
2014-03-14 17:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-13 21:44 - 2014-03-13 21:44 - 00153143 _____ () C:\Users\Tobi\Documents\Unbenannt (3).wma
2014-03-13 21:39 - 2014-03-13 21:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
2014-03-13 21:39 - 2014-03-13 21:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Creative
2014-03-13 17:36 - 2014-03-13 17:36 - 00000000 ____D () C:\ProgramData\Creative Labs
2014-03-13 17:25 - 2014-03-13 17:25 - 00085793 _____ () C:\Users\Tobi\Documents\Unbenannt (2).wma
2014-03-13 17:18 - 2013-09-04 13:59 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-03-13 17:18 - 2013-09-04 13:59 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-03-13 17:18 - 2013-09-04 13:59 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-03-13 17:18 - 2013-09-04 13:59 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-03-13 17:06 - 2013-11-24 11:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 17:06 - 2013-11-24 11:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 17:06 - 2013-11-24 11:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 20:59 - 2014-03-10 20:59 - 00000000 ____D () C:\Users\Public\CyberLink
2014-03-10 19:23 - 2013-10-07 19:44 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Spotify
2014-03-10 18:28 - 2013-10-07 19:45 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Spotify
2014-03-09 11:05 - 2013-10-30 22:05 - 00000000 ____D () C:\Windows\pss
2014-03-09 11:04 - 2014-03-08 14:17 - 00000343 _____ () C:\Windows\lgfwup.ini
2014-03-09 11:04 - 2014-03-08 14:16 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-03-08 21:09 - 2014-03-08 21:09 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Power2Go
2014-03-08 19:13 - 2013-08-06 20:35 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\BitTorrent
2014-03-08 18:11 - 2014-03-08 18:11 - 00002147 _____ () C:\Users\Tobi\Desktop\Renegade X.lnk
2014-03-08 18:11 - 2014-03-08 18:11 - 00001057 _____ () C:\Users\Tobi\Desktop\Renegade X Launcher.lnk
2014-03-08 18:10 - 2014-03-08 18:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renegade X
2014-03-08 18:10 - 2014-03-08 18:10 - 00000000 ____D () C:\Program Files (x86)\Renegade X
2014-03-08 17:55 - 2014-03-08 17:09 - 1768010393 ____R () C:\Users\Tobi\Downloads\RenegadeX-OpenBeta-01.exe
2014-03-08 14:29 - 2014-03-08 14:29 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\HandBrake
2014-03-08 14:17 - 2014-03-08 14:17 - 00001404 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2014-03-08 14:17 - 2014-03-08 14:09 - 00000000 ____D () C:\ProgramData\install_clap
2014-03-08 14:17 - 2014-03-08 11:55 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-08 14:14 - 2014-03-08 14:14 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Packages
2014-03-08 14:13 - 2014-03-08 14:13 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-08 14:13 - 2014-03-08 14:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-08 14:13 - 2014-03-08 14:13 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-03-08 14:11 - 2014-03-08 14:10 - 00000000 ____D () C:\Users\Tobi\AppData\Local\CyberLink
2014-03-08 14:08 - 2014-03-08 11:55 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-03-08 11:55 - 2014-03-08 11:55 - 00000000 ____D () C:\ProgramData\CLSK
2014-03-07 12:20 - 2014-03-07 12:20 - 00000824 _____ () C:\Users\Tobi\Desktop\Handbrake.lnk
2014-03-07 12:20 - 2014-03-07 12:20 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-07 12:20 - 2014-03-07 12:20 - 00000000 ____D () C:\Program Files\Handbrake
2014-03-05 10:46 - 2013-08-06 11:31 - 00000000 ____D () C:\Users\Tobi\Documents\My Games
2014-03-05 09:26 - 2014-03-29 11:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-29 11:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-29 11:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 22:07 - 2014-03-04 22:07 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-04 22:07 - 2013-12-21 18:03 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\DVDVideoSoft
2014-03-03 21:51 - 2014-02-14 14:21 - 00018920 _____ () C:\Windows\DirectX.log
2014-03-03 11:19 - 2014-03-03 11:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 11:19 - 2014-03-03 11:18 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 11:19 - 2014-03-03 11:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 11:18 - 2014-03-03 11:18 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 07:05 - 2014-03-18 17:42 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-18 17:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-18 17:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-18 17:42 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-18 17:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-18 17:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-18 17:42 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-18 17:42 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-18 17:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-18 17:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-18 17:42 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-18 17:42 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-18 17:42 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-18 17:42 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-18 17:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-18 17:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-18 17:42 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-18 17:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-18 17:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-18 17:42 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-18 17:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-18 17:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-18 17:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-18 17:42 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-18 17:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-18 17:42 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-18 17:42 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-18 17:42 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-18 17:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-18 17:42 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-18 17:42 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-18 17:42 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-18 17:42 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-18 17:42 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-18 17:42 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-18 17:42 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-18 17:42 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-18 17:42 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-18 17:42 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\Users\Tobi\AppData\Roaming\Camdata.ini
C:\Users\Tobi\AppData\Roaming\CamLayout.ini
C:\Users\Tobi\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\avgnt.exe
C:\Users\Tobi\AppData\Local\Temp\CTPBSeq.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 17:36

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 29.03.2014, 21:28   #4
Bootsektor
/// TB-Ausbilder
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Hallo ToflixGamer,

hast du den Proxy gesetzt?
Code:
ATTFilter
ProxyServer: http=87.263.210:45
         
Schritt 1
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\Windows\system32\shfoldes.exe
             
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.
    Wiederhole dieselben Schritte mit folgender Datei:
    Code:
    ATTFilter
    C:\Windows\SysWOW64\PnkBstrA.exe
             

Ich sehe in Chrome nichts mehr vom Downloadprotector. Kannst du ihn nach folgenden Schritten im Browser entfernen?
Wichtig! Bitte speichere diese Liste im Unicode-Format ab. (Gehe auf Speichern > Auswahl Codierung unten im Notepad, die steht Standardmässig auf ANSI, ändere sie auf Unicode)
Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {389A13A9-ACF2-4BB9-8FDE-BADDC3D6AD32} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN37012196571243915&UM=2
FF Extension: Download Protect - C:\Windows\Installer\{26EE2A3B-8FF0-45FB-9D54-FBF1ACAB9D05}\{D55933A3-981A-477B-8EDB-D54CA363AD30}.xpi [2014-03-29]
S2 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數Ā" [X]
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\Users\Tobi\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Tobi\AppData\Roaming:NT
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 3
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 30.03.2014, 10:35   #5
ToflixGamer
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Den Proxy habe ich nicht selber gesetzt, soweit ich weiß. Ich habe mal versucht, mit einer ausländischen IP an bestimmte Videos auf YouTube ranzukommen, funktioniert hat das allerdings nicht. Und soweit ich das erkenne, ist das ja keine ausländische.

Die shfoldes.exe habe ich nicht bzw. wird bei mir nicht gefunden, so sagt mir das mein Computer.

Link für die Punkbuster-Analyse: https://www.virustotal.com/de/file/eaf383c4acc17dbb060bb8398225222175e028e1e332e2ce0548c97daed3620e/analysis/1396171216/



Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Tobi at 2014-03-30 11:25:05 Run:1
Running from C:\Users\Tobi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {389A13A9-ACF2-4BB9-8FDE-BADDC3D6AD32} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN37012196571243915&UM=2
FF Extension: Download Protect - C:\Windows\Installer\{26EE2A3B-8FF0-45FB-9D54-FBF1ACAB9D05}\{D55933A3-981A-477B-8EDB-D54CA363AD30}.xpi [2014-03-29]
S2 ????????t; ???????????????????????????A" [X]
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\Users\Tobi\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Tobi\AppData\Roaming:NT
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{389A13A9-ACF2-4BB9-8FDE-BADDC3D6AD32} => Key deleted successfully.
HKCR\CLSID\{389A13A9-ACF2-4BB9-8FDE-BADDC3D6AD32} => Key not found.
C:\Windows\Installer\{26EE2A3B-8FF0-45FB-9D54-FBF1ACAB9D05}\{D55933A3-981A-477B-8EDB-D54CA363AD30}.xpi => Moved successfully.
????????t => Service not found.
C:\ProgramData => ":NT" ADS removed successfully.
"C:\Users\All Users" => ":NT" ADS not found.
"C:\ProgramData\Anwendungsdaten" => ":NT" ADS not found.
"C:\ProgramData\Application Data" => ":NT" ADS not found.
C:\ProgramData\MTA San Andreas All => ":NT" ADS removed successfully.
"C:\Users\Tobi\Anwendungsdaten" => ":NT" ADS not found.
C:\Users\Tobi\AppData\Roaming => ":NT" ADS removed successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Das Programm ist jetzt komplett aus Chrome verschwunden.


FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tobi (administrator) on TOBI-PC on 30-03-2014 11:33:20
Running from C:\Users\Tobi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
() C:\Windows\system32\shfoldes.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\MountPoints2: {32b3b54b-f90f-11e2-b9a4-806e6f6e6963} - D:\pushinst.exe
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\MountPoints2: {531c2fab-a6ad-11e3-9f15-806e6f6e6963} - D:\autorun.exe -auto
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64 - Verknüpfung.lnk
ShortcutTarget: RAVCpl64 - Verknüpfung.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

==================== Internet (Whitelisted) ====================

ProxyServer: http=87.263.210:45
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\rr75nzpd.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Tobi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\rr75nzpd.default\Extensions\staged [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{D55933A3-981A-477B-8EDB-D54CA363AD30}] - C:\Windows\Installer\{26EE2A3B-8FF0-45FB-9D54-FBF1ACAB9D05}\{D55933A3-981A-477B-8EDB-D54CA363AD30}.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.de?hl=de&gl=de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-03-29]
CHR Extension: (Angry Birds) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-30]
CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-30]
CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-30]
CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-27]
CHR Extension: (YouRepeat) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2014-01-06]
CHR Extension: (SteamGifts Plus Alternative) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjlighkgeendkpncecpcidcegejbmedb [2013-11-07]
CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-30]
CHR Extension: (RSS Feed Reader) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-03-20]
CHR HKCU\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Tobi\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Tobi\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-04] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-07-17] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.)
S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
R2 ntprintd; C:\Windows\system32\shfoldes.exe [118784 2013-12-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-01-20] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S4 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)
S2 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數Ā" [X]

==================== Drivers (Whitelisted) ====================

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-07-17] (BlueStack Systems)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [2056192 2013-09-04] (Creative Technology Ltd.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-29] (Malwarebytes Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [38584 2013-01-21] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [139960 2013-01-21] (TheGreenBow)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-30 11:33 - 2014-03-30 11:33 - 00016296 _____ () C:\Users\Tobi\Desktop\FRST.txt
2014-03-30 11:32 - 2014-03-30 11:33 - 00045075 _____ () C:\Users\Tobi\Desktop\Addition.txt
2014-03-29 17:01 - 2014-03-29 17:01 - 00001211 _____ () C:\Users\Tobi\Desktop\KSP - Verknüpfung.lnk
2014-03-29 17:00 - 2014-03-29 17:00 - 04250146 _____ () C:\Users\Tobi\Desktop\uploads-2013-12-MechJeb2-2.1.1.01.zip
2014-03-29 16:45 - 2014-03-29 16:45 - 02200350 _____ () C:\Users\Tobi\Desktop\uploads-2013-07-IoncrossCrewSupport_v1_10c.zip
2014-03-29 16:39 - 2014-03-29 16:39 - 00000000 ____D () C:\Users\Tobi\Desktop\ksp-win-0-23-0
2014-03-29 14:08 - 2014-03-30 11:33 - 00000000 ____D () C:\FRST
2014-03-29 14:07 - 2014-03-29 14:07 - 02157056 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2014-03-29 12:45 - 2014-03-29 12:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 12:45 - 2014-03-29 12:45 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 12:44 - 2014-03-29 12:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 12:44 - 2014-03-29 12:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-29 12:44 - 2014-03-29 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 12:44 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-29 12:44 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-29 12:44 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 12:38 - 2014-03-29 12:38 - 00000000 ____D () C:\Users\Tobi\Documents\ProcAlyzer Dumps
2014-03-29 12:32 - 2014-03-29 12:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-29 12:32 - 2014-03-29 12:32 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-29 12:32 - 2014-03-29 12:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-29 12:32 - 2014-03-29 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-29 12:32 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-29 12:31 - 2014-03-29 12:31 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Tobi\Downloads\spybot-2.2.exe
2014-03-29 12:30 - 2014-03-29 12:30 - 00710848 _____ ( ) C:\Users\Tobi\Desktop\COMPUTER_BILD-Download-Manager_fuer_spybot-2.2.exe
2014-03-29 12:14 - 2014-03-29 12:28 - 00000000 ____D () C:\AdwCleaner
2014-03-29 12:13 - 2014-03-29 12:13 - 01950720 _____ () C:\Users\Tobi\Desktop\adwcleaner.exe
2014-03-27 18:18 - 2014-03-27 18:18 - 00001105 _____ () C:\Users\Public\Desktop\World of Diving OVR.lnk
2014-03-27 18:18 - 2014-03-27 18:18 - 00001085 _____ () C:\Users\Public\Desktop\World of Diving.lnk
2014-03-27 18:17 - 2014-03-27 18:17 - 00000000 ____D () C:\Program Files (x86)\World of Diving
2014-03-27 18:07 - 2014-03-27 18:17 - 305814330 _____ (Vertigo Games B.V. ) C:\Users\Tobi\Desktop\wod_stage_0.exe
2014-03-26 20:11 - 2014-03-30 11:26 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-23 18:45 - 2014-03-23 18:45 - 00002126 _____ () C:\Users\Tobi\Documents\Mass Effect 2 1.02.log
2014-03-23 13:08 - 2014-03-23 13:08 - 00000000 ____D () C:\Users\Tobi\Documents\BioWare
2014-03-23 13:08 - 2014-03-23 13:08 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Ubisoft
2014-03-23 12:31 - 2014-03-23 12:31 - 00000802 _____ () C:\Users\Public\Desktop\Mass Effect 2.lnk
2014-03-23 12:31 - 2014-03-23 12:31 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2014-03-23 12:11 - 2014-03-23 12:31 - 00017384 _____ () C:\Users\Tobi\Documents\Install Mass Effect 2.log
2014-03-22 13:39 - 2014-03-22 13:39 - 00121069 _____ () C:\Users\Tobi\Desktop\memtest86+-5.01.usb.installer.zip
2014-03-21 23:41 - 2014-03-21 23:41 - 00000062 _____ () C:\Windows\wininit.ini
2014-03-21 23:40 - 2014-03-21 23:40 - 00017204 _____ () C:\Windows\AVMInstall.Log
2014-03-21 23:40 - 2010-10-01 01:00 - 00480632 ____N (AVM Berlin) C:\Windows\instwcli.dex
2014-03-20 22:50 - 2014-03-29 12:27 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-19 23:08 - 2014-03-19 23:09 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-03-19 23:06 - 2014-03-19 23:28 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\KeePass
2014-03-18 18:42 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 18:42 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 18:42 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 18:42 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 18:42 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 18:42 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 18:42 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 18:42 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 18:42 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 18:42 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 18:42 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 18:42 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 18:42 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-18 18:42 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 18:42 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 18:42 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-18 18:42 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 18:42 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 18:42 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 18:42 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 18:42 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 18:42 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 18:42 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 18:42 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 18:42 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 18:42 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 18:42 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 18:42 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 18:42 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 18:42 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 18:42 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 18:42 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 18:42 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 18:42 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 18:42 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 18:42 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 18:42 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 18:42 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 18:42 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 18:42 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 18:41 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 18:41 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 18:41 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 18:41 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 18:41 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-18 18:41 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 18:41 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 18:41 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-17 20:00 - 2014-03-17 20:00 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\MPC-HC
2014-03-17 19:56 - 2014-03-17 19:59 - 00518616 _____ () C:\Users\Tobi\Desktop\waaaaaaaaaaaaaaaaaas.wmv.wav
2014-03-16 12:45 - 2014-03-16 12:45 - 00000000 ____D () C:\Users\Tobi\Documents\CyberLink
2014-03-15 12:12 - 2014-03-15 12:12 - 00278863 _____ () C:\Users\Tobi\Documents\Unbenannt (5).wma
2014-03-15 12:11 - 2014-03-15 12:11 - 00332743 _____ () C:\Users\Tobi\Documents\Unbenannt (4).wma
2014-03-13 22:44 - 2014-03-13 22:44 - 00153143 _____ () C:\Users\Tobi\Documents\Unbenannt (3).wma
2014-03-13 22:39 - 2014-03-13 22:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
2014-03-13 22:39 - 2014-03-13 22:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Creative
2014-03-13 18:36 - 2014-03-21 23:49 - 00000000 ____D () C:\ProgramData\Creative
2014-03-13 18:36 - 2014-03-13 18:36 - 00000000 ____D () C:\ProgramData\Creative Labs
2014-03-13 18:25 - 2014-03-13 18:25 - 00085793 _____ () C:\Users\Tobi\Documents\Unbenannt (2).wma
2014-03-13 18:18 - 2013-04-03 15:01 - 00006601 ____N () C:\Windows\system32\CTOPT399.cat
2014-03-13 18:18 - 2013-04-03 10:54 - 00088576 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT399.dll
2014-03-13 18:18 - 2009-12-24 04:49 - 00809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp6671.tmp
2014-03-13 18:18 - 2008-12-22 21:13 - 00049664 ____N (Creative Technology Ltd) C:\Windows\system32\CTChkAud.dll
2014-03-13 18:18 - 2006-10-06 08:17 - 00053248 ____N (Creative Technology Ltd ) C:\Windows\Ctregrun.exe
2014-03-13 18:18 - 2003-06-13 00:25 - 00007062 _____ () C:\Windows\SysWOW64\audiopid.vxd
2014-03-13 18:08 - 2013-09-04 08:07 - 02056192 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\ksaud.sys
2014-03-13 18:08 - 2013-08-30 08:44 - 02535936 _____ (Creative Technology Ltd.) C:\Windows\system32\KsMalc64.DLL
2014-03-13 18:08 - 2013-08-30 08:44 - 02127872 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KsMalc32.dll
2014-03-13 18:08 - 2013-08-29 05:13 - 00115712 _____ (Creative Technology Ltd.) C:\Windows\system32\SBAVMon.dll
2014-03-13 18:08 - 2013-08-15 11:56 - 01140736 _____ (Creative Technology Ltd.) C:\Windows\system32\KSAPO64.dll
2014-03-13 18:08 - 2013-08-15 11:56 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\KSPPLD64.dll
2014-03-13 18:08 - 2013-08-15 11:55 - 00944640 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KSAPO32.dll
2014-03-13 18:08 - 2013-07-29 12:57 - 00305729 _____ () C:\Windows\system32\DeviceDefaultVista.reg
2014-03-13 18:08 - 2013-07-10 06:12 - 00417792 _____ (Creative Technology Ltd.) C:\Windows\system32\KSVSPI64.dll
2014-03-13 18:08 - 2013-07-10 06:11 - 00305664 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KSVSPI32.dll
2014-03-13 18:08 - 2013-07-01 03:55 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\SBAVMonL.dll
2014-03-13 18:08 - 2013-07-01 03:35 - 00001772 _____ () C:\ProgramData\cfSB1095A.ini
2014-03-13 18:08 - 2013-07-01 03:35 - 00000806 _____ () C:\ProgramData\cfSB1300A.ini
2014-03-13 18:08 - 2013-06-11 11:37 - 00001980 _____ () C:\ProgramData\cfSB1560.ini
2014-03-13 18:08 - 2013-05-23 10:27 - 00001697 _____ () C:\ProgramData\CfGH0250.ini
2014-03-13 18:08 - 2013-05-23 10:27 - 00001696 _____ () C:\ProgramData\CfGH0280.ini
2014-03-13 18:08 - 2013-03-08 10:15 - 00003077 _____ () C:\ProgramData\cfSB1290A.ini
2014-03-13 18:08 - 2013-03-08 10:15 - 00002844 _____ () C:\ProgramData\cfSB1240A.ini
2014-03-13 18:08 - 2012-12-07 12:01 - 00000715 _____ () C:\ProgramData\CfSB1532.ini
2014-03-13 18:08 - 2012-12-07 12:01 - 00000715 _____ () C:\ProgramData\CfSB1530.ini
2014-03-13 18:08 - 2012-03-12 11:53 - 00003416 _____ () C:\Windows\system32\SBX.bmp
2014-03-13 18:08 - 2012-02-09 09:11 - 00000715 _____ () C:\ProgramData\CfSB1390.ini
2014-03-13 18:08 - 2012-02-09 09:11 - 00000715 _____ () C:\ProgramData\CfSB1380.ini
2014-03-13 18:08 - 2011-09-26 10:33 - 00000715 _____ () C:\ProgramData\CfSB1360.ini
2014-03-13 18:08 - 2011-06-29 12:36 - 00235520 _____ (Creative Technology Limited) C:\Windows\system32\KsDvInst.dll
2014-03-13 18:08 - 2011-06-03 04:28 - 00487424 _____ (Creative Technology Ltd.) C:\Windows\system32\JDetect.exe
2014-03-13 18:08 - 2010-11-26 05:07 - 00000806 _____ () C:\ProgramData\cfSB1300.ini
2014-03-13 18:08 - 2010-07-08 03:42 - 00053760 _____ (Creative Technology Ltd.) C:\Windows\system32\KSPPCn64.dll
2014-03-13 18:08 - 2010-07-08 03:41 - 00074240 _____ (Creative Technology Ltd.) C:\Windows\system32\KSWrap64.dll
2014-03-13 18:08 - 2010-06-29 09:04 - 00001772 _____ () C:\ProgramData\cfSB1095.ini
2014-03-13 18:08 - 2010-06-23 08:54 - 00003077 _____ () C:\ProgramData\cfSB1290.ini
2014-03-13 18:08 - 2010-05-06 05:16 - 00067584 _____ (Creative Technology Ltd.) C:\Windows\system32\KSDGFX64.dll
2014-03-13 18:08 - 2009-11-17 09:54 - 00002844 _____ () C:\ProgramData\cfSB1240.ini
2014-03-13 18:08 - 2009-03-20 12:07 - 00000939 _____ () C:\ProgramData\CfSB1170.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001352 _____ () C:\ProgramData\cfSB1090.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001352 _____ () C:\ProgramData\cfSB0910.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001346 _____ () C:\ProgramData\cfSB1100.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001302 _____ () C:\ProgramData\cfSB0300.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001282 _____ () C:\ProgramData\cfSB0471.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001208 _____ () C:\ProgramData\cfSB0490.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001027 _____ () C:\ProgramData\cfSB0560.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001026 _____ () C:\ProgramData\cfSB0271.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001026 _____ () C:\ProgramData\cfSB0270.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00000590 _____ () C:\ProgramData\cfSB0950.ini
2014-03-13 18:07 - 2014-03-21 23:49 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-10 21:59 - 2014-03-10 21:59 - 00000000 ____D () C:\Users\Public\CyberLink
2014-03-08 22:09 - 2014-03-08 22:09 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Power2Go
2014-03-08 19:11 - 2014-03-08 19:11 - 00002147 _____ () C:\Users\Tobi\Desktop\Renegade X.lnk
2014-03-08 19:11 - 2014-03-08 19:11 - 00001057 _____ () C:\Users\Tobi\Desktop\Renegade X Launcher.lnk
2014-03-08 19:10 - 2014-03-08 19:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renegade X
2014-03-08 19:10 - 2014-03-08 19:10 - 00000000 ____D () C:\Program Files (x86)\Renegade X
2014-03-08 18:09 - 2014-03-08 18:55 - 1768010393 ____R () C:\Users\Tobi\Downloads\RenegadeX-OpenBeta-01.exe
2014-03-08 15:29 - 2014-03-08 15:29 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\HandBrake
2014-03-08 15:17 - 2014-03-09 12:04 - 00000343 _____ () C:\Windows\lgfwup.ini
2014-03-08 15:17 - 2014-03-08 15:17 - 00001404 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2014-03-08 15:16 - 2014-03-09 12:04 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-03-08 15:16 - 2012-07-11 14:18 - 00023664 _____ (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2014-03-08 15:16 - 2001-08-29 22:00 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2014-03-08 15:16 - 1998-07-22 01:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2014-03-08 15:16 - 1998-07-22 01:00 - 00102160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6KO.DLL
2014-03-08 15:16 - 1998-06-24 01:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-03-08 15:14 - 2014-03-08 15:14 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Packages
2014-03-08 15:13 - 2014-03-08 15:13 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-08 15:13 - 2014-03-08 15:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-08 15:13 - 2014-03-08 15:13 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-03-08 15:10 - 2014-03-16 12:45 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\CyberLink
2014-03-08 15:10 - 2014-03-08 15:11 - 00000000 ____D () C:\Users\Tobi\AppData\Local\CyberLink
2014-03-08 15:09 - 2014-03-08 15:17 - 00000000 ____D () C:\ProgramData\install_clap
2014-03-08 12:55 - 2014-03-08 15:17 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-08 12:55 - 2014-03-08 15:08 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-03-08 12:55 - 2014-03-08 12:55 - 00000000 ____D () C:\ProgramData\CLSK
2014-03-08 12:53 - 2014-03-16 12:45 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-07 13:20 - 2014-03-29 19:18 - 00000868 _____ () C:\Users\Tobi\Desktop\Handbrake.lnk
2014-03-07 13:20 - 2014-03-07 13:20 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-07 13:20 - 2014-03-07 13:20 - 00000000 ____D () C:\Program Files\Handbrake
2014-03-06 21:36 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-06 21:36 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-04 23:07 - 2014-03-04 23:07 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-03 12:18 - 2014-03-03 12:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 12:18 - 2014-03-03 12:19 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 12:18 - 2014-03-03 12:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 12:18 - 2014-03-03 12:18 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-03-30 11:33 - 2014-03-30 11:33 - 00016296 _____ () C:\Users\Tobi\Desktop\FRST.txt
2014-03-30 11:33 - 2014-03-30 11:32 - 00045075 _____ () C:\Users\Tobi\Desktop\Addition.txt
2014-03-30 11:33 - 2014-03-29 14:08 - 00000000 ____D () C:\FRST
2014-03-30 11:33 - 2013-12-23 22:33 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\NetSpeedMonitor
2014-03-30 11:32 - 2011-04-12 09:43 - 00710178 _____ () C:\Windows\system32\perfh007.dat
2014-03-30 11:32 - 2011-04-12 09:43 - 00154508 _____ () C:\Windows\system32\perfc007.dat
2014-03-30 11:32 - 2009-07-14 07:13 - 01650358 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 11:29 - 2014-01-21 21:53 - 01492285 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 11:26 - 2014-03-26 20:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 11:25 - 2014-02-11 23:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 11:25 - 2014-01-21 21:49 - 00014749 _____ () C:\Windows\setupact.log
2014-03-30 11:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 11:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-30 11:21 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 11:21 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 11:15 - 2013-07-30 14:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-30 00:03 - 2013-09-15 17:24 - 00000372 _____ () C:\Windows\Tasks\WpsUpdateTask_Tobi.job
2014-03-29 23:43 - 2013-07-30 13:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 23:35 - 2013-11-24 12:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 23:03 - 2009-07-14 06:45 - 00299360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-29 23:02 - 2014-01-21 21:49 - 00021584 _____ () C:\Windows\PFRO.log
2014-03-29 19:18 - 2014-03-07 13:20 - 00000868 _____ () C:\Users\Tobi\Desktop\Handbrake.lnk
2014-03-29 17:01 - 2014-03-29 17:01 - 00001211 _____ () C:\Users\Tobi\Desktop\KSP - Verknüpfung.lnk
2014-03-29 17:00 - 2014-03-29 17:00 - 04250146 _____ () C:\Users\Tobi\Desktop\uploads-2013-12-MechJeb2-2.1.1.01.zip
2014-03-29 16:45 - 2014-03-29 16:45 - 02200350 _____ () C:\Users\Tobi\Desktop\uploads-2013-07-IoncrossCrewSupport_v1_10c.zip
2014-03-29 16:39 - 2014-03-29 16:39 - 00000000 ____D () C:\Users\Tobi\Desktop\ksp-win-0-23-0
2014-03-29 14:10 - 2013-07-30 13:12 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Deployment
2014-03-29 14:07 - 2014-03-29 14:07 - 02157056 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2014-03-29 12:46 - 2014-03-29 12:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 12:45 - 2014-03-29 12:45 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 12:45 - 2014-03-29 12:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 12:44 - 2014-03-29 12:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-29 12:44 - 2014-03-29 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 12:38 - 2014-03-29 12:38 - 00000000 ____D () C:\Users\Tobi\Documents\ProcAlyzer Dumps
2014-03-29 12:38 - 2014-03-29 12:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-29 12:32 - 2014-03-29 12:32 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-29 12:32 - 2014-03-29 12:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-29 12:32 - 2014-03-29 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-29 12:31 - 2014-03-29 12:31 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Tobi\Downloads\spybot-2.2.exe
2014-03-29 12:31 - 2014-01-21 20:09 - 00069008 _____ () C:\Users\Tobi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 12:30 - 2014-03-29 12:30 - 00710848 _____ ( ) C:\Users\Tobi\Desktop\COMPUTER_BILD-Download-Manager_fuer_spybot-2.2.exe
2014-03-29 12:28 - 2014-03-29 12:14 - 00000000 ____D () C:\AdwCleaner
2014-03-29 12:28 - 2013-10-14 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-29 12:27 - 2014-03-20 22:50 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-29 12:27 - 2013-09-11 21:50 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\uTorrent
2014-03-29 12:24 - 2014-01-20 22:08 - 00000000 ____D () C:\Users\Tobi\AppData\Local\GameSpy
2014-03-29 12:23 - 2013-10-29 17:11 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-03-29 12:23 - 2013-10-16 19:15 - 00000000 ____D () C:\Program Files (x86)\ubitus
2014-03-29 12:22 - 2013-10-17 17:55 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-03-29 12:13 - 2014-03-29 12:13 - 01950720 _____ () C:\Users\Tobi\Desktop\adwcleaner.exe
2014-03-27 20:05 - 2013-08-28 18:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-27 18:38 - 2014-02-11 23:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 18:38 - 2013-07-30 13:12 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 18:18 - 2014-03-27 18:18 - 00001105 _____ () C:\Users\Public\Desktop\World of Diving OVR.lnk
2014-03-27 18:18 - 2014-03-27 18:18 - 00001085 _____ () C:\Users\Public\Desktop\World of Diving.lnk
2014-03-27 18:17 - 2014-03-27 18:17 - 00000000 ____D () C:\Program Files (x86)\World of Diving
2014-03-27 18:17 - 2014-03-27 18:07 - 305814330 _____ (Vertigo Games B.V. ) C:\Users\Tobi\Desktop\wod_stage_0.exe
2014-03-25 20:00 - 2013-12-24 20:54 - 00000400 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-03-23 18:45 - 2014-03-23 18:45 - 00002126 _____ () C:\Users\Tobi\Documents\Mass Effect 2 1.02.log
2014-03-23 15:00 - 2013-11-23 14:03 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\GameSave Manager 3
2014-03-23 13:08 - 2014-03-23 13:08 - 00000000 ____D () C:\Users\Tobi\Documents\BioWare
2014-03-23 13:08 - 2014-03-23 13:08 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Ubisoft
2014-03-23 13:03 - 2013-11-23 14:04 - 00000000 ____D () C:\Program Files (x86)\GameSave Manager v3
2014-03-23 12:31 - 2014-03-23 12:31 - 00000802 _____ () C:\Users\Public\Desktop\Mass Effect 2.lnk
2014-03-23 12:31 - 2014-03-23 12:31 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2014-03-23 12:31 - 2014-03-23 12:11 - 00017384 _____ () C:\Users\Tobi\Documents\Install Mass Effect 2.log
2014-03-23 12:12 - 2013-09-15 16:58 - 00000000 ____D () C:\Games
2014-03-22 13:39 - 2014-03-22 13:39 - 00121069 _____ () C:\Users\Tobi\Desktop\memtest86+-5.01.usb.installer.zip
2014-03-21 23:49 - 2014-03-13 18:36 - 00000000 ____D () C:\ProgramData\Creative
2014-03-21 23:49 - 2014-03-13 18:07 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-21 23:49 - 2013-10-03 21:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-21 23:47 - 2013-12-25 15:56 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-03-21 23:47 - 2013-11-27 18:12 - 00000000 ____D () C:\AeriaGames
2014-03-21 23:41 - 2014-03-21 23:41 - 00000062 _____ () C:\Windows\wininit.ini
2014-03-21 23:41 - 2013-09-07 12:43 - 00000000 ____D () C:\Program Files (x86)\gravitysensation.com
2014-03-21 23:40 - 2014-03-21 23:40 - 00017204 _____ () C:\Windows\AVMInstall.Log
2014-03-21 23:40 - 2013-08-05 20:42 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3
2014-03-21 23:40 - 2013-08-05 20:42 - 00000000 ____D () C:\Users\Tobi\AppData\Local\BeamNG
2014-03-21 23:39 - 2013-10-23 19:10 - 00000000 ____D () C:\Users\Tobi\Documents\16 Bit Arena
2014-03-19 23:28 - 2014-03-19 23:06 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\KeePass
2014-03-19 23:09 - 2014-03-19 23:08 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-03-18 18:45 - 2013-08-25 13:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 18:43 - 2013-08-02 21:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 20:00 - 2014-03-17 20:00 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\MPC-HC
2014-03-17 19:59 - 2014-03-17 19:56 - 00518616 _____ () C:\Users\Tobi\Desktop\waaaaaaaaaaaaaaaaaas.wmv.wav
2014-03-17 19:59 - 2013-08-09 12:21 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Audacity
2014-03-17 19:58 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc
2014-03-16 12:45 - 2014-03-16 12:45 - 00000000 ____D () C:\Users\Tobi\Documents\CyberLink
2014-03-16 12:45 - 2014-03-08 15:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\CyberLink
2014-03-16 12:45 - 2014-03-08 12:53 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-15 18:53 - 2014-02-16 18:07 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\GameTracker
2014-03-15 12:12 - 2014-03-15 12:12 - 00278863 _____ () C:\Users\Tobi\Documents\Unbenannt (5).wma
2014-03-15 12:11 - 2014-03-15 12:11 - 00332743 _____ () C:\Users\Tobi\Documents\Unbenannt (4).wma
2014-03-14 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-13 22:44 - 2014-03-13 22:44 - 00153143 _____ () C:\Users\Tobi\Documents\Unbenannt (3).wma
2014-03-13 22:39 - 2014-03-13 22:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
2014-03-13 22:39 - 2014-03-13 22:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Creative
2014-03-13 18:36 - 2014-03-13 18:36 - 00000000 ____D () C:\ProgramData\Creative Labs
2014-03-13 18:25 - 2014-03-13 18:25 - 00085793 _____ () C:\Users\Tobi\Documents\Unbenannt (2).wma
2014-03-13 18:18 - 2013-09-04 14:59 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-03-13 18:18 - 2013-09-04 14:59 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-03-13 18:18 - 2013-09-04 14:59 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-03-13 18:18 - 2013-09-04 14:59 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-03-13 18:06 - 2013-11-24 12:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 18:06 - 2013-11-24 12:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 18:06 - 2013-11-24 12:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 21:59 - 2014-03-10 21:59 - 00000000 ____D () C:\Users\Public\CyberLink
2014-03-10 20:23 - 2013-10-07 20:44 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Spotify
2014-03-10 19:28 - 2013-10-07 20:45 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Spotify
2014-03-09 12:05 - 2013-10-30 23:05 - 00000000 ____D () C:\Windows\pss
2014-03-09 12:04 - 2014-03-08 15:17 - 00000343 _____ () C:\Windows\lgfwup.ini
2014-03-09 12:04 - 2014-03-08 15:16 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-03-08 22:09 - 2014-03-08 22:09 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Power2Go
2014-03-08 20:13 - 2013-08-06 21:35 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\BitTorrent
2014-03-08 19:11 - 2014-03-08 19:11 - 00002147 _____ () C:\Users\Tobi\Desktop\Renegade X.lnk
2014-03-08 19:11 - 2014-03-08 19:11 - 00001057 _____ () C:\Users\Tobi\Desktop\Renegade X Launcher.lnk
2014-03-08 19:10 - 2014-03-08 19:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renegade X
2014-03-08 19:10 - 2014-03-08 19:10 - 00000000 ____D () C:\Program Files (x86)\Renegade X
2014-03-08 18:55 - 2014-03-08 18:09 - 1768010393 ____R () C:\Users\Tobi\Downloads\RenegadeX-OpenBeta-01.exe
2014-03-08 15:29 - 2014-03-08 15:29 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\HandBrake
2014-03-08 15:17 - 2014-03-08 15:17 - 00001404 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2014-03-08 15:17 - 2014-03-08 15:09 - 00000000 ____D () C:\ProgramData\install_clap
2014-03-08 15:17 - 2014-03-08 12:55 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-08 15:14 - 2014-03-08 15:14 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Packages
2014-03-08 15:13 - 2014-03-08 15:13 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-08 15:13 - 2014-03-08 15:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-08 15:13 - 2014-03-08 15:13 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-03-08 15:11 - 2014-03-08 15:10 - 00000000 ____D () C:\Users\Tobi\AppData\Local\CyberLink
2014-03-08 15:08 - 2014-03-08 12:55 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-03-08 12:55 - 2014-03-08 12:55 - 00000000 ____D () C:\ProgramData\CLSK
2014-03-07 13:20 - 2014-03-07 13:20 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-07 13:20 - 2014-03-07 13:20 - 00000000 ____D () C:\Program Files\Handbrake
2014-03-05 11:46 - 2013-08-06 12:31 - 00000000 ____D () C:\Users\Tobi\Documents\My Games
2014-03-05 10:26 - 2014-03-29 12:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-29 12:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-29 12:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 23:07 - 2014-03-04 23:07 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-03-04 23:07 - 2013-12-21 19:03 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\DVDVideoSoft
2014-03-03 22:51 - 2014-02-14 15:21 - 00018920 _____ () C:\Windows\DirectX.log
2014-03-03 12:19 - 2014-03-03 12:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 12:19 - 2014-03-03 12:18 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 12:19 - 2014-03-03 12:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 12:18 - 2014-03-03 12:18 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 08:05 - 2014-03-18 18:42 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-18 18:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-18 18:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-18 18:42 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-18 18:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-18 18:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-18 18:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-18 18:42 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-18 18:42 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-18 18:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-18 18:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-18 18:42 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-18 18:42 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-18 18:42 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-18 18:42 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-18 18:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-18 18:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-18 18:42 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-18 18:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-18 18:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-18 18:42 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-18 18:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-18 18:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-18 18:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-18 18:42 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-18 18:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-18 18:42 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-18 18:42 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-18 18:42 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-18 18:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-18 18:42 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-18 18:42 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-18 18:42 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-18 18:42 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-18 18:42 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-18 18:42 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-18 18:42 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-18 18:42 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-18 18:42 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-18 18:42 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\Users\Tobi\AppData\Roaming\Camdata.ini
C:\Users\Tobi\AppData\Roaming\CamLayout.ini
C:\Users\Tobi\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\avgnt.exe
C:\Users\Tobi\AppData\Local\Temp\CTPBSeq.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 18:36

==================== End Of Log ============================
         
--- --- ---

--- --- ---



addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Tobi at 2014-03-30 11:32:39
Running from C:\Users\Tobi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Antichamber (HKLM-x32\...\Antichamber) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\{4209F371-2541-6C11-55DB-6103A83FCB9B}_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Antivirus Premium (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.0.30637 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.16.910 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{FB93553A-CBA7-44FE-BD70-A996C859DD06}) (Version: 0.7.16.910 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.6 - Activision) Hidden
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.6410 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.0.2812 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink MediaShow 6 (x32 Version: 6.0.5019 - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (x32 Version: 7.0.0.3328 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5507.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.5225 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Rising 2 (x32 Version: 1.0.0002.130 - Capcom) Hidden
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.7 - Dropbox, Inc.)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version:  - )
Dxtory version 2.0.123 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.123 - ExKode Co. Ltd.)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.34.225 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.34.225 - DVDVideoSoft Ltd.)
FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.431.0 - InsaneMatt)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
Guacamelee (Remove Only) (HKLM-x32\...\Guacamelee) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
ICQ 8.2 (build 6870) (HKCU\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JC2-MP version 0.0.16 (Build 546) (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.16 (Build 546) - )
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
Kingsoft Writer  (8.1.0.2948) (HKLM-x32\...\Kingsoft Writer) (Version: 8.1.0.2948 - Kingsoft Corp.)
K-Lite Codec Pack 10.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 24.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.4 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.4 - Multi Theft Auto)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
POSTAL 2 Complete (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
RapidShare Manager 2 (HKLM-x32\...\6103-4188-8184-5707) (Version: 2 - RapidShare AG)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Renegade X (HKLM-x32\...\UDK-4fc3a6b6-3d0e-4dce-b127-8e60191e2b1e) (Version: Open Beta 1 - Totem Arts)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Shutdown4U (HKLM-x32\...\Shutdown4U) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sound Blaster Omni Extras (HKLM-x32\...\{C9120656-8F23-409A-8B4D-278FEAA33856}) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.23358 Beta - TeamViewer)
Tom Clancy's H.A.W.X. 2 (HKLM-x32\...\{76A232AF-B7D6-41A4-B795-6B355E6D32B1}) (Version: 1.0.1 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Viscera Cleanup Detail: Santa's Rampage (HKLM-x32\...\Steam App 265210) (Version:  - RuneStorm)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Wise Care 365 Version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.9.3 - WiseCleaner.com, Inc.)
World of Diving version 0.1 (HKLM-x32\...\{565DD917-140A-4314-A17F-521FCE07FF02}}_is1) (Version: 0.1 - Vertigo Games B.V.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

25-03-2014 16:51:01 Windows Update
29-03-2014 10:21:36 Entfernt Dolby Digital Live Pack
29-03-2014 10:23:35 Removed GameSpy Comrade.
29-03-2014 10:23:49 Removed GameSpy Comrade.
29-03-2014 10:25:44 Removed Overwolf
29-03-2014 10:28:14 Removed Microsoft Games for Windows - LIVE Redistributable

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {202E6CCC-F011-4229-9D43-B3CC583DE0CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {2A8908E5-E876-4BC0-9718-54FAD490B821} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {372BAD00-ABAD-4AEF-A26C-3BA0EBDE4F12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {4B8B722D-538D-49BB-804C-DCB758BC3D9F} - System32\Tasks\AnVir Task Manager => C:\Program Files (x86)\AnVir Task Manager\anvir.exe
Task: {9B48888D-F137-4E27-972A-CF8CD3F3B712} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30] (Google Inc.)
Task: {A6623BAB-2F8D-4956-965B-DAEFA8EF9311} - System32\Tasks\WpsUpdateTask_Tobi => C:\Program Files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe [2011-08-24] (Kingsoft Corp. Ltd.)
Task: {B0DEBCBD-D649-4C59-BE0E-ABFA940BF8EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {C947EA7F-00D2-4DF0-B3F2-1951309D7E87} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-12-09] (WiseCleaner.COM)
Task: {DAC77882-5719-4266-809F-0F09F215F6A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {E0D9214B-9D40-4BC2-B56F-4478AF96FCFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30] (Google Inc.)
Task: {ECA45280-0F50-4977-9A8B-4972D060E017} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Tobi.job => C:\Program Files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-13 05:40 - 2009-11-13 05:40 - 00027648 _____ () C:\Windows\System32\ssy2cl6.dll
2013-12-28 11:49 - 2011-08-22 13:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
2013-12-21 20:03 - 2013-12-21 20:03 - 00118784 _____ () C:\Windows\system32\shfoldes.exe
2013-10-05 15:00 - 2014-01-20 22:06 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-30 13:20 - 2013-07-30 13:18 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-29 12:32 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-29 12:32 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-29 12:32 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-29 12:32 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-29 12:32 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-15 12:44 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-26 20:11 - 2014-03-29 12:14 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2014-03-15 12:44 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 12:44 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 12:44 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 12:44 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 12:44 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 12:44 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: WiseBootAssistant => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk => C:\Windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Tobi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tobi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: BackgroundContainer => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tobi\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BitTorrent => "C:\Users\Tobi\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ConduitFloatingPlugin_cfigonhgidedenkkhlilmefgodjpefna => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tobi\AppData\Local\Temp\CT3317892\plugins\TBVerifier.dll",RunConduitFloatingPlugin cfigonhgidedenkkhlilmefgodjpefna
MSCONFIG\startupreg: Dxtory Update Checker 2.0 => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Tobi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Grid => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LGODDFU => C:\Program Files (x86)\lg_fwupdate\lgfw.exe blrun
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TgbVpn => "C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2014 11:26:19 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/30/2014 11:26:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 11:14:15 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/30/2014 11:14:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 11:03:40 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/29/2014 11:03:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 06:16:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: KSP.exe, Version: 4.2.2.12621, Zeitstempel: 0x524d9d94
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x155c
Startzeit der fehlerhaften Anwendung: 0xKSP.exe0
Pfad der fehlerhaften Anwendung: KSP.exe1
Pfad des fehlerhaften Moduls: KSP.exe2
Berichtskennung: KSP.exe3

Error: (03/29/2014 05:40:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: KSP.exe, Version: 4.2.2.12621, Zeitstempel: 0x524d9d94
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x2b4
Startzeit der fehlerhaften Anwendung: 0xKSP.exe0
Pfad der fehlerhaften Anwendung: KSP.exe1
Pfad des fehlerhaften Moduls: KSP.exe2
Berichtskennung: KSP.exe3

Error: (03/29/2014 05:03:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: KSP.exe, Version: 4.2.2.12621, Zeitstempel: 0x524d9d94
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x700
Startzeit der fehlerhaften Anwendung: 0xKSP.exe0
Pfad der fehlerhaften Anwendung: KSP.exe1
Pfad des fehlerhaften Moduls: KSP.exe2
Berichtskennung: KSP.exe3

Error: (03/29/2014 05:00:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ksp.exe, Version: 4.2.2.12621, Zeitstempel: 0x524d9d94
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0xfe8
Startzeit der fehlerhaften Anwendung: 0xksp.exe0
Pfad der fehlerhaften Anwendung: ksp.exe1
Pfad des fehlerhaften Moduls: ksp.exe2
Berichtskennung: ksp.exe3


System errors:
=============
Error: (03/30/2014 11:26:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/30/2014 11:26:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/30/2014 11:14:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/30/2014 11:14:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/29/2014 11:03:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/29/2014 11:03:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/29/2014 08:54:26 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/29/2014 00:15:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/29/2014 00:15:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/29/2014 00:05:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064


Microsoft Office Sessions:
=========================
Error: (03/30/2014 11:26:19 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/30/2014 11:26:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 11:14:15 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/30/2014 11:14:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 11:03:40 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/29/2014 11:03:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 06:16:23 PM) (Source: Application Error)(User: )
Description: KSP.exe4.2.2.12621524d9d94ntdll.dll6.1.7601.18247521ea8e7c000041d000222d2155c01cf4b65266706dfC:\Users\Tobi\Desktop\ksp-win-0-23-0\KSP_win\KSP.exeC:\Windows\SysWOW64\ntdll.dll78385b0c-b75d-11e3-9d3d-8c89a599acf4

Error: (03/29/2014 05:40:01 PM) (Source: Application Error)(User: )
Description: KSP.exe4.2.2.12621524d9d94ntdll.dll6.1.7601.18247521ea8e7c000041d000222d22b401cf4b6014affaf5C:\Users\Tobi\Desktop\ksp-win-0-23-0\KSP_win\KSP.exeC:\Windows\SysWOW64\ntdll.dll63a59bbc-b758-11e3-9d3d-8c89a599acf4

Error: (03/29/2014 05:03:29 PM) (Source: Application Error)(User: )
Description: KSP.exe4.2.2.12621524d9d94ntdll.dll6.1.7601.18247521ea8e7c000041d000222d270001cf4b5fb856cbecC:\Users\Tobi\Desktop\ksp-win-0-23-0\KSP_win\KSP.exeC:\Windows\SysWOW64\ntdll.dll491ce513-b753-11e3-9d3d-8c89a599acf4

Error: (03/29/2014 05:00:29 PM) (Source: Application Error)(User: )
Description: ksp.exe4.2.2.12621524d9d94ntdll.dll6.1.7601.18247521ea8e7c000041d000222d2fe801cf4b5d9857c3e8C:\Users\Tobi\Desktop\ksp-win-0-23-0\ksp_win\ksp.exeC:\Windows\SysWOW64\ntdll.dlldde0271a-b752-11e3-9d3d-8c89a599acf4


CodeIntegrity Errors:
===================================
  Date: 2013-12-23 21:51:00.829
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Tobi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-23 21:51:00.797
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Tobi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-23 21:51:00.496
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-23 21:51:00.466
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 8173.64 MB
Available physical RAM: 5877.15 MB
Total Pagefile: 16345.46 MB
Available Pagefile: 13474.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:680.62 GB) NTFS
Drive d: (MassEffect2) (CDROM) (Total:7.31 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 407A0749)
         
Vielen Dank für eure Hilfe!


Alt 30.03.2014, 17:19   #6
Bootsektor
/// TB-Ausbilder
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Zitat:
Vielen Dank für eure Hilfe!
Bitte schön, aber noch sind wir nicht ganz fertig

Zitat:
Den Proxy habe ich nicht selber gesetzt, soweit ich weiß. Ich habe mal versucht, mit einer ausländischen IP an bestimmte Videos auf YouTube ranzukommen, funktioniert hat das allerdings nicht. Und soweit ich das erkenne, ist das ja keine ausländische.
Dann nehmen wir den noch weg.

Speichere die Liste bitte wie in meinem vorherigen Post geschrieben im Unicode-Format ab, sonst bekommen wir den Service nicht gelöscht.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyServer: http=87.263.210:45
S2 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數Ā" [X]
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Windows Vista und höher: mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language German aus.
  • Klicke auf Armaturenbrett und auf Jetzt aktualisieren, um die Datenbank zu updaten.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 3
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
--> Download Protect 2.20 in Chrome lässt sich nicht entfernen!

Alt 03.04.2014, 23:00   #7
Bootsektor
/// TB-Ausbilder
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Hallo,

ich habe schon länger keine Antwort mehr von Dir erhalten. Benötigst Du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von Dir höre, gehe ich davon aus, dass sich das Thema erledigt hat.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Alt 04.04.2014, 18:13   #8
ToflixGamer
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Tobi at 2014-04-04 17:33:26 Run:2
Running from C:\Users\Tobi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyServer: http=87.263.210:45
S2 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數Ā" [X]
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
楗敳潂瑯獁楳瑳湡t => Service deleted successfully.

==== End of Fixlog ====
         
MBAM-Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.04.2014
Suchlauf-Zeit: 17:47:19
Logdatei: mbam-log.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.04.04.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Tobi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 251763
Verstrichene Zeit: 9 Min, 59 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\ResultsAlpha, , [58fca5817a01c96d31d450438f74b749], 
PUP.Optional.ResultsAlpha.A, HKU\S-1-5-21-2697897950-2400982680-2412562655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\ResultsAlpha, , [54009195e695c373aa5c484b9172728e], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Hab die beiden gleich in Quarantäne verschoben.

ESET-Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cb26109d6c422e4f8fb5fbab36bfbc05
# engine=17757
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 05:09:58
# local_time=2014-04-04 07:09:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 6197 148261248 0 0
# scanned=268605
# found=0
# cleaned=0
# scan_time=3716
         
FRST-LOG:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tobi (administrator) on TOBI-PC on 04-04-2014 19:12:42
Running from C:\Users\Tobi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
() C:\Windows\system32\shfoldes.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\MountPoints2: {32b3b54b-f90f-11e2-b9a4-806e6f6e6963} - D:\pushinst.exe
HKU\S-1-5-21-2697897950-2400982680-2412562655-1000\...\MountPoints2: {531c2fab-a6ad-11e3-9f15-806e6f6e6963} - D:\autorun.exe -auto
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64 - Verknüpfung.lnk
ShortcutTarget: RAVCpl64 - Verknüpfung.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\rr75nzpd.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Tobi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\rr75nzpd.default\Extensions\staged [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{D55933A3-981A-477B-8EDB-D54CA363AD30}] - C:\Windows\Installer\{26EE2A3B-8FF0-45FB-9D54-FBF1ACAB9D05}\{D55933A3-981A-477B-8EDB-D54CA363AD30}.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.de?hl=de&gl=de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-03-29]
CHR Extension: (Angry Birds) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-30]
CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-30]
CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-30]
CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-27]
CHR Extension: (YouRepeat) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2014-01-06]
CHR Extension: (SteamGifts Plus Alternative) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjlighkgeendkpncecpcidcegejbmedb [2013-11-07]
CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-30]
CHR Extension: (RSS Feed Reader) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-03-20]
CHR HKCU\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Tobi\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\Tobi\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-04] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-07-17] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.)
S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
R2 ntprintd; C:\Windows\system32\shfoldes.exe [118784 2013-12-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-01-20] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S4 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-07-17] (BlueStack Systems)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [2056192 2013-09-04] (Creative Technology Ltd.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [38584 2013-01-21] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [139960 2013-01-21] (TheGreenBow)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 19:12 - 2014-04-04 19:12 - 00016096 _____ () C:\Users\Tobi\Desktop\FRST.txt
2014-04-04 18:01 - 2014-04-04 18:01 - 02347384 _____ (ESET) C:\Users\Tobi\Desktop\esetsmartinstaller_enu.exe
2014-04-02 17:44 - 2014-04-02 17:44 - 00000000 ____D () C:\Users\Tobi\Desktop\ksp-win-0-23-5
2014-04-01 18:15 - 2014-04-01 18:15 - 00161591 _____ () C:\Users\Tobi\Desktop\Trägerrakete.craft
2014-03-30 15:33 - 2014-03-30 15:34 - 00000000 ____D () C:\Program Files (x86)\Quantum Rush
2014-03-30 15:33 - 2014-03-30 15:33 - 00001039 _____ () C:\Users\Public\Desktop\Quantum Rush.lnk
2014-03-30 11:32 - 2014-03-30 11:33 - 00045075 _____ () C:\Users\Tobi\Desktop\Addition.txt
2014-03-29 17:00 - 2014-03-29 17:00 - 04250146 _____ () C:\Users\Tobi\Desktop\uploads-2013-12-MechJeb2-2.1.1.01.zip
2014-03-29 14:08 - 2014-04-04 19:12 - 00000000 ____D () C:\FRST
2014-03-29 14:07 - 2014-03-29 14:07 - 02157056 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2014-03-29 12:45 - 2014-04-04 17:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 12:44 - 2014-03-29 12:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 12:44 - 2014-03-29 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 12:44 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-29 12:44 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-29 12:44 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 12:38 - 2014-03-29 12:38 - 00000000 ____D () C:\Users\Tobi\Documents\ProcAlyzer Dumps
2014-03-29 12:32 - 2014-03-29 12:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-29 12:32 - 2014-03-29 12:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-29 12:32 - 2014-03-29 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-29 12:32 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-29 12:31 - 2014-03-29 12:31 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Tobi\Downloads\spybot-2.2.exe
2014-03-29 12:30 - 2014-03-29 12:30 - 00710848 _____ ( ) C:\Users\Tobi\Desktop\COMPUTER_BILD-Download-Manager_fuer_spybot-2.2.exe
2014-03-29 12:14 - 2014-03-29 12:28 - 00000000 ____D () C:\AdwCleaner
2014-03-27 18:17 - 2014-03-27 18:17 - 00000000 ____D () C:\Program Files (x86)\World of Diving
2014-03-26 20:11 - 2014-03-30 11:26 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-23 18:45 - 2014-03-23 18:45 - 00002126 _____ () C:\Users\Tobi\Documents\Mass Effect 2 1.02.log
2014-03-23 13:08 - 2014-03-23 13:08 - 00000000 ____D () C:\Users\Tobi\Documents\BioWare
2014-03-23 13:08 - 2014-03-23 13:08 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Ubisoft
2014-03-23 12:31 - 2014-03-23 12:31 - 00000802 _____ () C:\Users\Public\Desktop\Mass Effect 2.lnk
2014-03-23 12:31 - 2014-03-23 12:31 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2014-03-23 12:11 - 2014-03-23 12:31 - 00017384 _____ () C:\Users\Tobi\Documents\Install Mass Effect 2.log
2014-03-21 23:41 - 2014-03-21 23:41 - 00000062 _____ () C:\Windows\wininit.ini
2014-03-21 23:40 - 2014-03-21 23:40 - 00017204 _____ () C:\Windows\AVMInstall.Log
2014-03-21 23:40 - 2010-10-01 01:00 - 00480632 ____N (AVM Berlin) C:\Windows\instwcli.dex
2014-03-20 22:50 - 2014-03-29 12:27 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-19 23:08 - 2014-03-19 23:09 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-03-19 23:06 - 2014-03-19 23:28 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\KeePass
2014-03-18 18:42 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 18:42 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 18:42 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 18:42 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 18:42 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 18:42 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 18:42 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 18:42 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 18:42 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 18:42 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 18:42 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 18:42 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 18:42 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-18 18:42 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 18:42 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 18:42 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-18 18:42 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 18:42 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 18:42 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 18:42 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 18:42 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 18:42 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 18:42 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 18:42 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 18:42 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 18:42 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 18:42 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 18:42 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 18:42 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 18:42 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 18:42 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 18:42 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 18:42 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 18:42 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 18:42 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 18:42 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 18:42 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 18:42 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 18:42 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 18:42 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 18:41 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 18:41 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 18:41 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 18:41 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 18:41 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-18 18:41 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 18:41 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 18:41 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-17 20:00 - 2014-03-17 20:00 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\MPC-HC
2014-03-17 19:56 - 2014-03-17 19:59 - 00518616 _____ () C:\Users\Tobi\Desktop\waaaaaaaaaaaaaaaaaas.wmv.wav
2014-03-16 12:45 - 2014-03-16 12:45 - 00000000 ____D () C:\Users\Tobi\Documents\CyberLink
2014-03-15 12:12 - 2014-03-15 12:12 - 00278863 _____ () C:\Users\Tobi\Documents\Unbenannt (5).wma
2014-03-15 12:11 - 2014-03-15 12:11 - 00332743 _____ () C:\Users\Tobi\Documents\Unbenannt (4).wma
2014-03-13 22:44 - 2014-03-13 22:44 - 00153143 _____ () C:\Users\Tobi\Documents\Unbenannt (3).wma
2014-03-13 22:39 - 2014-03-13 22:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
2014-03-13 22:39 - 2014-03-13 22:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Creative
2014-03-13 18:36 - 2014-03-21 23:49 - 00000000 ____D () C:\ProgramData\Creative
2014-03-13 18:36 - 2014-03-13 18:36 - 00000000 ____D () C:\ProgramData\Creative Labs
2014-03-13 18:25 - 2014-03-13 18:25 - 00085793 _____ () C:\Users\Tobi\Documents\Unbenannt (2).wma
2014-03-13 18:18 - 2013-04-03 15:01 - 00006601 ____N () C:\Windows\system32\CTOPT399.cat
2014-03-13 18:18 - 2013-04-03 10:54 - 00088576 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT399.dll
2014-03-13 18:18 - 2009-12-24 04:49 - 00809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp6671.tmp
2014-03-13 18:18 - 2008-12-22 21:13 - 00049664 ____N (Creative Technology Ltd) C:\Windows\system32\CTChkAud.dll
2014-03-13 18:18 - 2006-10-06 08:17 - 00053248 ____N (Creative Technology Ltd ) C:\Windows\Ctregrun.exe
2014-03-13 18:18 - 2003-06-13 00:25 - 00007062 _____ () C:\Windows\SysWOW64\audiopid.vxd
2014-03-13 18:08 - 2013-09-04 08:07 - 02056192 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\ksaud.sys
2014-03-13 18:08 - 2013-08-30 08:44 - 02535936 _____ (Creative Technology Ltd.) C:\Windows\system32\KsMalc64.DLL
2014-03-13 18:08 - 2013-08-30 08:44 - 02127872 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KsMalc32.dll
2014-03-13 18:08 - 2013-08-29 05:13 - 00115712 _____ (Creative Technology Ltd.) C:\Windows\system32\SBAVMon.dll
2014-03-13 18:08 - 2013-08-15 11:56 - 01140736 _____ (Creative Technology Ltd.) C:\Windows\system32\KSAPO64.dll
2014-03-13 18:08 - 2013-08-15 11:56 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\KSPPLD64.dll
2014-03-13 18:08 - 2013-08-15 11:55 - 00944640 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KSAPO32.dll
2014-03-13 18:08 - 2013-07-29 12:57 - 00305729 _____ () C:\Windows\system32\DeviceDefaultVista.reg
2014-03-13 18:08 - 2013-07-10 06:12 - 00417792 _____ (Creative Technology Ltd.) C:\Windows\system32\KSVSPI64.dll
2014-03-13 18:08 - 2013-07-10 06:11 - 00305664 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\KSVSPI32.dll
2014-03-13 18:08 - 2013-07-01 03:55 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\SBAVMonL.dll
2014-03-13 18:08 - 2013-07-01 03:35 - 00001772 _____ () C:\ProgramData\cfSB1095A.ini
2014-03-13 18:08 - 2013-07-01 03:35 - 00000806 _____ () C:\ProgramData\cfSB1300A.ini
2014-03-13 18:08 - 2013-06-11 11:37 - 00001980 _____ () C:\ProgramData\cfSB1560.ini
2014-03-13 18:08 - 2013-05-23 10:27 - 00001697 _____ () C:\ProgramData\CfGH0250.ini
2014-03-13 18:08 - 2013-05-23 10:27 - 00001696 _____ () C:\ProgramData\CfGH0280.ini
2014-03-13 18:08 - 2013-03-08 10:15 - 00003077 _____ () C:\ProgramData\cfSB1290A.ini
2014-03-13 18:08 - 2013-03-08 10:15 - 00002844 _____ () C:\ProgramData\cfSB1240A.ini
2014-03-13 18:08 - 2012-12-07 12:01 - 00000715 _____ () C:\ProgramData\CfSB1532.ini
2014-03-13 18:08 - 2012-12-07 12:01 - 00000715 _____ () C:\ProgramData\CfSB1530.ini
2014-03-13 18:08 - 2012-03-12 11:53 - 00003416 _____ () C:\Windows\system32\SBX.bmp
2014-03-13 18:08 - 2012-02-09 09:11 - 00000715 _____ () C:\ProgramData\CfSB1390.ini
2014-03-13 18:08 - 2012-02-09 09:11 - 00000715 _____ () C:\ProgramData\CfSB1380.ini
2014-03-13 18:08 - 2011-09-26 10:33 - 00000715 _____ () C:\ProgramData\CfSB1360.ini
2014-03-13 18:08 - 2011-06-29 12:36 - 00235520 _____ (Creative Technology Limited) C:\Windows\system32\KsDvInst.dll
2014-03-13 18:08 - 2011-06-03 04:28 - 00487424 _____ (Creative Technology Ltd.) C:\Windows\system32\JDetect.exe
2014-03-13 18:08 - 2010-11-26 05:07 - 00000806 _____ () C:\ProgramData\cfSB1300.ini
2014-03-13 18:08 - 2010-07-08 03:42 - 00053760 _____ (Creative Technology Ltd.) C:\Windows\system32\KSPPCn64.dll
2014-03-13 18:08 - 2010-07-08 03:41 - 00074240 _____ (Creative Technology Ltd.) C:\Windows\system32\KSWrap64.dll
2014-03-13 18:08 - 2010-06-29 09:04 - 00001772 _____ () C:\ProgramData\cfSB1095.ini
2014-03-13 18:08 - 2010-06-23 08:54 - 00003077 _____ () C:\ProgramData\cfSB1290.ini
2014-03-13 18:08 - 2010-05-06 05:16 - 00067584 _____ (Creative Technology Ltd.) C:\Windows\system32\KSDGFX64.dll
2014-03-13 18:08 - 2009-11-17 09:54 - 00002844 _____ () C:\ProgramData\cfSB1240.ini
2014-03-13 18:08 - 2009-03-20 12:07 - 00000939 _____ () C:\ProgramData\CfSB1170.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001352 _____ () C:\ProgramData\cfSB1090.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001352 _____ () C:\ProgramData\cfSB0910.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001346 _____ () C:\ProgramData\cfSB1100.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001302 _____ () C:\ProgramData\cfSB0300.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001282 _____ () C:\ProgramData\cfSB0471.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001208 _____ () C:\ProgramData\cfSB0490.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001027 _____ () C:\ProgramData\cfSB0560.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001026 _____ () C:\ProgramData\cfSB0271.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00001026 _____ () C:\ProgramData\cfSB0270.ini
2014-03-13 18:08 - 2009-02-24 08:27 - 00000590 _____ () C:\ProgramData\cfSB0950.ini
2014-03-13 18:07 - 2014-03-21 23:49 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-10 21:59 - 2014-03-10 21:59 - 00000000 ____D () C:\Users\Public\CyberLink
2014-03-08 22:09 - 2014-03-08 22:09 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Power2Go
2014-03-08 19:11 - 2014-03-08 19:11 - 00002147 _____ () C:\Users\Tobi\Desktop\Renegade X.lnk
2014-03-08 19:11 - 2014-03-08 19:11 - 00001057 _____ () C:\Users\Tobi\Desktop\Renegade X Launcher.lnk
2014-03-08 19:10 - 2014-03-08 19:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renegade X
2014-03-08 19:10 - 2014-03-08 19:10 - 00000000 ____D () C:\Program Files (x86)\Renegade X
2014-03-08 18:09 - 2014-03-08 18:55 - 1768010393 ____R () C:\Users\Tobi\Downloads\RenegadeX-OpenBeta-01.exe
2014-03-08 15:29 - 2014-03-08 15:29 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\HandBrake
2014-03-08 15:17 - 2014-03-09 12:04 - 00000343 _____ () C:\Windows\lgfwup.ini
2014-03-08 15:17 - 2014-03-08 15:17 - 00001404 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2014-03-08 15:16 - 2014-03-09 12:04 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-03-08 15:16 - 2012-07-11 14:18 - 00023664 _____ (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2014-03-08 15:16 - 2001-08-29 22:00 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2014-03-08 15:16 - 1998-07-22 01:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2014-03-08 15:16 - 1998-07-22 01:00 - 00102160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6KO.DLL
2014-03-08 15:16 - 1998-06-24 01:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-03-08 15:14 - 2014-03-08 15:14 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Packages
2014-03-08 15:13 - 2014-03-08 15:13 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-08 15:13 - 2014-03-08 15:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-08 15:13 - 2014-03-08 15:13 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-03-08 15:10 - 2014-03-16 12:45 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\CyberLink
2014-03-08 15:10 - 2014-03-08 15:11 - 00000000 ____D () C:\Users\Tobi\AppData\Local\CyberLink
2014-03-08 15:09 - 2014-03-08 15:17 - 00000000 ____D () C:\ProgramData\install_clap
2014-03-08 12:55 - 2014-03-08 15:17 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-08 12:55 - 2014-03-08 15:08 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-03-08 12:55 - 2014-03-08 12:55 - 00000000 ____D () C:\ProgramData\CLSK
2014-03-08 12:53 - 2014-03-16 12:45 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-07 13:20 - 2014-03-29 19:18 - 00000868 _____ () C:\Users\Tobi\Desktop\Handbrake.lnk
2014-03-07 13:20 - 2014-03-07 13:20 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-07 13:20 - 2014-03-07 13:20 - 00000000 ____D () C:\Program Files\Handbrake
2014-03-06 21:36 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-06 21:36 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

==================== One Month Modified Files and Folders =======

2014-04-04 19:12 - 2014-04-04 19:12 - 00016096 _____ () C:\Users\Tobi\Desktop\FRST.txt
2014-04-04 19:12 - 2014-03-29 14:08 - 00000000 ____D () C:\FRST
2014-04-04 19:12 - 2013-12-23 22:33 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\NetSpeedMonitor
2014-04-04 19:03 - 2013-09-15 17:24 - 00000372 _____ () C:\Windows\Tasks\WpsUpdateTask_Tobi.job
2014-04-04 18:46 - 2014-01-21 21:53 - 01611965 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 18:43 - 2013-07-30 13:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 18:35 - 2013-11-24 12:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 18:01 - 2014-04-04 18:01 - 02347384 _____ (ESET) C:\Users\Tobi\Desktop\esetsmartinstaller_enu.exe
2014-04-04 17:43 - 2014-02-11 23:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 17:37 - 2014-03-29 12:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 17:26 - 2013-07-30 14:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-04 17:04 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 17:04 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 17:02 - 2011-04-12 09:43 - 00710178 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 17:02 - 2011-04-12 09:43 - 00154508 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 17:02 - 2009-07-14 07:13 - 01650358 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 16:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 16:55 - 2014-01-21 21:49 - 00015197 _____ () C:\Windows\setupact.log
2014-04-02 17:44 - 2014-04-02 17:44 - 00000000 ____D () C:\Users\Tobi\Desktop\ksp-win-0-23-5
2014-04-02 17:38 - 2013-11-23 14:03 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\GameSave Manager 3
2014-04-01 19:01 - 2013-12-24 20:54 - 00000400 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-04-01 18:15 - 2014-04-01 18:15 - 00161591 _____ () C:\Users\Tobi\Desktop\Trägerrakete.craft
2014-03-31 20:59 - 2014-01-21 21:49 - 00022248 _____ () C:\Windows\PFRO.log
2014-03-30 15:34 - 2014-03-30 15:33 - 00000000 ____D () C:\Program Files (x86)\Quantum Rush
2014-03-30 15:33 - 2014-03-30 15:33 - 00001039 _____ () C:\Users\Public\Desktop\Quantum Rush.lnk
2014-03-30 11:33 - 2014-03-30 11:32 - 00045075 _____ () C:\Users\Tobi\Desktop\Addition.txt
2014-03-30 11:26 - 2014-03-26 20:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 11:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-29 23:03 - 2009-07-14 06:45 - 00299360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-29 19:18 - 2014-03-07 13:20 - 00000868 _____ () C:\Users\Tobi\Desktop\Handbrake.lnk
2014-03-29 17:00 - 2014-03-29 17:00 - 04250146 _____ () C:\Users\Tobi\Desktop\uploads-2013-12-MechJeb2-2.1.1.01.zip
2014-03-29 14:10 - 2013-07-30 13:12 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Deployment
2014-03-29 14:07 - 2014-03-29 14:07 - 02157056 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2014-03-29 12:45 - 2014-03-29 12:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 12:44 - 2014-03-29 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 12:38 - 2014-03-29 12:38 - 00000000 ____D () C:\Users\Tobi\Documents\ProcAlyzer Dumps
2014-03-29 12:38 - 2014-03-29 12:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-29 12:32 - 2014-03-29 12:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-29 12:32 - 2014-03-29 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-29 12:31 - 2014-03-29 12:31 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Tobi\Downloads\spybot-2.2.exe
2014-03-29 12:31 - 2014-01-21 20:09 - 00069008 _____ () C:\Users\Tobi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 12:30 - 2014-03-29 12:30 - 00710848 _____ ( ) C:\Users\Tobi\Desktop\COMPUTER_BILD-Download-Manager_fuer_spybot-2.2.exe
2014-03-29 12:28 - 2014-03-29 12:14 - 00000000 ____D () C:\AdwCleaner
2014-03-29 12:28 - 2013-10-14 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-29 12:27 - 2014-03-20 22:50 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-03-29 12:27 - 2013-09-11 21:50 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\uTorrent
2014-03-29 12:24 - 2014-01-20 22:08 - 00000000 ____D () C:\Users\Tobi\AppData\Local\GameSpy
2014-03-29 12:23 - 2013-10-29 17:11 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-03-29 12:23 - 2013-10-16 19:15 - 00000000 ____D () C:\Program Files (x86)\ubitus
2014-03-29 12:22 - 2013-10-17 17:55 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-03-27 20:05 - 2013-08-28 18:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-27 18:38 - 2014-02-11 23:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 18:38 - 2013-07-30 13:12 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 18:17 - 2014-03-27 18:17 - 00000000 ____D () C:\Program Files (x86)\World of Diving
2014-03-23 18:45 - 2014-03-23 18:45 - 00002126 _____ () C:\Users\Tobi\Documents\Mass Effect 2 1.02.log
2014-03-23 13:08 - 2014-03-23 13:08 - 00000000 ____D () C:\Users\Tobi\Documents\BioWare
2014-03-23 13:08 - 2014-03-23 13:08 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Ubisoft
2014-03-23 13:03 - 2013-11-23 14:04 - 00000000 ____D () C:\Program Files (x86)\GameSave Manager v3
2014-03-23 12:31 - 2014-03-23 12:31 - 00000802 _____ () C:\Users\Public\Desktop\Mass Effect 2.lnk
2014-03-23 12:31 - 2014-03-23 12:31 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2014-03-23 12:31 - 2014-03-23 12:11 - 00017384 _____ () C:\Users\Tobi\Documents\Install Mass Effect 2.log
2014-03-23 12:12 - 2013-09-15 16:58 - 00000000 ____D () C:\Games
2014-03-21 23:49 - 2014-03-13 18:36 - 00000000 ____D () C:\ProgramData\Creative
2014-03-21 23:49 - 2014-03-13 18:07 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-21 23:49 - 2013-10-03 21:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-21 23:47 - 2013-12-25 15:56 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-03-21 23:47 - 2013-11-27 18:12 - 00000000 ____D () C:\AeriaGames
2014-03-21 23:41 - 2014-03-21 23:41 - 00000062 _____ () C:\Windows\wininit.ini
2014-03-21 23:41 - 2013-09-07 12:43 - 00000000 ____D () C:\Program Files (x86)\gravitysensation.com
2014-03-21 23:40 - 2014-03-21 23:40 - 00017204 _____ () C:\Windows\AVMInstall.Log
2014-03-21 23:40 - 2013-08-05 20:42 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3
2014-03-21 23:40 - 2013-08-05 20:42 - 00000000 ____D () C:\Users\Tobi\AppData\Local\BeamNG
2014-03-21 23:39 - 2013-10-23 19:10 - 00000000 ____D () C:\Users\Tobi\Documents\16 Bit Arena
2014-03-19 23:28 - 2014-03-19 23:06 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\KeePass
2014-03-19 23:09 - 2014-03-19 23:08 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-03-18 18:45 - 2013-08-25 13:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 18:43 - 2013-08-02 21:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 20:00 - 2014-03-17 20:00 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\MPC-HC
2014-03-17 19:59 - 2014-03-17 19:56 - 00518616 _____ () C:\Users\Tobi\Desktop\waaaaaaaaaaaaaaaaaas.wmv.wav
2014-03-17 19:59 - 2013-08-09 12:21 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Audacity
2014-03-17 19:58 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc
2014-03-16 12:45 - 2014-03-16 12:45 - 00000000 ____D () C:\Users\Tobi\Documents\CyberLink
2014-03-16 12:45 - 2014-03-08 15:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\CyberLink
2014-03-16 12:45 - 2014-03-08 12:53 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-15 18:53 - 2014-02-16 18:07 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\GameTracker
2014-03-15 12:12 - 2014-03-15 12:12 - 00278863 _____ () C:\Users\Tobi\Documents\Unbenannt (5).wma
2014-03-15 12:11 - 2014-03-15 12:11 - 00332743 _____ () C:\Users\Tobi\Documents\Unbenannt (4).wma
2014-03-14 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-13 22:44 - 2014-03-13 22:44 - 00153143 _____ () C:\Users\Tobi\Documents\Unbenannt (3).wma
2014-03-13 22:39 - 2014-03-13 22:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
2014-03-13 22:39 - 2014-03-13 22:39 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Creative
2014-03-13 18:36 - 2014-03-13 18:36 - 00000000 ____D () C:\ProgramData\Creative Labs
2014-03-13 18:25 - 2014-03-13 18:25 - 00085793 _____ () C:\Users\Tobi\Documents\Unbenannt (2).wma
2014-03-13 18:18 - 2013-09-04 14:59 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-03-13 18:18 - 2013-09-04 14:59 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-03-13 18:18 - 2013-09-04 14:59 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-03-13 18:18 - 2013-09-04 14:59 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-03-13 18:06 - 2013-11-24 12:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 18:06 - 2013-11-24 12:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 18:06 - 2013-11-24 12:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 21:59 - 2014-03-10 21:59 - 00000000 ____D () C:\Users\Public\CyberLink
2014-03-10 20:23 - 2013-10-07 20:44 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Spotify
2014-03-10 19:28 - 2013-10-07 20:45 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Spotify
2014-03-09 12:05 - 2013-10-30 23:05 - 00000000 ____D () C:\Windows\pss
2014-03-09 12:04 - 2014-03-08 15:17 - 00000343 _____ () C:\Windows\lgfwup.ini
2014-03-09 12:04 - 2014-03-08 15:16 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-03-08 22:09 - 2014-03-08 22:09 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Power2Go
2014-03-08 20:13 - 2013-08-06 21:35 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\BitTorrent
2014-03-08 19:11 - 2014-03-08 19:11 - 00002147 _____ () C:\Users\Tobi\Desktop\Renegade X.lnk
2014-03-08 19:11 - 2014-03-08 19:11 - 00001057 _____ () C:\Users\Tobi\Desktop\Renegade X Launcher.lnk
2014-03-08 19:10 - 2014-03-08 19:10 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renegade X
2014-03-08 19:10 - 2014-03-08 19:10 - 00000000 ____D () C:\Program Files (x86)\Renegade X
2014-03-08 18:55 - 2014-03-08 18:09 - 1768010393 ____R () C:\Users\Tobi\Downloads\RenegadeX-OpenBeta-01.exe
2014-03-08 15:29 - 2014-03-08 15:29 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\HandBrake
2014-03-08 15:17 - 2014-03-08 15:17 - 00001404 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2014-03-08 15:17 - 2014-03-08 15:09 - 00000000 ____D () C:\ProgramData\install_clap
2014-03-08 15:17 - 2014-03-08 12:55 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-08 15:14 - 2014-03-08 15:14 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Packages
2014-03-08 15:13 - 2014-03-08 15:13 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-08 15:13 - 2014-03-08 15:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-08 15:13 - 2014-03-08 15:13 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-03-08 15:11 - 2014-03-08 15:10 - 00000000 ____D () C:\Users\Tobi\AppData\Local\CyberLink
2014-03-08 15:08 - 2014-03-08 12:55 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-03-08 12:55 - 2014-03-08 12:55 - 00000000 ____D () C:\ProgramData\CLSK
2014-03-07 13:20 - 2014-03-07 13:20 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-07 13:20 - 2014-03-07 13:20 - 00000000 ____D () C:\Program Files\Handbrake
2014-03-05 11:46 - 2013-08-06 12:31 - 00000000 ____D () C:\Users\Tobi\Documents\My Games
2014-03-05 10:26 - 2014-03-29 12:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-29 12:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-29 12:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\Tobi\AppData\Roaming\Camdata.ini
C:\Users\Tobi\AppData\Roaming\CamLayout.ini
C:\Users\Tobi\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\avgnt.exe
C:\Users\Tobi\AppData\Local\Temp\CTPBSeq.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 18:36

==================== End Of Log ============================
         
--- --- ---

Alt 04.04.2014, 22:03   #9
Bootsektor
/// TB-Ausbilder
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Hallo ToflixGamer,

danke .

Schritt 1
Lösche die Funde von Malwarebytes

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



>OK<

So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber.
Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir.

Schritt 1
Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren.
Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen.

Schritt 2
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.

Updates / Programme aktualisieren
Auf deinem Rechner laufen als Antispywarelösungen Avira, Windows Defender und Spybot Search and Destroy (welches nicht up to date ist). Du solltest dich für eines entscheiden und die anderen deaktivieren bzw. deinstallieren
  • Mozilla Firefox
    Lade dir bitte von hier den aktuellen Firefox herunter.
  • Adobe Reader
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Entferne den Haken bei McAfee Security Plus
  • Java
Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Desweiteren ist Java eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren.
Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren.

Windows XP
Gehe auf:
Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen
Windows Vista
Gehe auf:
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen
Windows 7
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen
Windows 8
Dazu drücke auf:
Windowstaste und X
dann:
Programme und Funktionen -->Javaversionen auswählen --> entfernen

Falls du Java doch unbedingt benötigst, dann
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 51 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
und sorge dafür, dass Java automatisch updated.
Dazu:
  • öffne Java
  • klicke auf den Reiter Update
  • klicke auf: Benachrichtung ausgeben: Vor dem Download setze den Haken bei Automatisch nach Updates suchen
  • klicke auf Erweitert
  • ändere das Intervall mindestens auf wöchentlich
und schalte das Browser-Plugin aus.
Hier findest du eine Anleitung dazu.

Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems.

Aktualität des Systems
Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.

Antivirensoftware
  • Gehe sicher immer eine Antiviren Software installiert zu haben und halte diese unbedingt aktuell.

Zusätzlicher Schutz
  • MalwareBytes Anti-Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On-Demand Scantool welches viele aktuelle Malware erkennt und auch entfernt.
    Aktualisiere das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf einen Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Systemleistung
Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu TFC
Halte dich fern von jeglichen Registry Cleanern.
Diese schaden deinem System mehr als dass sie es schneller machen.

Verhaltensregeln zum sichereren Surfen
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
  • Achte besonders bei der Installation von Programmen darauf, ob sich weitere Software mitinstallieren möchte, wähle wo immer es geht die benutzerdefinierte Installation und wähle alles ab, was nichts mit dem Programm zu tun hat, welches du dir installieren möchtest.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind.

Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun.

Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun.

Alt 06.04.2014, 10:37   #10
ToflixGamer
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Ok, hier mal die Fixlist.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Tobi at 2014-04-06 11:36:48 Run:3
Running from C:\Users\Tobi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====
         

Alt 06.04.2014, 13:35   #11
Bootsektor
/// TB-Ausbilder
 
Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Standard

Download Protect 2.20 in Chrome lässt sich nicht entfernen!



Hallo ToflixGamer,

sehr gut.

Antwort

Themen zu Download Protect 2.20 in Chrome lässt sich nicht entfernen!
add-on, ahnung, chrome, deinstallation, download, download protect, entferne, entfernen, extras, funktionier, funktioniert, heute, installationen, installier, installiert, löschen, mehrer, nichts, nutzung, programm, programme, protect, software, super, versuch, versucht, zusammen



Ähnliche Themen: Download Protect 2.20 in Chrome lässt sich nicht entfernen!


  1. Download Protect 2.2.8 als extension in Google Chrome - laesst sich nicht entfernen
    Log-Analyse und Auswertung - 27.08.2015 (11)
  2. Download Protect 2.2.11 lässt sich nicht entfernen
    Log-Analyse und Auswertung - 08.08.2015 (24)
  3. Download Protect 2.2.8 lässt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 10.07.2015 (19)
  4. Download Protect 2.2.8 lässt sich nicht entfernen.
    Alles rund um Windows - 05.07.2015 (3)
  5. Download Protect 2.2.5 (Add-on) lässt sich nicht dauerhaft aus Firefox entfernen
    Log-Analyse und Auswertung - 01.10.2014 (29)
  6. Firefox 31.0 add on Download Protect 2.2.5 lässt sich nicht entfernen - Malware
    Log-Analyse und Auswertung - 10.09.2014 (11)
  7. Chrome Erweiterung "Download Protect 2.2.5" lässt sich nicht entfernen
    Log-Analyse und Auswertung - 03.09.2014 (14)
  8. Download Protect 2.2.5 lässt sich aus Firefox nicht entfernen
    Log-Analyse und Auswertung - 13.08.2014 (12)
  9. Download protect 2.2.5 lässt sich als Erweiterung in Chrome nicht entfernen
    Log-Analyse und Auswertung - 06.08.2014 (15)
  10. download protect 2.2.1 / 2.2.4 unter windows 7 lässt sich nicht entfernen
    Log-Analyse und Auswertung - 31.07.2014 (23)
  11. Windows 8: Add-on "Download protect 2.2.1." lässt sich nicht entfernen
    Log-Analyse und Auswertung - 07.07.2014 (22)
  12. Download Protect 2.2.1 und 1.0 im Firefox lässt sich nicht entfernen und schmeisst andere Erweiterungen raus
    Plagegeister aller Art und deren Bekämpfung - 30.06.2014 (30)
  13. Download Protect 2.2.1 lässt sich nicht entfernen (Windows 7)
    Log-Analyse und Auswertung - 24.06.2014 (26)
  14. Download protect lässt sich aus Google Chrome nicht entfernen !
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (13)
  15. Download Protect 2.20 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2014 (11)
  16. Win7 FF Add on "download protect 2.2.0" lässt sich nicht entfernen
    Log-Analyse und Auswertung - 18.04.2014 (5)
  17. Add on: Download Protect lässt sich nicht entfernen. (Windows 7, Mozilla Firefox)
    Log-Analyse und Auswertung - 15.04.2014 (5)

Zum Thema Download Protect 2.20 in Chrome lässt sich nicht entfernen! - Hey alle zusammen! Mir ist heute aufgefallen, dass ich die Software "Download Protect" als Add-On in meinem Chrome-Browser installiert habe. Allerdings habe ich keine Ahnung, wo ich das bekommen hätten - Download Protect 2.20 in Chrome lässt sich nicht entfernen!...
Archiv
Du betrachtest: Download Protect 2.20 in Chrome lässt sich nicht entfernen! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.