Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bekämpfung von "1clickmoviedownloader v6" - Google Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.04.2014, 11:27   #1
miaskosi
 
Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Unglücklich

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome



Hallo,
wie bereits im Titel angedeutet wurde, kenne ich mich in diesem Bereich nicht aus, weswegen mir andere Threads nicht geholfen haben.
Ich benutze Google Chrome und seit längerer Zeit habe ich die im Titel erwähnte Erweiterung. Avast hat diese in den Viren Container eingefügt. Ich habe die Datei dann löschen lassen. Seit dem habe ich des öfteren Disconnects und die Erweiterung tritt immer wieder auf egal was ich mache.
Runtergeladen habe ich mir schon: FRST und adwcleaner. Dummerweise habe ich bei adwcleaner nach der Untersuchung auf "Löschen" geklickt (ich hoffe es war kein großer Fehler).
Ich bitte um Hilfe. x:
Beschreibung von "1clickmoviedownloader": - Verlinkungen in allen Texten, - Verlangsamung des Internets (weiteres ist mir nicht bekannt)

Alt 13.04.2014, 14:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Standard

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 15.04.2014, 12:20   #3
miaskosi
 
Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Standard

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by Darkshine (administrator) on XDARKSHINE on 15-04-2014 12:17:51
Running from C:\Users\Darkshine\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Darkshine\AppData\Roaming\Spotify\spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Darkshine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [336304 2012-11-16] (Razer USA Ltd)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [Spotify Web Helper] => C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [Spotify] => C:\Users\Darkshine\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\RunOnce: [Uninstall C:\Users\Darkshine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Darkshine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\MountPoints2: {8de249dd-ea0d-11e2-8bdb-902b34a84871} - F:\setup.exe
Startup: C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Darkshine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKLM - DefaultScope {454AAC25-885B-4A1C-977E-031F954EB28C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {454AAC25-885B-4A1C-977E-031F954EB28C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - {454AAC25-885B-4A1C-977E-031F954EB28C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Darkshine\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-11]
CHR Extension: (YouTube) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-11]
CHR Extension: (Google-Suche) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-11]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-04-04]
CHR Extension: (Speed Dial 2) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2012-12-20]
CHR Extension: (League of Legends Events) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnfkjennojjkajjmghdgkibohcnefdk [2013-02-16]
CHR Extension: (1ClickMovieDownloader V6) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\koaigfekcaicjopbdljgmcmcmbmeadop [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-01] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-11] (Razer, Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S2 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-11] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2012-10-25] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-11] (Razer, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 12:17 - 2014-04-15 12:18 - 00017307 _____ () C:\Users\Darkshine\Desktop\FRST.txt
2014-04-13 15:40 - 2014-04-15 12:06 - 00000336 _____ () C:\Windows\setupact.log
2014-04-13 15:40 - 2014-04-13 15:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-13 14:07 - 2014-04-15 12:17 - 00000000 ____D () C:\Users\Darkshine\Desktop\FRST-OlderVersion
2014-04-09 14:23 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 14:23 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 14:23 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 14:23 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 14:22 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 14:22 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 14:22 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 14:22 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 14:22 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 14:22 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 14:22 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 14:22 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 14:22 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 14:22 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 14:22 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 14:22 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 22:25 - 2014-04-13 14:18 - 00000000 ____D () C:\AdwCleaner
2014-04-08 22:23 - 2014-04-08 22:24 - 01426178 _____ () C:\Users\Darkshine\Desktop\adwcleaner.exe
2014-04-08 22:17 - 2014-04-15 12:17 - 00000000 ____D () C:\FRST
2014-04-08 22:16 - 2014-04-15 12:17 - 02054144 _____ (Farbar) C:\Users\Darkshine\Desktop\FRST64.exe
2014-04-05 17:01 - 2014-04-15 12:08 - 00000000 ___RD () C:\Users\Darkshine\Dropbox
2014-04-05 17:01 - 2014-04-05 17:01 - 00001053 _____ () C:\Users\Darkshine\Desktop\Dropbox.lnk
2014-04-05 13:18 - 2014-04-05 13:18 - 00000000 ____D () C:\Users\Darkshine\Desktop\Programme
2014-04-05 13:14 - 2014-04-06 00:18 - 00000000 ____D () C:\Users\Darkshine\Desktop\~~~
2014-04-05 13:05 - 2014-04-05 17:01 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\DropboxMaster
2014-04-05 13:05 - 2014-04-05 13:05 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 13:03 - 2014-04-15 12:08 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Dropbox
2014-04-05 13:03 - 2014-02-14 15:34 - 00000426 _____ () C:\AVScanner.ini
2014-04-05 12:54 - 2014-04-05 12:54 - 04787368 _____ (Piriform Ltd) C:\Users\Darkshine\Downloads\ccsetup412.exe
2014-04-05 12:49 - 2014-04-05 12:49 - 00316288 _____ (Dropbox, Inc.) C:\Users\Darkshine\Downloads\DropboxInstaller.exe
2014-03-26 19:14 - 2014-03-26 19:14 - 03822704 _____ () C:\Users\Darkshine\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-25 19:13 - 2014-03-29 18:37 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\AccurateRip
2014-03-25 19:13 - 2014-03-25 19:13 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\EAC
2014-03-25 19:12 - 2014-03-25 19:12 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-03-25 19:11 - 2014-03-25 19:11 - 04422611 _____ () C:\Users\Darkshine\Downloads\eac-1.0beta3.exe
2014-03-25 17:42 - 2014-03-25 17:42 - 00001038 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-03-25 17:12 - 2014-03-25 17:38 - 2068609615 _____ (Blitzkrieg Mod Team ) C:\Users\Darkshine\Downloads\Blitzkrieg_4.8.0.0_Complete (1).exe
2014-03-23 19:59 - 2014-03-23 19:59 - 00002008 _____ () C:\Users\Darkshine\Desktop\Launch Xion.lnk

==================== One Month Modified Files and Folders =======

2014-04-15 12:18 - 2014-04-15 12:17 - 00017307 _____ () C:\Users\Darkshine\Desktop\FRST.txt
2014-04-15 12:17 - 2014-04-13 14:07 - 00000000 ____D () C:\Users\Darkshine\Desktop\FRST-OlderVersion
2014-04-15 12:17 - 2014-04-08 22:17 - 00000000 ____D () C:\FRST
2014-04-15 12:17 - 2014-04-08 22:16 - 02054144 _____ (Farbar) C:\Users\Darkshine\Desktop\FRST64.exe
2014-04-15 12:15 - 2009-07-14 06:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 12:15 - 2009-07-14 06:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-15 12:13 - 2012-12-11 16:00 - 01200317 _____ () C:\Windows\WindowsUpdate.log
2014-04-15 12:12 - 2013-03-08 20:16 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Spotify
2014-04-15 12:08 - 2014-04-05 17:01 - 00000000 ___RD () C:\Users\Darkshine\Dropbox
2014-04-15 12:08 - 2014-04-05 13:03 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Dropbox
2014-04-15 12:07 - 2013-11-25 23:11 - 00002018 _____ () C:\Windows\Tasks\1ClickMovieDownloader V6-chromeinstaller.job
2014-04-15 12:07 - 2013-04-10 20:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-15 12:07 - 2012-12-24 20:32 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\LogMeIn Hamachi
2014-04-15 12:07 - 2012-12-15 17:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-15 12:07 - 2012-12-11 16:51 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 12:06 - 2014-04-13 15:40 - 00000336 _____ () C:\Windows\setupact.log
2014-04-15 12:06 - 2012-12-07 07:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-15 12:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 00:19 - 2012-12-11 17:08 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Skype
2014-04-14 23:30 - 2013-01-01 03:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 23:25 - 2012-12-11 16:51 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 13:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-14 13:19 - 2013-03-08 20:17 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\Spotify
2014-04-13 15:40 - 2014-04-13 15:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-13 14:20 - 2013-01-13 00:11 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\TS3Client
2014-04-13 14:20 - 2012-12-11 17:05 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\CrashDumps
2014-04-13 14:20 - 2012-03-16 14:20 - 00000000 ____D () C:\Windows\Panther
2014-04-13 14:18 - 2014-04-08 22:25 - 00000000 ____D () C:\AdwCleaner
2014-04-12 12:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-12 12:45 - 2013-03-25 01:40 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\Microsoft Games
2014-04-11 18:55 - 2013-01-01 03:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-11 18:55 - 2013-01-01 03:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-11 18:55 - 2013-01-01 03:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-11 18:54 - 2012-12-19 16:59 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\Adobe
2014-04-10 22:08 - 2013-10-08 19:51 - 00000114 _____ () C:\Users\Darkshine\Desktop\serien.txt
2014-04-10 16:25 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-09 22:33 - 2013-04-23 23:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 22:32 - 2013-08-15 01:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 22:30 - 2012-12-17 16:43 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 22:24 - 2014-04-08 22:23 - 01426178 _____ () C:\Users\Darkshine\Desktop\adwcleaner.exe
2014-04-06 00:18 - 2014-04-05 13:14 - 00000000 ____D () C:\Users\Darkshine\Desktop\~~~
2014-04-05 17:01 - 2014-04-05 17:01 - 00001053 _____ () C:\Users\Darkshine\Desktop\Dropbox.lnk
2014-04-05 17:01 - 2014-04-05 13:05 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\DropboxMaster
2014-04-05 17:01 - 2012-12-11 16:05 - 00000000 ____D () C:\Users\Darkshine
2014-04-05 13:56 - 2013-03-18 20:51 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\Facebook
2014-04-05 13:18 - 2014-04-05 13:18 - 00000000 ____D () C:\Users\Darkshine\Desktop\Programme
2014-04-05 13:11 - 2012-12-11 16:04 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-05 13:06 - 2012-12-11 16:05 - 00000000 ___RD () C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 13:05 - 2014-04-05 13:05 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 12:58 - 2012-12-07 07:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-05 12:55 - 2013-07-10 18:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-05 12:54 - 2014-04-05 12:54 - 04787368 _____ (Piriform Ltd) C:\Users\Darkshine\Downloads\ccsetup412.exe
2014-04-05 12:49 - 2014-04-05 12:49 - 00316288 _____ (Dropbox, Inc.) C:\Users\Darkshine\Downloads\DropboxInstaller.exe
2014-04-04 15:26 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 15:26 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 15:26 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 03:16 - 2014-04-09 14:23 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 14:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 14:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 14:23 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 15:20 - 2012-12-11 16:51 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 15:20 - 2012-12-11 16:51 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 18:37 - 2014-03-25 19:13 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\AccurateRip
2014-03-26 20:09 - 2013-08-21 16:10 - 00000000 ____D () C:\ProgramData\Origin
2014-03-26 19:16 - 2013-03-09 20:10 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-26 19:16 - 2012-12-24 14:53 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-26 19:15 - 2012-12-24 14:53 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-26 19:14 - 2014-03-26 19:14 - 03822704 _____ () C:\Users\Darkshine\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-26 19:14 - 2013-09-01 13:40 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-25 19:13 - 2014-03-25 19:13 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\EAC
2014-03-25 19:12 - 2014-03-25 19:12 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-03-25 19:11 - 2014-03-25 19:11 - 04422611 _____ () C:\Users\Darkshine\Downloads\eac-1.0beta3.exe
2014-03-25 17:42 - 2014-03-25 17:42 - 00001038 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-03-25 17:38 - 2014-03-25 17:12 - 2068609615 _____ (Blitzkrieg Mod Team ) C:\Users\Darkshine\Downloads\Blitzkrieg_4.8.0.0_Complete (1).exe
2014-03-23 19:59 - 2014-03-23 19:59 - 00002008 _____ () C:\Users\Darkshine\Desktop\Launch Xion.lnk
2014-03-16 15:56 - 2013-01-13 00:10 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

Some content of TEMP:
====================
C:\Users\Darkshine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8fqql.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 18:41

==================== End Of Log ============================
         
--- --- ---
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by Darkshine at 2014-04-15 12:18:27
Running from C:\Users\Darkshine\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1ClickMovieDownloader V6 (HKLM-x32\...\1ClickMovieDownloader V6) (Version: 1.31.153.0 - installdaddy) <==== ATTENTION
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alarmstufe Rot 3.03p-Iran (HKLM-x32\...\{9BCC0F2C-63C1-4569-BEE6-E3A3A377C0F8}_is1) (Version: 3.03p-Iran - FunkyFr3sh)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version:  - )
Blitzkrieg Mod version 4.8.0.0 (HKLM-x32\...\{81EC7B6D-B297-4820-B5BE-5A2373725158}_is1) (Version: 4.8.0.0 - Blitzkrieg Mod Team)
Blobby Volley 2 Version 1.0RC3 (HKLM-x32\...\Blobby Volley 2 Version 1.0RC3_is1) (Version:  - )
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version:  - )
Command & Conquer™ 3: Kanes Rache (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Ihr Firmenname)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - Relic)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.27 - Dropbox, Inc.)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FIFA 10 (HKLM-x32\...\{11202615-E557-4ECF-9B86-F59C81E52909}) (Version: 1.0.0.0 - Electronic Arts)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM-x32\...\WOLAPI) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller-Treiber 304.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 304.87 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.6-1.0.4843.7 - raidcall.com)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.56 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.6.1.1 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
SaveSense (HKCU\...\SaveSense) (Version:  - ) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Thunder Master v1.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.4.0.0 - Palit Microsystems Ltd.)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xion v1.5 (build 155) (HKLM-x32\...\Xion) (Version: 1.5 (build 155) - r2 Studios)

==================== Restore Points  =========================

05-04-2014 11:02:26 Removed LoLOracle
05-04-2014 11:08:41 Windows Live Essentials
05-04-2014 11:09:02 WLSetup
08-04-2014 11:54:57 Windows Update
09-04-2014 20:29:05 Windows Update
15-04-2014 10:12:25 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {26A92C22-DF38-4BDA-8E44-F0840CA15A41} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {49181A42-A9B5-4189-9D47-26EBC8467D91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11] (Google Inc.)
Task: {93A1F5A3-0084-43AF-8063-082D3E92A5D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C864B40C-85B0-4F43-A1E9-1B14DC6886C8} - System32\Tasks\1ClickMovieDownloader V6-chromeinstaller => C:\Program Files (x86)\1ClickMovieDownloader V6\1ClickMovieDownloader V6-chromeinstaller.exe [2013-11-25] (installdaddy)
Task: {D58238E9-EDDF-4894-96E0-8CB2A7CE3E1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11] (Adobe Systems Incorporated)
Task: {EE15F7F7-7D36-49C2-87B4-9DBF426F4E0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11] (Google Inc.)
Task: C:\Windows\Tasks\1ClickMovieDownloader V6-chromeinstaller.job => C:\Program Files (x86)\1ClickMovieDownloader V6\1ClickMovieDownloader V6-chromeinstaller.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-07 07:56 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-24 14:53 - 2013-09-01 15:21 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-23 20:35 - 2014-04-10 16:27 - 00602680 _____ () C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-04-15 12:08 - 2014-04-15 09:29 - 02289664 _____ () C:\Program Files\AVAST Software\Avast\defs\14041500\algo.dll
2014-01-08 17:34 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 17:34 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 18:10 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-12-15 17:12 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-12-15 17:12 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-15 17:12 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-15 17:12 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-15 17:12 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-03-08 20:16 - 2014-04-10 16:27 - 36966968 _____ () C:\Users\Darkshine\AppData\Roaming\Spotify\Data\libcef.dll
2014-04-15 12:08 - 2014-04-15 12:08 - 00041984 _____ () C:\Users\Darkshine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8fqql.dll
2014-04-05 13:05 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Darkshine\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-09-23 20:35 - 2014-04-10 16:27 - 00886840 _____ () C:\Users\Darkshine\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-23 20:35 - 2014-04-10 16:27 - 00108600 _____ () C:\Users\Darkshine\AppData\Roaming\Spotify\Data\libegl.dll
2014-04-11 18:55 - 2014-04-11 18:55 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
2014-04-11 19:31 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-11 19:31 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-11 19:31 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-11 19:31 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-11 19:31 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-11 19:31 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2014 00:08:41 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/15/2014 00:08:15 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/14/2014 09:59:08 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/14/2014 09:58:54 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/13/2014 11:01:23 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/13/2014 11:00:15 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/12/2014 01:55:31 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/12/2014 01:54:52 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/12/2014 11:26:57 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0x15a0
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3

Error: (04/12/2014 09:55:23 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.


System errors:
=============
Error: (04/15/2014 00:09:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/15/2014 00:09:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/15/2014 00:06:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/14/2014 09:59:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/14/2014 09:59:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/14/2014 09:57:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/13/2014 11:00:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/13/2014 11:00:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/13/2014 10:58:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2014 01:56:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-12-11 15:34:27.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\EtronHub3.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-11 15:34:27.597
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\EtronHub3.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8173.38 MB
Available physical RAM: 5324.61 MB
Total Pagefile: 16344.94 MB
Available Pagefile: 13070.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:160 GB) (Free:62.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:771.51 GB) (Free:396.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4E9C0E39)
Partition 1: (Active) - (Size=160 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=772 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 16.04.2014, 11:05   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Standard

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome



Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.04.2014, 13:22   #5
miaskosi
 
Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Standard

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.04.2014
Suchlauf-Zeit: 12:52:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.16.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Darkshine

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 285994
Verstrichene Zeit: 15 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [51af21df20e021dff7ca8909cd36718f], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, In Quarantäne, [54ac956b7b8541bfa14e50483cc711ef], 

Registrierungswerte: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {BBBF6FE0-E972-11E2-AB84-902B34A84871}, In Quarantäne, [51af21df20e021dff7ca8909cd36718f]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [54ac956b7b8541bfa14e50483cc711ef]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 11
PUP.Optional.1ClickMovieDownloader.A, C:\$Recycle.Bin\S-1-5-21-1278742384-4184070710-1616595544-1002\$RSHZGOV\1ClickMovieDownloader V6-chromeinstaller.exe, In Quarantäne, [48b8a65adb2550b01600c56428d938c8], 
RiskWare.Tool.HCK, C:\Users\Darkshine\Downloads\Sony Vegas Pro 11 MyTV.rar, In Quarantäne, [ec14f10f8779fc045c20f8d041c0936d], 
PUP.Optional.OneClickDownloader.A, C:\Users\Darkshine\Downloads\Need_for_Speed_Hot_pursuit_(NFSHP).exe, In Quarantäne, [19e718e8a65a50b01f6f20ece61b13ed], 
PUP.Optional.Breitschopp, C:\Users\Darkshine\Downloads\agsetup183se.exe, In Quarantäne, [fe0221df847c02fe026d85929d67f010], 
PUP.Optional.Breitschopp, C:\Users\Darkshine\Downloads\ag_setup183se.exe, In Quarantäne, [926e758ba0604eb2f976e92ede26ea16], 
PUP.Optional.Somoto, C:\Users\Darkshine\Downloads\HUDBlueSkinPack10x64_downloader_by_SkinPack.exe, In Quarantäne, [53adf01021df728e6908e0676a9abc44], 
Trojan.MSIL, C:\Users\Darkshine\Downloads\InstallIW4M.exe, In Quarantäne, [26da55ab6f91c63a3e3c53f25ea340c0], 
PUP.Optional.BundleInstaller.A, C:\Users\Darkshine\Downloads\Nicht bestätigt 874556.crdownload, In Quarantäne, [d62ab74940c0c838d6bc6dd2956c7f81], 
PUP.Optional.Somoto.A, C:\Users\Darkshine\Local Settings\Application Data\Bundled software uninstaller\biclient.exe, In Quarantäne, [9c645da3a65a45bbeb712de512efda26], 
Worm.Zhelatin, C:\Windows\System32\fsvk.exe.exe, In Quarantäne, [80801de39a6612eed40e923049b9e51b], 
PUP.Optional.1ClickMovieDownloader.A, C:\Windows\Tasks\1ClickMovieDownloader V6-chromeinstaller.job, In Quarantäne, [a25ec33daa56de22efe59706b44fee12], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 13:00:27
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Darkshine - XDARKSHINE
# Gestartet von : C:\Users\Darkshine\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13230 octets] - [08/04/2014 22:25:45]
AdwCleaner[R1].txt - [932 octets] - [13/04/2014 14:17:48]
AdwCleaner[R2].txt - [991 octets] - [16/04/2014 12:58:53]
AdwCleaner[S0].txt - [12575 octets] - [08/04/2014 22:27:01]
AdwCleaner[S1].txt - [913 octets] - [16/04/2014 13:00:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [972 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Darkshine on 16.04.2014 at 13:09:48,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Users\Darkshine\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Darkshine\AppData\Roaming\getrighttogo"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 13:17:53,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by Darkshine (administrator) on XDARKSHINE on 16-04-2014 13:18:45
Running from C:\Users\Darkshine\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Spotify Ltd) C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Darkshine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [336304 2012-11-16] (Razer USA Ltd)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [Spotify Web Helper] => C:\Users\Darkshine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [Spotify] => C:\Users\Darkshine\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\RunOnce: [Uninstall C:\Users\Darkshine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Darkshine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1278742384-4184070710-1616595544-1002\...\MountPoints2: {8de249dd-ea0d-11e2-8bdb-902b34a84871} - F:\setup.exe
Startup: C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Darkshine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKLM - DefaultScope {454AAC25-885B-4A1C-977E-031F954EB28C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {454AAC25-885B-4A1C-977E-031F954EB28C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - {454AAC25-885B-4A1C-977E-031F954EB28C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Darkshine\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-11]
CHR Extension: (YouTube) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-11]
CHR Extension: (Google-Suche) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-11]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-04-04]
CHR Extension: (Speed Dial 2) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2012-12-20]
CHR Extension: (League of Legends Events) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnfkjennojjkajjmghdgkibohcnefdk [2013-02-16]
CHR Extension: (Google Wallet) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Darkshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-01] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-11] (Razer, Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S2 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-11] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2012-10-25] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-11] (Razer, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 13:18 - 2014-04-16 13:18 - 00016766 _____ () C:\Users\Darkshine\Desktop\FRST.txt
2014-04-16 13:17 - 2014-04-16 13:17 - 00000873 _____ () C:\Users\Darkshine\Desktop\JRT.txt
2014-04-16 13:09 - 2014-04-16 13:09 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 13:08 - 2014-04-16 13:08 - 01016261 _____ (Thisisu) C:\Users\Darkshine\Downloads\JRT.exe
2014-04-16 12:58 - 2014-04-16 12:58 - 00003234 _____ () C:\Users\Darkshine\Desktop\mbam.txt
2014-04-16 12:53 - 2014-04-16 12:53 - 00003060 _____ () C:\Windows\PFRO.log
2014-04-16 12:34 - 2014-04-16 12:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 12:34 - 2014-04-16 12:34 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 12:34 - 2014-04-16 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 12:34 - 2014-04-16 12:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 12:34 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 12:34 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 12:34 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 12:30 - 2014-04-16 12:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Darkshine\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-16 12:23 - 2014-04-16 12:23 - 00001274 _____ () C:\Users\Darkshine\Desktop\Revo Uninstaller.lnk
2014-04-16 12:23 - 2014-04-16 12:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-16 12:22 - 2014-04-16 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Darkshine\Downloads\revosetup95.exe
2014-04-16 11:58 - 2014-04-16 11:58 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-16 01:02 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 01:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 01:02 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 01:02 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 01:02 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 01:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 01:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 01:02 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 01:02 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 01:02 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 01:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 01:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 01:02 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 01:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 01:02 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 01:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 01:02 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 01:02 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 01:02 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 01:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 01:02 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 01:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 01:02 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 01:02 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 01:02 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 01:02 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 01:02 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 01:02 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 01:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 01:02 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 01:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 01:02 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 01:02 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 01:02 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 01:02 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 01:02 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 01:02 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 01:02 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 01:02 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 01:02 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 01:02 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 01:02 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 01:02 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 01:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 01:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 01:02 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 01:02 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-16 01:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 15:40 - 2014-04-16 13:02 - 00000616 _____ () C:\Windows\setupact.log
2014-04-13 15:40 - 2014-04-13 15:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-13 14:07 - 2014-04-15 12:17 - 00000000 ____D () C:\Users\Darkshine\Desktop\FRST-OlderVersion
2014-04-09 14:22 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 14:22 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 14:22 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 14:22 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 14:22 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 14:22 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 14:22 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 14:22 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 14:22 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 14:22 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 14:22 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 14:22 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 14:22 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 14:22 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 22:25 - 2014-04-16 13:06 - 00000000 ____D () C:\AdwCleaner
2014-04-08 22:23 - 2014-04-08 22:24 - 01426178 _____ () C:\Users\Darkshine\Desktop\adwcleaner.exe
2014-04-08 22:17 - 2014-04-16 13:18 - 00000000 ____D () C:\FRST
2014-04-08 22:16 - 2014-04-15 12:17 - 02054144 _____ (Farbar) C:\Users\Darkshine\Desktop\FRST64.exe
2014-04-05 17:01 - 2014-04-16 13:04 - 00000000 ___RD () C:\Users\Darkshine\Dropbox
2014-04-05 17:01 - 2014-04-05 17:01 - 00001053 _____ () C:\Users\Darkshine\Desktop\Dropbox.lnk
2014-04-05 13:18 - 2014-04-05 13:18 - 00000000 ____D () C:\Users\Darkshine\Desktop\Programme
2014-04-05 13:14 - 2014-04-06 00:18 - 00000000 ____D () C:\Users\Darkshine\Desktop\~~~
2014-04-05 13:05 - 2014-04-05 17:01 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\DropboxMaster
2014-04-05 13:05 - 2014-04-05 13:05 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 13:03 - 2014-04-16 13:04 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Dropbox
2014-04-05 13:03 - 2014-02-14 15:34 - 00000426 _____ () C:\AVScanner.ini
2014-04-05 12:54 - 2014-04-05 12:54 - 04787368 _____ (Piriform Ltd) C:\Users\Darkshine\Downloads\ccsetup412.exe
2014-04-05 12:49 - 2014-04-05 12:49 - 00316288 _____ (Dropbox, Inc.) C:\Users\Darkshine\Downloads\DropboxInstaller.exe
2014-03-26 19:14 - 2014-03-26 19:14 - 03822704 _____ () C:\Users\Darkshine\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-25 19:13 - 2014-03-29 18:37 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\AccurateRip
2014-03-25 19:13 - 2014-03-25 19:13 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\EAC
2014-03-25 19:12 - 2014-03-25 19:12 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-03-25 19:11 - 2014-03-25 19:11 - 04422611 _____ () C:\Users\Darkshine\Downloads\eac-1.0beta3.exe
2014-03-25 17:42 - 2014-03-25 17:42 - 00001038 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-03-25 17:12 - 2014-03-25 17:38 - 2068609615 _____ (Blitzkrieg Mod Team ) C:\Users\Darkshine\Downloads\Blitzkrieg_4.8.0.0_Complete (1).exe
2014-03-23 19:59 - 2014-03-23 19:59 - 00002008 _____ () C:\Users\Darkshine\Desktop\Launch Xion.lnk

==================== One Month Modified Files and Folders =======

2014-04-16 13:19 - 2014-04-16 13:18 - 00016766 _____ () C:\Users\Darkshine\Desktop\FRST.txt
2014-04-16 13:18 - 2014-04-08 22:17 - 00000000 ____D () C:\FRST
2014-04-16 13:17 - 2014-04-16 13:17 - 00000873 _____ () C:\Users\Darkshine\Desktop\JRT.txt
2014-04-16 13:10 - 2009-07-14 06:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 13:10 - 2009-07-14 06:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 13:09 - 2014-04-16 13:09 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 13:08 - 2014-04-16 13:08 - 01016261 _____ (Thisisu) C:\Users\Darkshine\Downloads\JRT.exe
2014-04-16 13:06 - 2014-04-08 22:25 - 00000000 ____D () C:\AdwCleaner
2014-04-16 13:04 - 2014-04-05 17:01 - 00000000 ___RD () C:\Users\Darkshine\Dropbox
2014-04-16 13:04 - 2014-04-05 13:03 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Dropbox
2014-04-16 13:03 - 2013-04-10 20:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-16 13:03 - 2013-03-08 20:16 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Spotify
2014-04-16 13:03 - 2012-12-24 20:32 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\LogMeIn Hamachi
2014-04-16 13:03 - 2012-12-15 17:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-16 13:02 - 2014-04-13 15:40 - 00000616 _____ () C:\Windows\setupact.log
2014-04-16 13:02 - 2012-12-11 16:51 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 13:02 - 2012-12-07 07:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 13:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 13:01 - 2012-12-11 16:00 - 01244503 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 12:58 - 2014-04-16 12:58 - 00003234 _____ () C:\Users\Darkshine\Desktop\mbam.txt
2014-04-16 12:58 - 2013-03-08 20:17 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\Spotify
2014-04-16 12:58 - 2012-12-11 17:08 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Skype
2014-04-16 12:57 - 2014-04-16 12:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 12:53 - 2014-04-16 12:53 - 00003060 _____ () C:\Windows\PFRO.log
2014-04-16 12:53 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-16 12:34 - 2014-04-16 12:34 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 12:34 - 2014-04-16 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 12:34 - 2014-04-16 12:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 12:31 - 2014-04-16 12:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Darkshine\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-16 12:30 - 2013-01-01 03:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 12:25 - 2012-12-11 16:51 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 12:23 - 2014-04-16 12:23 - 00001274 _____ () C:\Users\Darkshine\Desktop\Revo Uninstaller.lnk
2014-04-16 12:23 - 2014-04-16 12:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-16 12:22 - 2014-04-16 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Darkshine\Downloads\revosetup95.exe
2014-04-16 11:58 - 2014-04-16 11:58 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-16 11:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-15 12:17 - 2014-04-13 14:07 - 00000000 ____D () C:\Users\Darkshine\Desktop\FRST-OlderVersion
2014-04-15 12:17 - 2014-04-08 22:16 - 02054144 _____ (Farbar) C:\Users\Darkshine\Desktop\FRST64.exe
2014-04-14 13:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-13 15:40 - 2014-04-13 15:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-13 14:20 - 2013-01-13 00:11 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\TS3Client
2014-04-13 14:20 - 2012-12-11 17:05 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\CrashDumps
2014-04-13 14:20 - 2012-03-16 14:20 - 00000000 ____D () C:\Windows\Panther
2014-04-12 12:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-12 12:45 - 2013-03-25 01:40 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\Microsoft Games
2014-04-11 18:55 - 2013-01-01 03:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-11 18:55 - 2013-01-01 03:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-11 18:55 - 2013-01-01 03:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-11 18:54 - 2012-12-19 16:59 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\Adobe
2014-04-10 22:08 - 2013-10-08 19:51 - 00000114 _____ () C:\Users\Darkshine\Desktop\serien.txt
2014-04-10 16:25 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-09 22:33 - 2013-04-23 23:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 22:32 - 2013-08-15 01:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 22:30 - 2012-12-17 16:43 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 22:24 - 2014-04-08 22:23 - 01426178 _____ () C:\Users\Darkshine\Desktop\adwcleaner.exe
2014-04-06 00:18 - 2014-04-05 13:14 - 00000000 ____D () C:\Users\Darkshine\Desktop\~~~
2014-04-05 17:01 - 2014-04-05 17:01 - 00001053 _____ () C:\Users\Darkshine\Desktop\Dropbox.lnk
2014-04-05 17:01 - 2014-04-05 13:05 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\DropboxMaster
2014-04-05 17:01 - 2012-12-11 16:05 - 00000000 ____D () C:\Users\Darkshine
2014-04-05 13:56 - 2013-03-18 20:51 - 00000000 ____D () C:\Users\Darkshine\AppData\Local\Facebook
2014-04-05 13:18 - 2014-04-05 13:18 - 00000000 ____D () C:\Users\Darkshine\Desktop\Programme
2014-04-05 13:11 - 2012-12-11 16:04 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-05 13:06 - 2012-12-11 16:05 - 00000000 ___RD () C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 13:05 - 2014-04-05 13:05 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 12:58 - 2012-12-07 07:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-05 12:55 - 2013-07-10 18:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-05 12:54 - 2014-04-05 12:54 - 04787368 _____ (Piriform Ltd) C:\Users\Darkshine\Downloads\ccsetup412.exe
2014-04-05 12:49 - 2014-04-05 12:49 - 00316288 _____ (Dropbox, Inc.) C:\Users\Darkshine\Downloads\DropboxInstaller.exe
2014-04-04 15:26 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 15:26 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 15:26 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:51 - 2014-04-16 12:34 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 12:34 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 12:34 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 15:20 - 2012-12-11 16:51 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 15:20 - 2012-12-11 16:51 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 18:37 - 2014-03-25 19:13 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\AccurateRip
2014-03-26 20:09 - 2013-08-21 16:10 - 00000000 ____D () C:\ProgramData\Origin
2014-03-26 19:16 - 2013-03-09 20:10 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-26 19:16 - 2012-12-24 14:53 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-26 19:15 - 2012-12-24 14:53 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-26 19:14 - 2014-03-26 19:14 - 03822704 _____ () C:\Users\Darkshine\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-26 19:14 - 2013-09-01 13:40 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-25 19:13 - 2014-03-25 19:13 - 00000000 ____D () C:\Users\Darkshine\AppData\Roaming\EAC
2014-03-25 19:12 - 2014-03-25 19:12 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-03-25 19:11 - 2014-03-25 19:11 - 04422611 _____ () C:\Users\Darkshine\Downloads\eac-1.0beta3.exe
2014-03-25 17:42 - 2014-03-25 17:42 - 00001038 _____ () C:\Users\Public\Desktop\Blitzkrieg Mod.lnk
2014-03-25 17:38 - 2014-03-25 17:12 - 2068609615 _____ (Blitzkrieg Mod Team ) C:\Users\Darkshine\Downloads\Blitzkrieg_4.8.0.0_Complete (1).exe
2014-03-23 19:59 - 2014-03-23 19:59 - 00002008 _____ () C:\Users\Darkshine\Desktop\Launch Xion.lnk

Some content of TEMP:
====================
C:\Users\Darkshine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphajqld.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 18:41

==================== End Of Log ============================
         
--- --- ---


Alt 17.04.2014, 10:58   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Standard

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Bekämpfung von "1clickmoviedownloader v6" - Google Chrome

Alt 17.04.2014, 14:37   #7
miaskosi
 
Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Standard

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome



Ich kann nichts machen.
PC friert sofort ein, wenn ich das Internet starte, ansonten nach 10 - 20 Minuten. (mind. schon 5 mal eingefroren - das innerhalb von 1 Stunde - gestern auch schon 2x eingefroren)
Konnte weder Vollscan durchführen noch Eset Scan.
Friert selbst im abgesicherten Modus ein.

Alt 18.04.2014, 11:06   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Standard

Bekämpfung von "1clickmoviedownloader v6" - Google Chrome



Seit wann is das so?

How to perform a clean boot in Windows
Bitte mal nen Clean Boot machen, dann auch?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Bekämpfung von "1clickmoviedownloader v6" - Google Chrome
"1clickmoviedownloader", avast, bereits, datei, geholfen, google, google chrome, hoffe, immer wieder, längerer, pup.optional.breitschopp, pup.optional.bundleinstaller.a, pup.optional.installbrain.a, pup.optional.somoto, pup.optional.somoto.a, pup.optional.sweetim.a, riskware.tool.hck, titel, trojan.msil, untersuchung, viren, worm.zhelatin



Ähnliche Themen: Bekämpfung von "1clickmoviedownloader v6" - Google Chrome


  1. Google chrome stürtzt ab und Fehlermeldung beim Start "SecurityUtility.dll"
    Log-Analyse und Auswertung - 26.08.2015 (1)
  2. Google chrome stürtzt ab und Fehlermeldung beim Start "SecurityUtility.dll"
    Alles rund um Windows - 25.08.2015 (1)
  3. ESET hat Diverses gefunden, Laptop extrem langsam, andauernde Fehlermeldungen Chrome"Ups Google Chrome ...."
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (165)
  4. Adware "Positive Finds" lässt sich in google Chrome nicht enfernen.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (10)
  5. "UniDealsi" Erweiterung in Google Chrome lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (11)
  6. Google Chrome funktioniert nicht mehr (nach "Positive finds"-Malwarebekämpfung)
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (11)
  7. Windows 8 - Google Chrome / Internet Explorer starten nur über "mystartsearch"
    Log-Analyse und Auswertung - 15.10.2014 (19)
  8. "Google chrome ist abgestürzt, jetz neu starten?"
    Plagegeister aller Art und deren Bekämpfung - 07.10.2014 (5)
  9. Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite.
    Log-Analyse und Auswertung - 01.08.2014 (3)
  10. Windows 8.1: Avira findet "TR/Swrort.A.10259" in "C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (3)
  11. "Hole dir Media Player" Google Chrome & Werbelinks
    Log-Analyse und Auswertung - 11.03.2014 (3)
  12. Browservirus lässt sich nicht entfernen "DocTooTXTConvert" Add on Google chrome
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (3)
  13. Google Chrome öffnet "Sponsorship"-Tabs
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (3)
  14. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  15. "Unbekannter Schädling" in Google Chrome erkannt
    Log-Analyse und Auswertung - 05.08.2013 (11)
  16. Google Chrome und "Sponsorship"-Tabs
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (3)
  17. Google Chrome startet nicht - "Pum.disabled.Security Center" gefunden
    Log-Analyse und Auswertung - 04.11.2012 (4)

Zum Thema Bekämpfung von "1clickmoviedownloader v6" - Google Chrome - Hallo, wie bereits im Titel angedeutet wurde, kenne ich mich in diesem Bereich nicht aus, weswegen mir andere Threads nicht geholfen haben. Ich benutze Google Chrome und seit längerer Zeit - Bekämpfung von "1clickmoviedownloader v6" - Google Chrome...
Archiv
Du betrachtest: Bekämpfung von "1clickmoviedownloader v6" - Google Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.