Erhalte Skypes "Datei empfangen"-Sound einfach so

Serjo · 24.04.2014, 02:45

Hi Leute, hab mich hier nach (viel zu langem) Überlegen endlich mal angemeldet um meine vielen Probleme mit dem Pc zu schildern, ich habe nämlich seit langer Zeit das Gefühl dass da irgendwas nicht stimmt. Eins vorweg: ich hab nicht soo wahnsinnig viel Ahnung von Computern, einige der Punkte die ich gleich aufzählen werde mögen evtl. nur harmlose Bugs o.ä. sein, aber alles zusammengenommen kommt mir das doch etwas seltsam vor. Sorry schonmal im Voraus dass der Thread so endlos lang wird, aber ich würde gern alles Merkwürdige erwähnen. (Btw. ich habe Windows 7 falls das wichtig ist)

Hier mal einige der Dinge die ich irgendwie beunruhigend finde:

1. Kürzlich ist mein AV abgelaufen, aber vorher als er noch lief kam es immer wieder mal vor dass er aus der Leiste ganz rechts unten (wie heißt die noch gleich?) verschwand und direkt danach wieder auftauchte. Ich dachte vllt hat er irgendwas geupdated, aber jedesmal wenn ich nachgesehen hab wann das letzte Datenbank-Update war, war es viel zu lange her.

2. Seit etwa 2 Monaten bleibt meine Maus jedesmal nach dem Aufwachen aus dem Standby-Modus immer wieder ein paar Sekunden stecken und geht dann kurz wieder, das ganze wiederholt sich etwa eine Minute lang und danach funktioniert sie wieder normal.

3. Vor etwa 2 Jahren ist mir aufgefallen, dass mein Pc nach einem Neustart, direkt bevor der Anmeldebildschirm kommt, jedes Mal kurz in den Standby-Modus geht und gleich wieder aufwacht und dann kommt eben der Anmeldebildschirm, leider habe ich keine Ahnung ob das normal ist und ob ich es von Anfang an hatte oder ob es irgendwann dazukam, kommt mir aber jedenfalls seltsam vor.

4. Mag ein harmloser Windows-Fehler sein, aber da ich mir nicht sicher bin erwähne ich den auch: Es kommt mehrmals am Tag vor, dass einfach so ohne ersichtlichen Grund ein Programm das ich im Vordergrund & aktiv habe plötzlich inaktiv wird, damit meine ich das was z.B. auch passiert wenn man auf die Taskleiste o.ä. klickt, das Programm ist noch im Vordergrund, aber um wieder damit arbeiten zu können muss ich es nochmal anklicken.

5. Als mein AV noch aktiv war, kam es hin und wieder vor, dass ein Virenscan den ich vorm Schlafengehen gestartet hatte einfach von selbst abgebrochen wurde und ich am nächsten Tag nichtmal irgendeinen Bericht hatte den ich normalerweise nach einem Scan immer bekomme.

6. Manchmal passiert es, dass die Datei conhost.exe doppelt im Taskmanager erscheint, wenn das passiert, ändert sich mein Anzeigeschema in dieses "Windows Basic" das immer kommt wenn der Pc iwie zu stark ausgelastet ist. Das hatte ich das erste Mal vor einigen Monaten und es ist seitdem immer ohne ersichtlichen Grund passiert und jedesmal nach maximal 1-2 Minuten von selbst verschwunden.

Jetzt zum letzten und bisher beunruhigendsten Problem das ich im Titel dieses Threads bereits erwähnt habe und das auch der Grund war wieso ich mich endlich hier angemeldet habe: seit kurzem (ca. 1 Monat) kommt es hin und wieder vor (bemerkt habe ich es zwei mal bisher), dass einfach so der Sound abgespielt wird den Skype immer abspielt wenn man eine Datei empfangen hat, selbstverständlich ohne dass ich irgendwas mit Skype gemacht habe. Das erste Mal hatte ich das als ich nen Film geguckt hab und das zweite Mal gerade eben beim Naruto zocken. Da ich in meiner Skype-Kontaktliste auch jemanden habe dem ich irgendwelche Angriffe durchaus zutrauen würde und der auch Ahnung von sowas hat, hab ich beschlossen der Sache mal auf den Grund zu gehen, seltsamerweise war der die letzten zwei Male als das passiert ist der Einzige der noch online war in Skype.

Jetzt denken sich viele von euch bestimmt dass ich einfach den Pc formatieren soll. Das Problem ist nur, dass sich der Großteil meines Lebens eben vorm Pc abspielt und sich da über die Jahre tonnenweise Daten angesammelt haben die ich bei jedem "Umzug" auf nen neuen Pc mitgenommen habe und von denen ich mich auch nicht mehr trennen kann. Falls ich den Pc formatiere, würde ich also wieder sämtliche Daten und somit auch evtl. vorhandene Viren mit übernehmen, von daher ist das nicht wirklich sinnvoll und ich würde lieber die Viren, falls sie denn vorhanden sind, entfernen. Virenscans (habe/hatte McAfee) haben nie irgendwas Auffälliges gefunden und Malwarebytes das ich grade eben erst installiert und laufen lassen hab, hat nur harmlose Sachen gefunden, zu 90% iwas von der Babylon-Toolbar und noch irgendwas von Softonic, OpenCandy und Conduit, sah nach nichts Gefährlichen aus. Wäre sehr dankbar wenn ihr mir sagen könntet was ich da noch versuchen könnte, denn normal ist all das doch bestimmt nicht oder?

schrauber · 24.04.2014, 06:27

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Serjo · 24.04.2014, 07:37

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Trevelyan (administrator) on TREVELYAN-PC on 24-04-2014 08:26:48
Running from C:\Users\Trevelyan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Cloanto Corporation) C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Valve Corporation) C:\Program Files (x86)\Valve\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-01-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [razer] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CloantoSoftwareDirector] => C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe [370512 2013-02-01] (Cloanto Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0407-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-973126448-2161090440-1869997015-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-973126448-2161090440-1869997015-1001\...\Run: [Sony Ericsson PC Companion] => "E:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
HKU\S-1-5-21-973126448-2161090440-1869997015-1001\...\MountPoints2: {c1c47548-3b91-11e1-b2ab-806e6f6e6963} - D:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
URLSearchHook: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKCU - {25221FFD-2736-4065-AA48-37EDCED2A825} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default
FF user.js: detected! => C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js
FF DefaultSearchEngine: GMX Suche Ã–sterreich
FF SelectedSearchEngine: GMX Suche Ã–sterreich
FF Homepage: www.google.at
FF Keyword.URL: hxxp://go.gmx.at/tb/mff_keyurl_search/?su=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @comrade.gamespy.com/comrade - C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: NetVideoHunter - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\netvideohunter@netvideohunter.com [2014-04-12]
FF Extension: DownloadHelper - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Ghostery - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: FireNes - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\firenes@facundo.zaldo.xpi [2012-05-16]
FF Extension: Rotate Image - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\rotateimage@minisystems.de.xpi [2012-11-01]
FF Extension: Gutscheinaffe - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2014-02-11]
FF Extension: RightToClick - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2012-05-16]
FF Extension: Adblock Plus - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-18]
FF Extension: Greasemonkey - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF Extension: User Agent Switcher - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-01-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-04-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-18]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PCSUService; C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe [235232 2011-11-07] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-11] ()

==================== Drivers (Whitelisted) ====================

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-12] (DT Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [45440 2007-01-18] ()
S3 uisp; C:\Windows\System32\Drivers\usbicp.sys [19200 2005-10-21] (Motorola)
S3 uisp; C:\Windows\SysWOW64\Drivers\usbicp.sys [162900 2001-01-04] (Motorola)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 GPU-Z; \??\C:\Users\TREVEL~1\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 08:26 - 2014-04-24 08:27 - 00031265 _____ () C:\Users\Trevelyan\Desktop\FRST.txt
2014-04-24 08:26 - 2014-04-24 08:26 - 00000000 ____D () C:\FRST
2014-04-24 08:25 - 2014-04-24 08:25 - 02061824 _____ (Farbar) C:\Users\Trevelyan\Desktop\FRST64.exe
2014-04-24 02:51 - 2014-04-24 02:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 02:50 - 2014-04-24 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 02:50 - 2014-04-24 02:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 02:50 - 2014-04-24 02:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-24 02:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-24 02:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-24 02:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-23 13:13 - 2014-04-23 13:13 - 04482641 _____ () C:\Users\Trevelyan\Desktop\naruto_dance.flv
2014-04-20 16:54 - 2014-04-20 16:56 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\{2008AC58-DE2D-4C2B-A1F9-D5E90E996128}
2014-04-18 16:15 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-16 00:46 - 2014-03-17 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-16 00:46 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-16 00:46 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-16 00:46 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-16 00:45 - 2014-04-16 00:46 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 00:37 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 00:37 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 00:36 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 00:36 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 00:36 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 00:36 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 00:36 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 00:36 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 00:36 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 00:36 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 00:36 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 00:36 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 00:36 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 00:36 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 00:36 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 00:36 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 00:36 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 00:36 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 00:36 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 00:36 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 00:36 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 00:36 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 00:36 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 00:36 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 00:36 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 00:36 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 00:36 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 00:36 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 00:36 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 00:36 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 00:36 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 00:36 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 00:36 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 00:36 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 00:36 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 00:36 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 00:36 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 00:36 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 00:36 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 00:36 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 00:36 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 00:36 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 00:36 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 00:36 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 00:36 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 00:36 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 00:36 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 00:36 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 11:45 - 2014-04-18 16:52 - 00000000 ____D () C:\Users\Trevelyan\Desktop\dzss
2014-04-13 15:11 - 2014-04-13 15:11 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\CutePDF Writer
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-04-13 15:09 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
2014-04-11 19:38 - 2014-04-24 01:21 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\DayZ
2014-04-11 19:38 - 2014-04-11 19:49 - 00000000 ____D () C:\Users\Trevelyan\Documents\DayZ
2014-04-09 08:29 - 2014-04-09 08:34 - 169712019 _____ () C:\Users\Trevelyan\Desktop\RB.wmv
2014-04-09 08:29 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:29 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 08:29 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 08:29 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 08:29 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 08:29 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 08:29 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 08:29 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 08:29 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 08:29 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 08:29 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 08:29 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 08:29 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 08:21 - 2014-04-09 14:14 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Bewerbungen
2014-03-28 00:43 - 2014-03-28 00:43 - 00000541 _____ () C:\Users\Trevelyan\Desktop\steam.txt
2014-03-25 23:00 - 2014-03-25 23:01 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\Sniper Elite Nazi Zombie Army

==================== One Month Modified Files and Folders =======

2014-04-24 08:27 - 2014-04-24 08:26 - 00031265 _____ () C:\Users\Trevelyan\Desktop\FRST.txt
2014-04-24 08:26 - 2014-04-24 08:26 - 00000000 ____D () C:\FRST
2014-04-24 08:26 - 2012-01-18 05:00 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Skype
2014-04-24 08:25 - 2014-04-24 08:25 - 02061824 _____ (Farbar) C:\Users\Trevelyan\Desktop\FRST64.exe
2014-04-24 08:19 - 2012-01-10 16:54 - 02084504 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 07:56 - 2012-04-04 06:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 05:42 - 2012-04-09 04:24 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Zeug (i. vsk)
2014-04-24 05:29 - 2012-01-17 22:44 - 00000000 ___RD () C:\Users\Trevelyan\Desktop\Dokumente
2014-04-24 02:51 - 2014-04-24 02:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 02:51 - 2014-04-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 02:51 - 2012-01-17 22:47 - 00000000 ____D () C:\Users\Trevelyan\Desktop\O.P.U.D
2014-04-24 02:50 - 2014-04-24 02:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 02:50 - 2014-04-24 02:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-24 01:21 - 2014-04-11 19:38 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\DayZ
2014-04-23 20:02 - 2013-04-18 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-04-23 13:14 - 2012-01-17 23:53 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\vlc
2014-04-23 13:13 - 2014-04-23 13:13 - 04482641 _____ () C:\Users\Trevelyan\Desktop\naruto_dance.flv
2014-04-23 04:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-22 16:13 - 2012-01-10 17:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-22 14:13 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 14:13 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 01:15 - 2010-11-21 08:50 - 00710502 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 01:15 - 2010-11-21 08:50 - 00154832 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 01:15 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 00:01 - 2012-01-17 21:35 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\ICQ
2014-04-21 21:23 - 2012-01-18 01:02 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Audacity
2014-04-21 05:11 - 2012-01-18 04:09 - 00000000 ____D () C:\Program Files (x86)\No23 Recorder
2014-04-20 16:56 - 2014-04-20 16:54 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\{2008AC58-DE2D-4C2B-A1F9-D5E90E996128}
2014-04-20 15:38 - 2012-01-18 00:41 - 00000000 ____D () C:\Users\Trevelyan\dwhelper
2014-04-20 14:27 - 2012-02-10 23:02 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\XnView
2014-04-20 04:33 - 2013-04-18 22:09 - 00000000 __RSD () C:\Users\Trevelyan\Documents\McAfee-Tresore
2014-04-20 04:31 - 2012-01-10 17:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-20 04:31 - 2012-01-10 17:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-20 04:31 - 2012-01-10 17:11 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-20 04:30 - 2012-01-10 15:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-20 04:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 04:30 - 2009-07-14 06:51 - 00084261 _____ () C:\Windows\setupact.log
2014-04-20 02:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-19 17:00 - 2012-01-10 17:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-18 19:08 - 2010-11-21 05:47 - 00296814 _____ () C:\Windows\PFRO.log
2014-04-18 19:06 - 2012-02-16 03:42 - 00007601 _____ () C:\Users\Trevelyan\AppData\Local\Resmon.ResmonCfg
2014-04-18 16:52 - 2014-04-15 11:45 - 00000000 ____D () C:\Users\Trevelyan\Desktop\dzss
2014-04-18 16:52 - 2012-01-17 23:43 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Musik
2014-04-18 16:16 - 2013-12-05 06:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-04-18 16:15 - 2012-01-25 09:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-16 00:49 - 2012-04-04 06:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-16 00:49 - 2012-04-04 06:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-16 00:49 - 2012-01-18 06:39 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\Adobe
2014-04-16 00:49 - 2012-01-10 16:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-16 00:47 - 2013-10-16 23:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 00:46 - 2014-04-16 00:45 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 00:46 - 2012-01-10 17:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 00:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 13:51 - 2012-01-18 07:59 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-04-13 15:11 - 2014-04-13 15:11 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\CutePDF Writer
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-04-11 19:49 - 2014-04-11 19:38 - 00000000 ____D () C:\Users\Trevelyan\Documents\DayZ
2014-04-11 19:26 - 2012-01-28 07:43 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-09 14:14 - 2014-04-09 08:21 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Bewerbungen
2014-04-09 09:12 - 2012-03-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 09:11 - 2013-08-15 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 09:09 - 2012-01-24 03:38 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 08:34 - 2014-04-09 08:29 - 169712019 _____ () C:\Users\Trevelyan\Desktop\RB.wmv
2014-04-04 18:39 - 2012-03-10 18:04 - 00000000 ____D () C:\ProgramData\Origin
2014-04-04 18:37 - 2012-03-10 18:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-03 09:51 - 2014-04-24 02:50 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-24 02:50 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-24 02:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 07:36 - 2014-03-18 11:46 - 00000065 _____ () C:\Users\Trevelyan\Desktop\auf i-pod.txt
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-28 00:43 - 2014-03-28 00:43 - 00000541 _____ () C:\Users\Trevelyan\Desktop\steam.txt
2014-03-27 00:47 - 2014-01-11 17:55 - 00000000 ____D () C:\Users\Trevelyan\Desktop\bw
2014-03-25 23:01 - 2014-03-25 23:00 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\Sniper Elite Nazi Zombie Army
2014-03-25 22:59 - 2012-01-10 17:18 - 00697810 _____ () C:\Windows\DirectX.log

Files to move or delete:
====================
C:\Users\Trevelyan\AppData\Roaming\CamLayout.ini
C:\Users\Trevelyan\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Trevelyan\AppData\Local\Temp\afqfduma.dll
C:\Users\Trevelyan\AppData\Local\Temp\converter.exe
C:\Users\Trevelyan\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Trevelyan\AppData\Local\Temp\drm_dyndata_7300015.dll
C:\Users\Trevelyan\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Trevelyan\AppData\Local\Temp\drm_dyndata_7380007.dll
C:\Users\Trevelyan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Trevelyan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Trevelyan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Trevelyan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Trevelyan\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Trevelyan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Trevelyan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Trevelyan\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Trevelyan\AppData\Local\Temp\nvStInst.exe
C:\Users\Trevelyan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Trevelyan\AppData\Local\Temp\sonarinst.exe
C:\Users\Trevelyan\AppData\Local\Temp\utt3DE5.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 02:52

==================== End Of Log ============================

--- --- ---

--- --- ---

Serjo · 24.04.2014, 07:38

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by Trevelyan at 2014-04-24 08:27:05
Running from C:\Users\Trevelyan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.58 - Hulubulu Software)
Alarmstufe Rot 2-Ra2Ru- Editor (HKLM-x32\...\ST6UNST #1) (Version:  - )
Alarmstufe Rot 3.03p2 (HKLM-x32\...\Alarmstufe Rot_is1) (Version: 3.03p2 - FunkyFr3sh)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amiga Forever (HKLM-x32\...\{CAFC0D30-456E-4754-8576-69677D30829C}) (Version: 2013.2.0 - Cloanto)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV Player (HKLM-x32\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION
BaktiNet v1.4b (HKLM-x32\...\BaktiNet v1.4b) (Version: 1.4b - Scienide)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C64 Forever (HKLM-x32\...\{E8789F9D-CA06-4961-9E72-1D0DBD64B950}) (Version: 2013.2.0 - Cloanto)
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version:  - )
Command & Conquer 3 Tiberium Wars™ (HKLM-x32\...\{CAC9DCAF-0EA8-442C-97EA-CA6F5755390A}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer Alarmstufe Rot 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Command & Conquer™ Alarmstufe Rot 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (HKLM-x32\...\{24DFBE4C-FD7F-48F2-A7D9-D1A0929B2113}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{AC663F85-A421-4127-A507-8E24F64D4523}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{8F0F5689-6900-425B-A8C2-0DBD10DAB694}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - )
CryEngine(R)2 Sandbox(TM)2 (HKLM-x32\...\{7E4B7FD9-4ECE-4298-A910-3160B7918059}) (Version: 1.00.0000 - Electronic Arts)
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\{7E18C9F0-1262-4AF6-AC3D-9CB1EBF54772}) (Version: 1.0.0.0 - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.948.0 - Electronic Arts)
DEET Defender (HKLM\...\UDK-4815d3a7-1a1b-4d13-9a26-b8a179da0865) (Version:  - Epic Games, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{56A0DD94-47D9-4AC8-B5A1-8A8CA77C4B89}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.0 - Dell)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DOOM 3 (HKLM-x32\...\Steam App 9050) (Version:  - id Software)
DOOM 3: Resurrection of Evil (HKLM-x32\...\Steam App 9070) (Version:  - Nerve Software)
DVDFab 8.1.7.5 (07/04/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FinalAlert 2 (HKLM-x32\...\Product_Name) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FrostWire 5.5.1 (HKLM-x32\...\FrostWire 5) (Version: 5.5.1.0 - FrostWire Team)
GameSpy Comrade (HKLM-x32\...\{7F752BAB-4AFD-4138-983D-7E9E7CFE077D}) (Version: 3.2.17.236 - GameSpy)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM-x32\...\WOLAPI) (Version:  - )
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life(R) 2 (HKLM-x32\...\{D45EC259-4A19-4656-B588-C2C360DD18EA}) (Version: 1.0.0.0 - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
HydraIRC (HKLM-x32\...\HydraIRC) (Version: 0.3.165 - Hydra Productions)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Jade Empire (HKLM-x32\...\{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}) (Version:  - BioWare Corp.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 4.5.3 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.5.3 - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.105 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.105 - LogMeIn, Inc.) Hidden
Mafia Game (HKLM-x32\...\Mafia Game) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}) (Version: 1.2.20608.0 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.944 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.4.0.2062 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Morrowind (HKLM-x32\...\{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}) (Version:  - )
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero 7 Ultra Edition (HKLM-x32\...\{26D3E377-1DCA-4043-9410-B4A9BACF1031}) (Version: 7.02.9888 - Nero AG)
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23)
No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
PC Beschleunigen - Vollständige Deinstallation (HKLM\...\PCSU-SL_is1) (Version: 2.3.18 - Speedchecker Limited)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Razer Copperhead (HKLM-x32\...\{28A946E1-E83B-4662-BC7C-23451851489E}) (Version: 6.10 - Razer USA Ltd.)
Razer Copperhead (HKLM-x32\...\{D6D5CFB3-7095-4073-B6B7-B7E909838C57}) (Version:  - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Software Director (HKLM-x32\...\Cloanto Software Director) (Version: 3.8.10.0 - Cloanto Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
SprayR 1.0 RC7b (HKLM-x32\...\SprayR) (Version: 1.0 RC7b - Jan 'neofrag' Willms)
Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - Firefly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
SUPER © v2013.build.57+Recorder (2013/07/13) Version v2013.buil (HKLM-x32\...\{8E2A1F92-9B4F-4DF9-8459-B736B0831C69}_is1) (Version: v2013.build.57+Recorder - eRightSoft)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.9.2 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TES Construction Set (HKLM-x32\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Vegas Pro 10.0 (64-bit) (HKLM\...\{C71D49C0-11F5-11E0-B8FB-0013D3D69929}) (Version: 10.0.470 - Sony)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
winLAME 2010 beta 2 (HKLM-x32\...\{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}) (Version: 1.0.2010.2 - Michael Fink)
Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.8.5.1 - Winload)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wuala (HKCU\...\Wuala) (Version: 1.0.423.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
XCC Game Spy 1.10 (HKLM-x32\...\XCC Game Spy) (Version:  - )
XnView 1.98.5 (HKLM-x32\...\XnView_is1) (Version: 1.98.5 - Gougelet Pierre-e)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zumas Revenge (HKLM-x32\...\{0B153CAB-792B-4CA2-B2A5-AB0BBAF2FFA9}) (Version: 1.0.5.600 - PopCap Games)

==================== Restore Points  =========================

25-03-2014 20:58:22 DirectX wurde installiert
09-04-2014 07:08:01 Windows Update
15-04-2014 22:36:22 Windows Update
15-04-2014 22:44:18 Installed Java 7 Update 55
20-04-2014 02:44:35 Windows Update

==================== Hosts content: ==========================

2012-04-12 04:26 - 2012-04-12 09:50 - 00001792 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com 
0.0.0.0       localhost 
127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 
127.0.0.1 ereg.adobe.com 
127.0.0.1 activate.wip3.adobe.com 
127.0.0.1 wip3.adobe.com 
127.0.0.1 3dns-3.adobe.com 
127.0.0.1 3dns-2.adobe.com 
127.0.0.1 adobe-dns.adobe.com 
127.0.0.1 adobe-dns-2.adobe.com 
127.0.0.1 adobe-dns-3.adobe.com 
127.0.0.1 ereg.wip3.adobe.com 
127.0.0.1 activate-sea.adobe.com 
127.0.0.1 wwis-dubc1-vip60.adobe.com 


==================== Scheduled Tasks (whitelisted) =============

Task: {0BC3A797-709B-40E5-9307-CC840839CC5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-16] (Adobe Systems Incorporated)
Task: {10762B29-B7FB-4238-B417-AFE89C2F9223} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-973126448-2161090440-1869997015-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {17EAACA0-EB22-4612-B068-F8B2162482BF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {32987F47-C993-4E6F-A0AE-E4C6FEFF487D} - System32\Tasks\RealCreateProcessScheduledTask9481241S-1-5-21-973126448-2161090440-1869997015-1001 => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2012-01-24] (RealNetworks, Inc.)
Task: {41309CB6-1B14-473E-B15F-BCAC9EE346FF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-973126448-2161090440-1869997015-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2011-04-04 00:15 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-18 00:01 - 2011-11-07 10:13 - 00235232 _____ () C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
2014-04-13 15:09 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2012-01-18 10:58 - 2012-03-11 00:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-10 17:11 - 2011-09-22 12:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-06-27 21:26 - 2011-06-27 21:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 10:52 - 2011-06-29 10:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2010-11-17 12:35 - 2010-11-17 12:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-09-01 12:23 - 2009-11-19 18:43 - 00135168 _____ () C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
2012-01-18 00:01 - 2011-07-27 09:57 - 00562072 _____ () C:\Program Files (x86)\PC Beschleunigen\sqlite3.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-16 22:28 - 2010-03-16 22:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 17:52 - 2010-03-22 17:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 22:28 - 2010-03-16 22:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 22:28 - 2010-03-16 22:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 01:20 - 2011-06-25 01:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 21:25 - 2011-06-27 21:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 01:32 - 2011-06-25 01:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
2010-03-11 21:52 - 2010-03-11 21:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 17:07 - 2010-03-05 17:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 17:07 - 2010-03-05 17:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 21:52 - 2010-03-11 21:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2010-11-25 00:44 - 2010-11-25 00:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-12-15 00:49 - 2005-08-17 14:23 - 00151552 _____ () C:\Program Files (x86)\Razer\Copperhead\download.dll
2014-02-13 01:58 - 2014-02-13 01:58 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2012-01-10 17:09 - 2011-05-20 12:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-04-20 04:37 - 2014-04-20 04:37 - 00010752 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\auth.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00069120 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\burnlib.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00025088 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\dsp_sc.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00013824 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\dsp_sps.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00006656 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\enc_fhgaac.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004096 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\enc_flac.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00005632 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\enc_lame.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004096 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\enc_vorbis.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004096 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\enc_wav.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00006144 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\enc_wma.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00023552 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_classicart.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00007168 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_crasher.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00023040 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_ff.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00012288 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_hotkeys.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00041984 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_jumpex.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00022528 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_ml.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00009728 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_nopro.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00011776 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_skinmanager.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00010240 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_timerestore.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00008192 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_tray.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00010752 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\gen_undo.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00005120 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_avi.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00014848 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_cdda.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00006656 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_dshow.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00005632 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_flac.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00003584 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_flv.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00003584 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_linein.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00020480 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_midi.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004608 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_mkv.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00018432 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_mod.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00023040 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_mp3.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00005120 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_mp4.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00011776 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_nsv.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00003584 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_swf.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00011264 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_vorbis.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00006656 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_wav.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00005632 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_wave.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00015360 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_wm.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004608 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\in_wv.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00003584 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_addons.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00006656 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_autotag.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00005120 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_bookmarks.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00024064 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_cloud.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00008192 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_devices.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00047616 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_disc.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00009728 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_downloads.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004608 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_enqplay.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00009728 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_history.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00005120 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_impex.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00056320 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_local.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00003584 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_nowplaying.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00014336 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_online.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00017408 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_playlists.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00034816 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_plg.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00055296 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_pmp.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00005120 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_rg.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00008192 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_transcode.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00015360 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ml_wire.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00036352 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\ombrowser.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00006144 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\out_disk.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00016384 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\out_ds.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00007680 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\out_wave.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00003072 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\playlist.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004608 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\pmp_activesync.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00019968 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\pmp_android.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00007680 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\pmp_cloud.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00036864 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\pmp_ipod.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00003584 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\pmp_njb.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004096 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\pmp_p4s.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00011776 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\pmp_usb.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00039936 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\pmp_wifi.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00006144 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\tagz.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00088064 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\vis_avs.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00155648 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\vis_milk2.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00007680 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\vis_nsfs.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00211456 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\winamp.lng
2014-04-20 04:37 - 2014-04-20 04:37 - 00004096 _____ () C:\Users\Trevelyan\AppData\Local\Temp\WDE670B.tmp\winampa.lng
2012-03-02 02:35 - 2012-03-02 02:35 - 00511488 _____ () C:\Program Files (x86)\Winamp\Plugins\lame_enc.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-08 00:00 - 2014-04-08 00:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll
2014-04-08 00:00 - 2014-04-08 00:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll
2012-11-28 09:21 - 2012-11-28 09:21 - 00002048 _____ () C:\Users\Trevelyan\AppData\Roaming\Trillian\languages\de\toolkit.dll
2012-11-28 09:21 - 2012-11-28 09:21 - 00007168 _____ () C:\Users\Trevelyan\AppData\Roaming\Trillian\languages\de\events.dll
2012-11-28 09:21 - 2012-11-28 09:21 - 00009728 _____ () C:\Users\Trevelyan\AppData\Roaming\Trillian\languages\de\buddy.dll
2012-11-28 09:21 - 2012-11-28 09:21 - 00006144 _____ () C:\Users\Trevelyan\AppData\Roaming\Trillian\languages\de\talk.dll
2012-01-23 14:46 - 2010-03-07 19:08 - 00007168 _____ () C:\Users\Trevelyan\AppData\Roaming\Trillian\languages\de\trillian.dll
2014-03-21 12:49 - 2014-03-21 12:49 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-16 00:49 - 2014-04-16 00:49 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
2014-01-08 09:28 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files (x86)\Valve\Steam\libavresample-1.dll
2014-04-23 01:22 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files (x86)\Valve\Steam\libavutil-53.dll
2013-03-12 18:10 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files (x86)\Valve\Steam\SDL2.dll
2012-01-19 00:49 - 2014-04-22 01:42 - 01135808 _____ () C:\Program Files (x86)\Valve\Steam\bin\chromehtml.DLL
2013-01-22 05:22 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files (x86)\Valve\Steam\bin\libcef.dll
2012-03-15 00:48 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Valve\Steam\bin\avcodec-53.dll
2012-03-15 00:48 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Valve\Steam\bin\avutil-51.dll
2012-03-15 00:48 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Valve\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:888AFB86

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2014 02:36:12 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/20/2014 04:32:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 04:28:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 04:28:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 319131

Error: (04/20/2014 04:28:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 319131

Error: (04/20/2014 04:28:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 04:28:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 318133

Error: (04/20/2014 04:28:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 318133

Error: (04/20/2014 04:28:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 04:28:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 317135


System errors:
=============
Error: (04/23/2014 01:23:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/23/2014 01:23:03 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (04/21/2014 04:31:38 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (04/20/2014 04:30:33 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎20.‎04.‎2014 um 04:28:47 unerwartet heruntergefahren.

Error: (04/19/2014 05:01:48 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (04/18/2014 00:52:43 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (04/18/2014 00:17:35 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (04/18/2014 00:04:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/18/2014 00:04:18 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.

Error: (04/18/2014 00:04:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-04-18 22:08:43.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\SET8F6.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-18 22:08:43.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\SET8F6.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-29 09:38:20.704
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-29 09:38:20.624
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-29 09:38:20.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-29 09:38:20.464
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-29 09:04:52.070
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-29 09:04:52.040
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-29 09:04:52.000
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-29 09:04:51.540
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 16366.45 MB
Available physical RAM: 10159.64 MB
Total Pagefile: 32731.07 MB
Available Pagefile: 25089.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:318.05 GB) NTFS
Drive d: (Morrowind) (CDROM) (Total:1.81 GB) (Free:0 GB) UDF
Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:453.8 GB) NTFS
Drive h: (EF351210) (Fixed) (Total:1863.01 GB) (Free:604.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 1ED12869)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 83BE1043)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 52D78BCD)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================

(Ging sich nicht in einem Post aus)

schrauber · 24.04.2014, 12:54

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Serjo · 24.04.2014, 13:53

Das mit dem Revo Uninstaller hab ich erledigt, als ich beim Reste entfernen die fettgedruckten Einträge angewählt und auf löschen geklickt hab verschwand aber seltsamerweise die gesamte Liste, nicht nur die markierten, fettgedruckten Einträge, kA ob das iwie schlecht ist.

Das wichtigere Problem ist aber, dass ich keine Ahnung hab wie ich Schritt 2 befolgen kann, ich finde einfach keine Möglichkeit McAfee zu beenden, ich wollte es früher schonmal aus anderen Gründen vorübergehend abschalten und hatte auch danach gegoogled aber nie was Hilfreiches gefunden..

schrauber · 25.04.2014, 09:11

Deinstalliere mal McAfee komplett.

Serjo · 27.04.2014, 17:34

Code:

ATTFilter

ComboFix 14-04-26.01 - Trevelyan 27.04.2014  17:29:07.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.16366.13815 [GMT 2:00]
ausgeführt von:: c:\users\Trevelyan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Razer\Copperhead\razerhid.exe
c:\users\Trevelyan\AppData\Roaming\chrtmp
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PCSUService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-27 bis 2014-04-27  ))))))))))))))))))))))))))))))
.
.
2014-04-27 15:39 . 2014-04-27 15:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-27 15:39 . 2014-04-27 15:39	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-04-25 09:10 . 2014-04-17 03:31	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0A2D746-35FB-4109-B416-58F17666855C}\mpengine.dll
2014-04-24 12:40 . 2014-04-24 12:40	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-04-24 06:26 . 2014-04-24 06:27	--------	d-----w-	C:\FRST
2014-04-24 00:51 . 2014-04-24 00:51	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-24 00:50 . 2014-04-24 00:50	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-24 00:50 . 2014-04-24 00:50	--------	d-----w-	c:\programdata\Malwarebytes
2014-04-24 00:50 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-24 00:50 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-24 00:50 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-18 14:15 . 2014-03-04 11:32	599840	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-04-15 22:46 . 2014-03-17 20:11	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-15 22:37 . 2014-03-06 06:00	359936	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2014-04-15 22:37 . 2014-03-06 05:50	257536	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-15 22:37 . 2014-03-06 08:32	574976	----a-w-	c:\windows\system32\ieui.dll
2014-04-13 13:11 . 2014-04-13 13:11	--------	d-----w-	c:\users\Trevelyan\AppData\Local\CutePDF Writer
2014-04-13 13:09 . 2014-04-13 13:09	--------	d-----w-	c:\program files (x86)\GPLGS
2014-04-13 13:09 . 2013-10-23 12:24	87600	----a-w-	c:\windows\system32\cpwmon64.dll
2014-04-13 13:09 . 2014-04-13 13:09	--------	d-----w-	c:\program files (x86)\Acro Software
2014-04-11 17:38 . 2014-04-26 17:32	--------	d-----w-	c:\users\Trevelyan\AppData\Local\DayZ
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 22:49 . 2012-04-04 04:26	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-15 22:49 . 2012-01-10 14:56	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 07:09 . 2012-01-24 01:38	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-04 14:35 . 2014-03-11 06:47	9728064	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-11 06:47	9690424	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-11 06:47	892704	----a-w-	c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-11 06:47	877856	----a-w-	c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-11 06:47	863064	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-11 06:47	846168	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-11 06:47	832936	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-11 06:47	353504	----a-w-	c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-11 06:47	31474976	----a-w-	c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-11 06:47	3143456	----a-w-	c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-11 06:47	305600	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-11 06:47	2958792	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-11 06:47	2783008	----a-w-	c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-11 06:47	25255256	----a-w-	c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-11 06:47	2411976	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-11 06:47	23716640	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-11 06:47	1885472	----a-w-	c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-11 06:47	17755424	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-11 06:47	17561544	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-11 06:47	174296	----a-w-	c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-11 06:47	1516488	----a-w-	c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-11 06:47	148016	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-11 06:47	12708128	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-11 06:47	11636176	----a-w-	c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-11 06:47	11589272	----a-w-	c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2014-01-10 21:48	15783992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2013-08-27 06:53	2715264	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2012-02-21 17:48	947808	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2012-01-25 07:47	18302384	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2012-01-25 07:47	14709720	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2012-01-10 22:34	3093280	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-04 13:06 . 2011-04-03 22:14	6714312	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2011-04-03 22:14	3497816	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2011-04-03 22:15	922968	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2011-04-03 22:15	2558808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2011-04-03 21:15	64968	----a-w-	c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2011-04-03 22:15	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2012-02-21 17:49	3649185	----a-w-	c:\windows\system32\nvcoproc.bin
2014-03-04 09:17 . 2014-04-09 06:29	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-02-08 18:34 . 2014-02-18 16:45	1885472	----a-w-	c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-18 16:45	1515296	----a-w-	c:\windows\system32\nvdispgenco6433489.dll
2014-02-07 01:23 . 2014-03-12 02:16	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 02:16	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 02:16	624128	----a-w-	c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 02:16	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 02:16	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 02:16	484864	----a-w-	c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 02:16	381440	----a-w-	c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 02:16	228864	----a-w-	c:\windows\system32\wwansvc.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2011-02-11 09:26	112128	--sha-r-	c:\windows\SysWOW64\OptimFROG.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 17:54	188416	--sha-r-	c:\windows\SysWOW64\winDCE32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\Winload\prxtbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{E7D2A249-9F24-4BDD-9383-149127987ADA}"
[HKEY_CLASSES_ROOT\CLSID\{E7D2A249-9F24-4BDD-9383-149127987ADA}]
2012-04-09 15:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-24 296056]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"CloantoSoftwareDirector"="c:\program files (x86)\Common Files\Cloanto\Software Director\softdir.exe" [2013-02-01 370512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-0011-0000-0000-0000000FF1CE}"="del" [X]
"{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]
"{90140000-0018-0409-0000-0000000FF1CE}"="del" [X]
"{90140000-0018-0407-0000-0000000FF1CE}"="del" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys;c:\windows\SYSNATIVE\drivers\copperhd.sys [x]
R3 GPU-Z;GPU-Z;c:\users\TREVEL~1\AppData\Local\Temp\GPU-Z.sys;c:\users\TREVEL~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys;c:\windows\SYSNATIVE\drivers\RecFltr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{E7D2A249-9F24-4BDD-9383-149127987ADA}"
[HKEY_CLASSES_ROOT\CLSID\{E7D2A249-9F24-4BDD-9383-149127987ADA}]
2012-04-09 15:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
Trusted Zone: dell.com
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - GMX Suche Ã–sterreich
FF - prefs.js: browser.startup.homepage - www.google.at
FF - prefs.js: keyword.URL - hxxp://go.gmx.at/tb/mff_keyurl_search/?su=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 04230bbd000000000000d4bed98ff492
FF - user.js: extensions.BabylonToolbar_i.hardId - 04230bbd000000000000d4bed98ff492
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15356
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Sony Ericsson PC Companion - e:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NeroLauncher - c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe
Wow6432Node-HKLM-Run-razer - c:\program files (x86)\Razer\Copperhead\razerhid.exe
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
Wow6432Node-HKLM-Run-Copperhead - c:\program files (x86)\Razer\Copperhead\razerhid.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
AddRemove-Alarmstufe Rot_is1 - e:\program files (x86)\Alarmstufe Rot\unins000.exe
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-973126448-2161090440-1869997015-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-973126448-2161090440-1869997015-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-973126448-2161090440-1869997015-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b4,4d,ec,d8,12,67,41,10,bd,b2,69,fc,f2,8f,62,2c,bd,6a,14,3a,c2,54,b5,
   9c,37,f3,fa,f9,1f,25,e6,69,94,2c,7d,39,4a,ab,f4,9c,e6,5f,1c,d0,21,c0,a0,2b,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-973126448-2161090440-1869997015-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:2e,61,9c,3e,03,ae,99,1f,97,58,3e,ce,d0,67,73,92,db,70,e6,9f,68,
   00,52,20,d4,da,da,07,a1,d4,9d,5d,6c,34,b9,f7,d5,6d,eb,f1,f0,3c,e7,df,1c,c6,\
"rkeysecu"=hex:7a,ff,24,4b,04,7d,98,67,89,a7,2f,9f,29,2b,b2,28
.
[HKEY_USERS\S-1-5-21-973126448-2161090440-1869997015-1001_Classes\Applications\Ï0ü0É0é0ô0é0¤0Õ0.*e*x*e*\shell\open\command]
@="\"f:\\AAA P\\-n.p.-\\-n.ö-\\H4rd L0ve Life\\????????.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-27  17:48:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-27 15:48
.
Vor Suchlauf: 21 Verzeichnis(se), 340.102.955.008 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 345.280.110.592 Bytes frei
.
- - End Of File - - 6EFDD90865C0F604178B4CA33457209B

So erledigt. Weißt du was das für Dateien sind die er da gelöscht hat und wieso da irgendwas von Razer dabei ist?

EDIT: btw. irgendwie hat sich mein Kontextmenü bei nem Rechtsklick verändert, entweder sind zwischen "Öffnen mit" und dem nächsten Eintrag darüber einige Befehle verlorengegangen oder "Öffnen mit" ist irgendwie weiter nach oben gerutscht, steht im Log irgendwas dazu? Ist echt ungewohnt so.

schrauber · 28.04.2014, 08:45

Nee dazu steht dda nix, schauen wir uns nachher an.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Serjo · 07.05.2014, 19:58

So das hat jetzt etwas länger gedauert als geplant aber heute bin ich endlich dazu gekommen.

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.05.2014
Suchlauf-Zeit: 18:56:05
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.07.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Trevelyan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 329706
Verstrichene Zeit: 41 Min, 41 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.Softonic.A, HKU\S-1-5-21-973126448-2161090440-1869997015-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [2ad611ef9967e917a1f2532bee148779], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-973126448-2161090440-1869997015-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [986826da669ad7293ff02a8007fcf40c], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.OpenCandy, C:\Users\Trevelyan\AppData\Roaming\OpenCandy, In Quarantäne, [718f9f61bf41a15f190283e7eb1720e0], 
PUP.Optional.OpenCandy, C:\Users\Trevelyan\AppData\Roaming\OpenCandy\1F3FE4B06F7B4BAC8959E56791495B9D, In Quarantäne, [718f9f61bf41a15f190283e7eb1720e0], 
PUP.Optional.OpenCandy, C:\Users\Trevelyan\AppData\Roaming\OpenCandy\OpenCandy_1F3FE4B06F7B4BAC8959E56791495B9D, In Quarantäne, [718f9f61bf41a15f190283e7eb1720e0], 

Dateien: 37
Joke.Stressreducer, C:\Users\Trevelyan\Desktop\Dokumente\StressRelief.exe, Keine Aktion durch Benutzer, [e11fc0407888817fa6754a64867b857b], 
Adware.ADON, C:\Users\Trevelyan\Desktop\O.P.U.D\unlocker1.8.7.exe, Keine Aktion durch Benutzer, [fb05e917817f966a4f62b68cbc4831cf], 
Adware.Agent, C:\Users\Trevelyan\Desktop\Dokumente\verschiedenes\Install.exe, In Quarantäne, [669a6b956f91f60a885c4267f90837c9], 
PUP.Optional.Conduit.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\conduit.xml, In Quarantäne, [ce323fc114ecbf41bd6f80059a68e11f], 
PUP.Optional.OpenCandy, C:\Users\Trevelyan\AppData\Roaming\OpenCandy\1F3FE4B06F7B4BAC8959E56791495B9D\pcspeedup_oc.exe, In Quarantäne, [718f9f61bf41a15f190283e7eb1720e0], 
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst");), Ersetzt,[7b853dc3ea16d52b66f75d0c1be99e62]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), Ersetzt,[a45c2dd31ae60bf571ec6702719309f7]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");), Ersetzt,[9f615aa6e21e49b794c98adf11f335cb]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.hardId", "04230bbd000000000000d4bed98ff492");), Ersetzt,[fd03b24ec43c8b75f26b3f2a19eb44bc]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.id", "04230bbd000000000000d4bed98ff492");), Ersetzt,[a060897700008d73352877f2d92be31d]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlDay", "15356");), Ersetzt,[a35d2dd3f8086799c796aebb9371639d]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst");), Ersetzt,[4db360a07987c53bdf7e6bfef80cfc04]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");), Ersetzt,[42bebf417f8126daf06d9fcad4303ac6]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), Ersetzt,[7987e21e15eb59a78bd2fc6d31d3a060]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[9b6516ea2ed2b14f4617e287a65ee818]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), Ersetzt,[7c848977b24e1ae68bd293d63bc913ed]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base");), Ersetzt,[44bc956b6f915ea29ebfa4c5c73d08f8]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");), Ersetzt,[e61a17e930d0986890cdc2a739cb9c64]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:04:34");), Ersetzt,[eb15e91744bc46ba64f98edb3bc90af6]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");), Ersetzt,[48b822ded030679969f467025fa58779]
PUP.Optional.Conduit.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");), Ersetzt,[5ca444bc97696a964d75fd6c36cea65a]
PUP.Optional.Conduit.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");), Ersetzt,[c7398977b44c718fb50eef7a7b89da26]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");), Ersetzt,[79875ea28c7401ff9b3cc3a5857fb947]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), Ersetzt,[3bc539c7ad537a867661ed7ba262837d]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), Ersetzt,[e917a15f0cf41de36374b1b73cc8fb05]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.id", "04230bbd000000000000d4bed98ff492");), Ersetzt,[e917c43ce917a55b60773d2bb54fa15f]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.hardId", "04230bbd000000000000d4bed98ff492");), Ersetzt,[de22dd2313ed8080875080e8f90b6f91]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlDay", "15356");), Ersetzt,[a15fa15fa55b03fd488f89dfad57f60a]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");), Ersetzt,[e020b14f4ab6b947904757115ba958a8]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");), Ersetzt,[718f22de30d007f909ceff699c681ce4]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:04:34");), Ersetzt,[c63a38c8b54b50b08354392fdd2722de]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), Ersetzt,[fa0615ebef11e71930a77bed778d946c]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");), Ersetzt,[b54b50b009f7f0104d8a4721b35118e8]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst");), Ersetzt,[2cd4c23e20e08e72dcfbee7ac242c53b]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[6e92b848d42c42bea92e7eea8f751de3]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base");), Ersetzt,[df21b34d53ad000005d21157d331d12f]
PUP.Optional.Babylon.A, C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst");), Ersetzt,[23dd4eb21ee2758b1bbc4a1e3fc5e11f]

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner[S0]

Code:

ATTFilter

# AdwCleaner v3.207 - Bericht erstellt am 07/05/2014 um 20:08:48
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Trevelyan - TREVELYAN-PC
# Gestartet von : C:\Users\Trevelyan\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Conduit
[x] Nicht Gelöscht : C:\Program Files (x86)\orbitdownloader
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Trevelyan\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Trevelyan\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Trevelyan\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Trevelyan\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Trevelyan\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Trevelyan\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Trevelyan\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Trevelyan\Documents\PCSpeedUp
Ordner Gelöscht : C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\ConduitCommon
Datei Gelöscht : C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\11-suche.xml
[x] Nicht Gelöscht : C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_flv-player_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_flv-player_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nero-burning-rom_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nero-burning-rom_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_project64_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_project64_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19B3998C-00EA-47DF-A4CC-CC6BE55800F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{507AF7DC-3834-41B6-AEBF-4957ED8CAE3B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Orbit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Orbit
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0 (de)

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tzbc96xd.default\prefs.js ]


[ Datei : C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\prefs.js ]

Zeile gelöscht : user_pref("CT2319825..clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2319825.CTID", "CT2319825");
Zeile gelöscht : user_pref("CT2319825.CurrentServerDate", "18-1-2012");
Zeile gelöscht : user_pref("CT2319825.DSInstall", true);
Zeile gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2319825.DialogsGetterLastCheckTime", "Wed Jan 18 2012 06:07:29 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Wed Jan 18 2012 06:12:27 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Wed Jan 18 2012 09:07:27 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.FirstServerDate", "18-1-2012");
Zeile gelöscht : user_pref("CT2319825.FirstTime", true);
Zeile gelöscht : user_pref("CT2319825.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2319825.HPInstall", false);
Zeile gelöscht : user_pref("CT2319825.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2319825.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2319825.HomepageBeforeUnload", "www.google.at");
Zeile gelöscht : user_pref("CT2319825.Initialize", true);
Zeile gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2319825.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT2319825.InstallationId", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2319825.InstallationType", "ConduitXPEIntegration");
Zeile gelöscht : user_pref("CT2319825.InstalledDate", "Wed Jan 18 2012 06:07:24 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2319825.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT2319825.IsGrouping", false);
Zeile gelöscht : user_pref("CT2319825.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2319825.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2319825.IsProtectorsInit", true);
Zeile gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Wed Jan 18 2012 06:07:26 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2319825.LastLogin_3.9.0.3", "Wed Jan 18 2012 06:07:26 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.LatestVersion", "3.9.0.3");
Zeile gelöscht : user_pref("CT2319825.Locale", "de");
Zeile gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2319825.OriginalFirstVersion", "3.9.0.3");
Zeile gelöscht : user_pref("CT2319825.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Wed Jan 18 2012 06:07:25 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Zeile gelöscht : user_pref("CT2319825.RadioMediaID", "11949532");
Zeile gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Zeile gelöscht : user_pref("CT2319825.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2319825.RadioStationName", "1Live");
Zeile gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
Zeile gelöscht : user_pref("CT2319825.SearchCaption", "Winload Customized Web Search");
Zeile gelöscht : user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
Zeile gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Wed Jan 18 2012 06:07:28 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2319825.SearchProtectorEnabled", true);
Zeile gelöscht : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Zeile gelöscht : user_pref("CT2319825.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2319825.ServiceMapLastCheckTime", "Wed Jan 18 2012 06:07:24 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Wed Jan 18 2012 06:07:24 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1324573913");
Zeile gelöscht : user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
Zeile gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Wed Jan 18 2012 06:07:24 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Zeile gelöscht : user_pref("CT2319825.ToolbarDisabled", true);
Zeile gelöscht : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Zeile gelöscht : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2319825.UserID", "UN27300875695237173");
Zeile gelöscht : user_pref("CT2319825.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2319825.WeatherPollDate", "Wed Jan 18 2012 06:07:30 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2319825.alertChannelId", "715912");
Zeile gelöscht : user_pref("CT2319825.autoDisableScopes", 10);
Zeile gelöscht : user_pref("CT2319825.backendstorage.id", "3335373338393837");
Zeile gelöscht : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Wed Jan 18 2012 06:07:25 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2319825.initDone", true);
Zeile gelöscht : user_pref("CT2319825.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2319825.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT2319825.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2319825.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2319825.testingCtid", "");
Zeile gelöscht : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Wed Jan 18 2012 06:07:24 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Wed Jan 18 2012 06:07:26 GMT+0100");
Zeile gelöscht : user_pref("CT2319825.usagesFlag", 1);
Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825", "\"1324573914\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"1282729563\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"4bb1de6bebc9cc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"6a637346d78ccc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825", "\"e6ef4870243a7ea0555d1a72c33686a6\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"3aae6a678b3297e477982cc7ffb88828\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Trevelyan\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ur2kvkaf.default\\conduitCommon\\modules\\3.9.0.3");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 18 2012 06:07:25 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "9bdfa767-f1f8-48bc-9ab2-60dccad10d23");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jan 18 2012 06:07:29 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jan 18 2012 06:07:24 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "084339cb-a551-49b6-8570-4a164d4b77a2");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "www.google.at");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "04230bbd000000000000d4bed98ff492");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "04230bbd000000000000d4bed98ff492");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15356");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:04:34");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[S0].txt - [25352 octets] - [07/05/2014 20:08:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25413 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Trevelyan on 07.05.2014 at 20:19:22,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{25221FFD-2736-4065-AA48-37EDCED2A825}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Trevelyan\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files (x86)\orbitdownloader"
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{0538AC7A-1E66-438A-BB8C-DDEB2D941D79}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{06B3DA44-AC66-4855-9F76-94B118D8A164}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{0A0C4098-B5D2-4511-A943-8D0ED8C75B92}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{190492A0-7B82-45B8-AEA4-BEB3207BC6FA}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{19EA25C1-ED1A-4AE7-88B8-4700C82BC14D}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{1DB180A5-5DB9-4EA4-B790-D557F895A093}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{2008AC58-DE2D-4C2B-A1F9-D5E90E996128}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{2019BD62-DFD6-467F-A65E-B8791DB98AEF}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{202E9060-6CC8-42ED-93F2-AEEE7587F438}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{2F9CF309-BC91-4DD4-B59C-F03B11BDFC66}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{313CC720-F271-482E-A0D5-FD1F7E173FBF}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{3184D747-05E2-42D2-B7DB-065EE5E99C0D}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{37531588-A78D-489C-906E-ACE5551C2DC3}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{3E632DB4-6238-4923-9C57-32B5828A6170}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{3F7678C8-E47B-4272-8FE3-E526F29F2BAA}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{40D60C34-FBAF-4D43-9B26-8C13C50BB907}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{43AAF6FC-2EE4-4A19-9A72-0CACC4B2231F}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{47E97E41-FFED-41C7-8C4F-CC42C623BD8D}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{5172FE4D-4110-48B8-8DC0-0BEC847F61D5}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{527C2517-73BD-4B6D-A930-392157724BA8}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{5B8A7FAB-75B7-4587-9F30-12F3ECB6AFDF}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{5DF7D015-F923-4A2A-AE84-77CBC149DCC9}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{62F70EF7-AAD4-4971-B4A4-90E6B0BE27EF}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{6745EE43-6E32-45FE-A1D9-674D35C8E83C}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{6B83FFC6-BABD-41FA-A2C7-A0BE3A47FBDE}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{73822B0A-8650-4368-8FD4-75EB3539B6D0}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{75448577-6B1A-409F-9308-4FE49C2EA723}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{81126084-BC03-4477-8CE5-762DE15678FC}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{8333D59F-174F-4ECB-B14E-C98BE4969FA5}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{8983334B-97AB-416C-8564-456E0716E675}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{8DB667DA-B829-46D9-905B-885F06FAE022}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{8FA9F328-7D0C-4603-84A2-34CFBE2B6FB1}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{8FEAD0D8-BA1C-44C2-906B-A177769BAD1C}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{90C20A57-391F-4ED0-8114-EF03CE44C571}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{9A194D13-5C8C-4BC9-8CB4-858E1BD6CF40}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{A1BD93FF-B7AF-4179-8430-34D0D4DC5078}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{A4A36A2C-A9A6-441C-8AEA-5918F6FF3408}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{A7CFB795-C8EB-4BDB-AB2D-80E27A9AA2E6}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{BB5F3945-EC72-4B2D-97D5-99DFA6E65731}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{BE22443C-AE6B-47FE-944B-9670B8D6D67C}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{BE302AA4-6A94-454A-8CA2-0092164D7195}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{C86E653F-A3A7-468F-AB30-FE4CC2622254}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{D0776FAF-2878-4703-ADC9-A25213C0D167}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{D111A467-B1A2-4214-819F-617302143450}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{D2DA7546-5E46-4989-8FA8-45BDBC9DA184}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{D5BBF89E-6816-46D0-A805-8AA9C9ED2EA2}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{DE864C70-F14A-4B61-AEA8-A35C0D6B18A2}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{E0259961-EF7D-403B-A18B-492769975ECB}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{E760C1A8-CB8F-4641-95A6-403A13230645}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{EE48BAFE-E5F1-41CC-9DF4-60B5619C4019}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{F008A72D-906D-40EC-9E63-14B71963F4E9}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{F4A113A5-EB8C-4B97-B663-628031768508}
Successfully deleted: [Empty Folder] C:\Users\Trevelyan\appdata\local\{FBA9CF60-85F3-43A4-A036-FCEE7E2C4BF7}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Trevelyan\AppData\Roaming\mozilla\firefox\profiles\ur2kvkaf.default\user.js
Emptied folder: C:\Users\Trevelyan\AppData\Roaming\mozilla\firefox\profiles\ur2kvkaf.default\minidumps [76 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2014 at 20:24:08,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by Trevelyan (administrator) on TREVELYAN-PC on 07-05-2014 20:43:42
Running from C:\Users\Trevelyan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cloanto Corporation) C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-01-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CloantoSoftwareDirector] => C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe [370512 2013-02-01] (Cloanto Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-27] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0407-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default
FF DefaultSearchEngine: GMX Suche Österreich
FF SelectedSearchEngine: GMX Suche Ã–sterreich
FF Homepage: www.google.at
FF Keyword.URL: hxxp://go.gmx.at/tb/mff_keyurl_search/?su=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @comrade.gamespy.com/comrade - C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: NetVideoHunter - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\netvideohunter@netvideohunter.com [2014-04-12]
FF Extension: DownloadHelper - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Classic Theme Restorer - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-03]
FF Extension: Ghostery - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: FireNes - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\firenes@facundo.zaldo.xpi [2012-05-16]
FF Extension: Rotate Image - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\rotateimage@minisystems.de.xpi [2012-11-01]
FF Extension: Gutscheinaffe - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2014-02-11]
FF Extension: RightToClick - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2012-05-16]
FF Extension: Adblock Plus - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-18]
FF Extension: Greasemonkey - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF Extension: User Agent Switcher - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-01-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-27]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-27] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-11] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-27] ()
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-12] (DT Soft Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [45440 2007-01-18] ()
S3 uisp; C:\Windows\System32\Drivers\usbicp.sys [19200 2005-10-21] (Motorola)
S3 uisp; C:\Windows\SysWOW64\Drivers\usbicp.sys [162900 2001-01-04] (Motorola)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\TREVEL~1\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 20:24 - 2014-05-07 20:24 - 00007550 _____ () C:\Users\Trevelyan\Desktop\JRT.txt
2014-05-07 20:19 - 2014-05-07 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-05-07 20:14 - 2014-05-07 20:14 - 01016261 _____ (Thisisu) C:\Users\Trevelyan\Desktop\JRT.exe
2014-05-07 20:08 - 2014-05-07 20:08 - 00025502 _____ () C:\Users\Trevelyan\Desktop\AdwCleaner[S0].txt
2014-05-07 20:01 - 2014-05-07 20:01 - 00000000 __SHD () C:\Users\Trevelyan\AppData\Local\EmieUserList
2014-05-07 20:01 - 2014-05-07 20:01 - 00000000 __SHD () C:\Users\Trevelyan\AppData\Local\EmieSiteList
2014-05-07 19:20 - 2014-05-07 20:12 - 00000000 ____D () C:\AdwCleaner
2014-05-07 19:20 - 2014-05-07 19:21 - 00026991 _____ () C:\Users\Trevelyan\Desktop\AdwCleaner[R0].txt
2014-05-07 19:18 - 2014-05-07 19:18 - 01316991 _____ () C:\Users\Trevelyan\Desktop\adwcleaner.exe
2014-05-07 19:17 - 2014-05-07 19:17 - 00010584 _____ () C:\Users\Trevelyan\Desktop\mbam.txt
2014-05-07 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 23:19 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 23:19 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 15:04 - 2014-05-05 15:04 - 00000000 _____ () C:\Users\Trevelyan\Desktop\pp150.txt
2014-05-05 02:01 - 2014-05-05 02:02 - 526580975 _____ () C:\Users\Trevelyan\Desktop\Hallucinogen_Honey_Hunters_-_Hunting_mad_honey_-_documentary.mp4
2014-05-03 03:00 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 03:00 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 03:00 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 03:00 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 13:44 - 2014-04-29 13:45 - 318801585 _____ () C:\Users\Trevelyan\Desktop\Food Storage And Battery Bank that will be on Doomsday Preppers - YouTube.mp4
2014-04-29 03:35 - 2014-04-29 03:36 - 152039630 _____ () C:\Users\Trevelyan\Desktop\Prepping for SHTF My 3 Biggest Prepping Mistakes! ) What are Yours.mp4
2014-04-27 20:43 - 2014-04-27 20:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-27 20:28 - 2014-04-27 20:28 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\AVAST Software
2014-04-27 20:27 - 2014-05-06 23:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-27 20:27 - 2014-04-27 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-27 20:26 - 2014-04-27 20:26 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-27 20:26 - 2014-04-27 20:26 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-27 20:26 - 2014-04-27 20:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-27 17:48 - 2014-04-27 18:32 - 00029269 _____ () C:\ComboFix.txt
2014-04-27 17:25 - 2014-04-27 17:48 - 00000000 ____D () C:\Qoobox
2014-04-27 17:25 - 2014-04-27 17:48 - 00000000 ____D () C:\ComboFix
2014-04-27 17:25 - 2014-04-27 17:46 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 17:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-27 17:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-27 17:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-27 17:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-27 17:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-27 17:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-27 17:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-27 17:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-27 17:24 - 2014-04-27 17:24 - 05196309 ____R (Swearware) C:\Users\Trevelyan\Desktop\ComboFix.exe
2014-04-27 17:11 - 2014-02-17 08:07 - 00000426 _____ () C:\AVScanner.ini
2014-04-25 14:09 - 2014-04-25 14:10 - 652966117 _____ () C:\Users\Trevelyan\Desktop\Unreal_Tournament_-_Soundtrack_UMX.mp4
2014-04-24 14:40 - 2014-04-24 14:40 - 00001266 _____ () C:\Users\Trevelyan\Desktop\Revo Uninstaller.lnk
2014-04-24 14:40 - 2014-04-24 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-24 08:27 - 2014-04-24 08:27 - 00075012 _____ () C:\Users\Trevelyan\Desktop\Addition.txt
2014-04-24 08:26 - 2014-05-07 20:43 - 00023104 _____ () C:\Users\Trevelyan\Desktop\FRST.txt
2014-04-24 08:26 - 2014-05-07 20:43 - 00000000 ____D () C:\FRST
2014-04-24 08:25 - 2014-05-07 20:43 - 02063872 _____ (Farbar) C:\Users\Trevelyan\Desktop\FRST64.exe
2014-04-24 02:51 - 2014-05-07 19:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 02:50 - 2014-04-24 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 02:50 - 2014-04-24 02:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 02:50 - 2014-04-24 02:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-24 02:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-24 02:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-24 02:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-18 16:15 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-16 00:46 - 2014-04-27 20:43 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-16 00:46 - 2014-04-27 20:43 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-16 00:46 - 2014-04-27 20:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-16 00:45 - 2014-04-16 00:46 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 00:37 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 00:37 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 00:36 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 00:36 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 00:36 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 00:36 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 00:36 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 00:36 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 00:36 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 00:36 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 00:36 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 00:36 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 00:36 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 00:36 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 00:36 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 00:36 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 00:36 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 00:36 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 00:36 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 00:36 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 00:36 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 00:36 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 00:36 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 00:36 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 00:36 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 00:36 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 00:36 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 00:36 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 00:36 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 00:36 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 00:36 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 00:36 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 00:36 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 00:36 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 00:36 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 00:36 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 00:36 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 00:36 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 00:36 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 00:36 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 00:36 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 00:36 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 00:36 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 00:36 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 11:45 - 2014-04-18 16:52 - 00000000 ____D () C:\Users\Trevelyan\Desktop\dzss
2014-04-13 15:11 - 2014-04-13 15:11 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\CutePDF Writer
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-04-13 15:09 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
2014-04-11 19:38 - 2014-05-07 00:58 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\DayZ
2014-04-11 19:38 - 2014-04-11 19:49 - 00000000 ____D () C:\Users\Trevelyan\Documents\DayZ
2014-04-09 08:29 - 2014-04-09 08:34 - 169712019 _____ () C:\Users\Trevelyan\Desktop\RB.wmv
2014-04-09 08:29 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:29 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 08:29 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 08:29 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 08:29 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 08:29 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 08:29 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 08:29 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 08:29 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 08:29 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 08:29 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 08:29 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 08:29 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 08:21 - 2014-04-09 14:14 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Bewerbungen

==================== One Month Modified Files and Folders =======

2014-05-07 20:43 - 2014-04-24 08:26 - 00023104 _____ () C:\Users\Trevelyan\Desktop\FRST.txt
2014-05-07 20:43 - 2014-04-24 08:26 - 00000000 ____D () C:\FRST
2014-05-07 20:43 - 2014-04-24 08:25 - 02063872 _____ (Farbar) C:\Users\Trevelyan\Desktop\FRST64.exe
2014-05-07 20:35 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 20:35 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 20:31 - 2010-11-21 08:50 - 00710502 _____ () C:\Windows\system32\perfh007.dat
2014-05-07 20:31 - 2010-11-21 08:50 - 00154832 _____ () C:\Windows\system32\perfc007.dat
2014-05-07 20:31 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 20:27 - 2012-01-10 17:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-07 20:27 - 2012-01-10 17:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-07 20:27 - 2012-01-10 17:11 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-07 20:27 - 2012-01-10 15:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-07 20:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 20:27 - 2009-07-14 06:51 - 00085773 _____ () C:\Windows\setupact.log
2014-05-07 20:26 - 2012-01-10 16:54 - 01564678 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 20:24 - 2014-05-07 20:24 - 00007550 _____ () C:\Users\Trevelyan\Desktop\JRT.txt
2014-05-07 20:19 - 2014-05-07 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-05-07 20:14 - 2014-05-07 20:14 - 01016261 _____ (Thisisu) C:\Users\Trevelyan\Desktop\JRT.exe
2014-05-07 20:12 - 2014-05-07 19:20 - 00000000 ____D () C:\AdwCleaner
2014-05-07 20:10 - 2010-11-21 05:47 - 00308914 _____ () C:\Windows\PFRO.log
2014-05-07 20:08 - 2014-05-07 20:08 - 00025502 _____ () C:\Users\Trevelyan\Desktop\AdwCleaner[S0].txt
2014-05-07 20:01 - 2014-05-07 20:01 - 00000000 __SHD () C:\Users\Trevelyan\AppData\Local\EmieUserList
2014-05-07 20:01 - 2014-05-07 20:01 - 00000000 __SHD () C:\Users\Trevelyan\AppData\Local\EmieSiteList
2014-05-07 19:56 - 2012-04-04 06:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 19:21 - 2014-05-07 19:20 - 00026991 _____ () C:\Users\Trevelyan\Desktop\AdwCleaner[R0].txt
2014-05-07 19:18 - 2014-05-07 19:18 - 01316991 _____ () C:\Users\Trevelyan\Desktop\adwcleaner.exe
2014-05-07 19:17 - 2014-05-07 19:17 - 00010584 _____ () C:\Users\Trevelyan\Desktop\mbam.txt
2014-05-07 19:16 - 2014-04-24 02:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 18:57 - 2012-04-26 14:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-07 18:56 - 2012-01-18 05:00 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Skype
2014-05-07 06:13 - 2012-01-17 23:53 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\vlc
2014-05-07 03:53 - 2012-01-18 04:09 - 00000000 ____D () C:\Program Files (x86)\No23 Recorder
2014-05-07 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 00:58 - 2014-04-11 19:38 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\DayZ
2014-05-06 23:17 - 2014-04-27 20:27 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-06 09:14 - 2012-01-18 01:02 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Audacity
2014-05-06 02:52 - 2012-01-18 07:59 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-05-05 15:04 - 2014-05-05 15:04 - 00000000 _____ () C:\Users\Trevelyan\Desktop\pp150.txt
2014-05-05 02:02 - 2014-05-05 02:01 - 526580975 _____ () C:\Users\Trevelyan\Desktop\Hallucinogen_Honey_Hunters_-_Hunting_mad_honey_-_documentary.mp4
2014-05-04 03:52 - 2012-01-17 22:47 - 00000000 ____D () C:\Users\Trevelyan\Desktop\O.P.U.D
2014-05-03 17:58 - 2014-03-21 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-03 17:58 - 2012-01-17 21:17 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-03 17:58 - 2012-01-17 21:17 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-03 06:19 - 2014-02-07 20:33 - 00000253 _____ () C:\Users\Trevelyan\Desktop\Animes.txt
2014-05-01 13:12 - 2012-04-04 06:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:12 - 2012-04-04 06:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-01 13:12 - 2012-01-10 16:56 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 13:11 - 2012-01-21 18:42 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\uTorrent
2014-05-01 13:08 - 2012-02-10 23:48 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-01 13:06 - 2012-01-23 14:31 - 00000000 ____D () C:\Program Files (x86)\Trillian
2014-04-29 16:01 - 2014-05-03 03:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 03:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 13:45 - 2014-04-29 13:44 - 318801585 _____ () C:\Users\Trevelyan\Desktop\Food Storage And Battery Bank that will be on Doomsday Preppers - YouTube.mp4
2014-04-29 03:36 - 2014-04-29 03:35 - 152039630 _____ () C:\Users\Trevelyan\Desktop\Prepping for SHTF My 3 Biggest Prepping Mistakes! ) What are Yours.mp4
2014-04-27 20:50 - 2014-02-19 03:29 - 00000843 _____ () C:\Users\Trevelyan\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-04-27 20:48 - 2012-01-10 17:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-27 20:45 - 2012-02-10 23:48 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-27 20:45 - 2012-02-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-27 20:44 - 2013-10-16 23:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-27 20:44 - 2013-10-04 02:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-04-27 20:43 - 2014-04-27 20:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-27 20:43 - 2014-04-16 00:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-27 20:43 - 2014-04-16 00:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-27 20:43 - 2014-04-16 00:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-27 20:40 - 2013-02-03 19:26 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-04-27 20:38 - 2012-01-10 17:24 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-27 20:28 - 2014-04-27 20:28 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\AVAST Software
2014-04-27 20:27 - 2014-04-27 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-27 20:26 - 2014-04-27 20:26 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-27 20:26 - 2014-04-27 20:26 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-27 20:26 - 2014-04-27 20:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-27 18:32 - 2014-04-27 17:48 - 00029269 _____ () C:\ComboFix.txt
2014-04-27 17:48 - 2014-04-27 17:25 - 00000000 ____D () C:\Qoobox
2014-04-27 17:48 - 2014-04-27 17:25 - 00000000 ____D () C:\ComboFix
2014-04-27 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-27 17:46 - 2014-04-27 17:25 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 17:43 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-27 17:40 - 2009-07-14 04:34 - 98041856 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-04-27 17:40 - 2009-07-14 04:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2014-04-27 17:40 - 2009-07-14 04:34 - 27525120 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-04-27 17:40 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-04-27 17:40 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-04-27 17:40 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-04-27 17:24 - 2014-04-27 17:24 - 05196309 ____R (Swearware) C:\Users\Trevelyan\Desktop\ComboFix.exe
2014-04-27 17:21 - 2013-04-18 22:00 - 00000000 ____D () C:\Program Files\McAfee
2014-04-27 17:21 - 2012-01-10 17:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-27 17:21 - 2012-01-10 17:28 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-04-27 17:17 - 2013-04-18 22:09 - 00000000 ____D () C:\Users\Trevelyan\Documents\McAfee-Tresore
2014-04-27 17:11 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-25 15:27 - 2012-01-17 21:13 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Adobe
2014-04-25 14:10 - 2014-04-25 14:09 - 652966117 _____ () C:\Users\Trevelyan\Desktop\Unreal_Tournament_-_Soundtrack_UMX.mp4
2014-04-24 14:40 - 2014-04-24 14:40 - 00001266 _____ () C:\Users\Trevelyan\Desktop\Revo Uninstaller.lnk
2014-04-24 14:40 - 2014-04-24 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-24 08:27 - 2014-04-24 08:27 - 00075012 _____ () C:\Users\Trevelyan\Desktop\Addition.txt
2014-04-24 05:42 - 2012-04-09 04:24 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Zeug (i. vsk)
2014-04-24 05:29 - 2012-01-17 22:44 - 00000000 ___RD () C:\Users\Trevelyan\Desktop\Dokumente
2014-04-24 02:51 - 2014-04-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 02:50 - 2014-04-24 02:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 02:50 - 2014-04-24 02:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-23 04:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-22 16:13 - 2012-01-10 17:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-22 00:01 - 2012-01-17 21:35 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\ICQ
2014-04-20 15:38 - 2012-01-18 00:41 - 00000000 ____D () C:\Users\Trevelyan\dwhelper
2014-04-20 14:27 - 2012-02-10 23:02 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\XnView
2014-04-20 02:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-18 19:06 - 2012-02-16 03:42 - 00007601 _____ () C:\Users\Trevelyan\AppData\Local\Resmon.ResmonCfg
2014-04-18 16:52 - 2014-04-15 11:45 - 00000000 ____D () C:\Users\Trevelyan\Desktop\dzss
2014-04-18 16:52 - 2012-01-17 23:43 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Musik
2014-04-18 16:16 - 2013-12-05 06:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-04-18 16:15 - 2012-01-25 09:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-16 00:49 - 2012-01-18 06:39 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\Adobe
2014-04-16 00:46 - 2014-04-16 00:45 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 00:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 04:24 - 2014-05-06 23:19 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 23:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 15:11 - 2014-04-13 15:11 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\CutePDF Writer
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-04-13 15:09 - 2014-04-13 15:09 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-04-11 19:49 - 2014-04-11 19:38 - 00000000 ____D () C:\Users\Trevelyan\Documents\DayZ
2014-04-11 19:26 - 2012-01-28 07:43 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-09 14:14 - 2014-04-09 08:21 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Bewerbungen
2014-04-09 09:12 - 2012-03-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 09:11 - 2013-08-15 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 09:09 - 2012-01-24 03:38 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 08:34 - 2014-04-09 08:29 - 169712019 _____ () C:\Users\Trevelyan\Desktop\RB.wmv

Files to move or delete:
====================
C:\Users\Trevelyan\AppData\Roaming\CamLayout.ini
C:\Users\Trevelyan\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Trevelyan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-07 19:54

==================== End Of Log ============================

--- --- ---

Das Blöde ist nur dass mir das letzte Programm (JRT) ungefragt ein paar Dinge gelöscht hat die mir adwCleaner schon löschen wollte wo ich aber dann bewusst den Haken rausgenommen hab (user.js von Firefox und die ganzen Teile vom Orbit Downloader), kann ich die irgendwie wiederherstellen?

schrauber · 08.05.2014, 16:08

Nee leider nit, aber die werden nit ohne Grund gelöscht.....

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Serjo · 29.06.2014, 16:53

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=5892801ab8def34bb5c60ca4f79c6e9a
# engine=18926
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-28 02:25:57
# local_time=2014-06-28 04:25:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 1824609 5342446 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 96329 155595407 0 0
# scanned=597198
# found=24
# cleaned=0
# scan_time=12757
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\ldrtbWinl.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\prxtbWin0.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\prxtbWinl.dll.vir"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\tbWin0.dll.vir"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\tbWinl.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winload\WinloadToolbarHelper.exe.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\Winload\ldrtbWinl.dll.vir"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\Winload\tbWin0.dll.vir"
sh=68F39FDC5C97B7D3B93A4B793E3E9DAF1ED75344 ft=1 fh=c71c0011ed98cc6f vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Trevelyan\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=D128CBAF3DEF02BD11A92A43C36D540E47BF06E0 ft=1 fh=6abf192eb2d8af09 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Trevelyan\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=C88D76106C34D093167BD69B433CFF15F24CFE68 ft=1 fh=c9f8a6e51b4e4ea2 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Trevelyan\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Trevelyan\AppData\Local\Conduit\CT2319825\WinloadAutoUpdateHelper.exe.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Trevelyan\AppData\LocalLow\Winload\ldrtbWinl.dll.vir"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Trevelyan\AppData\LocalLow\Winload\tbWinl.dll.vir"
sh=73C98F1721958026BEB496BFCF15FB9A28B3B7A0 ft=1 fh=9a28cb911a364095 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Trevelyan\Desktop\O.P.U.D\Unlocker1.9.2.exe"
sh=9F030C2B210B0F563B29D9130CD4F2B0F54B7EBC ft=1 fh=800dee14d33b9cf9 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Trevelyan\Desktop\O.P.U.D\GliderBeta_141_RC1_1242\PGEdit.exe"
sh=3E0F7F24A7C3B327592EC18844AE4B9FC6B18798 ft=1 fh=09ea6e7edd02960d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Trevelyan\Desktop\O.P.U.D\unw\Alcohol 120%\Alcohol 120% v1.9.7.6221\Setup.exe"
sh=73C98F1721958026BEB496BFCF15FB9A28B3B7A0 ft=1 fh=9a28cb911a364095 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="E:\Sk\Sk. O.P.U.D 17.12.2012\Unlocker1.9.2.exe"
sh=9F030C2B210B0F563B29D9130CD4F2B0F54B7EBC ft=1 fh=800dee14d33b9cf9 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="E:\Sk\Sk. O.P.U.D 17.12.2012\GliderBeta_141_RC1_1242\PGEdit.exe"
sh=3E0F7F24A7C3B327592EC18844AE4B9FC6B18798 ft=1 fh=09ea6e7edd02960d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Sk\Sk. O.P.U.D 17.12.2012\unw\Alcohol 120%\Alcohol 120% v1.9.7.6221\Setup.exe"
sh=73C98F1721958026BEB496BFCF15FB9A28B3B7A0 ft=1 fh=9a28cb911a364095 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="H:\Sk\Sk. O.P.U.D  17.12.2012\Unlocker1.9.2.exe"
sh=9F030C2B210B0F563B29D9130CD4F2B0F54B7EBC ft=1 fh=800dee14d33b9cf9 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="H:\Sk\Sk. O.P.U.D  17.12.2012\GliderBeta_141_RC1_1242\PGEdit.exe"
sh=3E0F7F24A7C3B327592EC18844AE4B9FC6B18798 ft=1 fh=09ea6e7edd02960d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Sk\Sk. O.P.U.D  17.12.2012\unw\Alcohol 120%\Alcohol 120% v1.9.7.6221\Setup.exe"

SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 XCC Game Spy 1.10  
 JavaFX 2.1.1    
 Java 7 Update 60  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.125  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Trevelyan (administrator) on TREVELYAN-PC on 28-06-2014 18:28:08
Running from C:\Users\Trevelyan\Desktop\wtng
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cloanto Corporation) C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Valve Corporation) C:\Program Files (x86)\Valve\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-01-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CloantoSoftwareDirector] => C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe [370512 2013-02-01] (Cloanto Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0407-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-973126448-2161090440-1869997015-1001\...\RunOnce: [DeleteGrabPro] - rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files (x86)\Orbitdownloader\GrabPro.dll"
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {E7D2A249-9F24-4BDD-9383-149127987ADA} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {E7D2A249-9F24-4BDD-9383-149127987ADA} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://at.search.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google
FF Homepage: www.google.at
FF Keyword.URL: https://at.search.yahoo.com/yhs/search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @comrade.gamespy.com/comrade - C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: NetVideoHunter - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\netvideohunter@netvideohunter.com [2014-04-12]
FF Extension: DownloadHelper - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Classic Theme Restorer - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-03]
FF Extension: Ghostery - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: FireNes - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\firenes@facundo.zaldo.xpi [2012-05-16]
FF Extension: Rotate Image - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\rotateimage@minisystems.de.xpi [2012-11-01]
FF Extension: Gutscheinaffe - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2014-02-11]
FF Extension: RightToClick - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2012-05-16]
FF Extension: Adblock Plus - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-18]
FF Extension: Greasemonkey - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF Extension: User Agent Switcher - C:\Users\Trevelyan\AppData\Roaming\Mozilla\Firefox\Profiles\ur2kvkaf.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-01-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-27]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-27] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-11] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-27] ()
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-12] (DT Soft Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [45440 2007-01-18] ()
S3 uisp; C:\Windows\System32\Drivers\usbicp.sys [19200 2005-10-21] (Motorola)
S3 uisp; C:\Windows\SysWOW64\Drivers\usbicp.sys [162900 2001-01-04] (Motorola) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\TREVEL~1\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-28 18:26 - 2014-06-28 18:27 - 00000876 _____ () C:\Users\Trevelyan\Desktop\checkup.txt
2014-06-28 18:14 - 2014-06-28 18:14 - 00854367 _____ () C:\Users\Trevelyan\Desktop\SecurityCheck.exe
2014-06-28 12:21 - 2014-06-28 12:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-28 12:18 - 2014-06-28 12:20 - 02347384 _____ (ESET) C:\Users\Trevelyan\Desktop\esetsmartinstaller_deu.exe
2014-06-27 23:07 - 2014-06-27 23:07 - 00000000 ____D () C:\Users\Trevelyan\Documents\Paradox Interactive
2014-06-27 22:33 - 2014-06-27 22:33 - 00000228 _____ () C:\Users\Trevelyan\Desktop\Crusader Kings II.url
2014-06-25 07:18 - 2014-06-25 07:18 - 79652569 _____ () C:\Users\Trevelyan\Desktop\Paint.mp4
2014-06-23 01:20 - 2014-06-23 01:20 - 97067029 _____ () C:\Users\Trevelyan\Desktop\Why Are Things Creepy.mp4
2014-06-18 19:03 - 2014-06-18 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2014-06-16 22:10 - 2014-06-16 22:10 - 00000024 _____ () C:\Users\Trevelyan\Desktop\thalia.txt
2014-06-16 03:13 - 2014-06-16 03:13 - 00000284 _____ () C:\Users\Trevelyan\Desktop\111.txt
2014-06-16 01:24 - 2014-06-16 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-16 01:24 - 2014-06-16 01:24 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-16 01:23 - 2014-06-16 01:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-16 01:23 - 2014-06-16 01:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-16 01:23 - 2014-06-16 01:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-16 01:23 - 2014-06-16 01:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-16 01:23 - 2014-06-16 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-15 17:34 - 2014-06-15 17:34 - 00000000 _____ () C:\Users\Trevelyan\Desktop\sprout tower kv.txt
2014-06-14 14:59 - 2014-06-14 14:59 - 00000000 ____D () C:\Users\Trevelyan\Desktop\nar int stf
2014-06-13 15:40 - 2014-06-16 15:28 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\Adobe
2014-06-13 00:07 - 2014-06-13 00:08 - 00000000 ____D () C:\Users\Trevelyan\Desktop\dl
2014-06-12 13:44 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:44 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:44 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:44 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:44 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 13:44 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 13:44 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:44 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:44 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 13:44 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:44 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 13:44 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:44 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 13:44 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 13:44 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:44 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 13:44 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 13:44 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 13:44 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:44 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 13:44 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:44 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 13:44 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 13:44 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 13:44 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 13:44 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 13:44 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 13:44 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 13:44 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 13:44 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 13:44 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:44 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 13:44 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 13:44 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:44 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 13:44 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 13:44 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 13:44 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 13:44 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 13:44 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 13:44 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 13:44 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:44 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 13:44 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 13:44 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 13:44 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:44 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 13:44 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:44 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 13:44 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 13:44 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:44 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 13:44 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 13:44 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 13:44 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:44 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 13:44 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:44 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 13:44 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:44 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 13:44 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 13:44 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 13:44 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 13:44 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 13:44 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 13:44 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 20:21 - 2014-06-11 20:21 - 00000000 ____D () C:\Users\Trevelyan\Documents\Games for Windows - LIVE Demos
2014-06-11 20:07 - 2014-06-11 20:07 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-06-11 20:07 - 2014-06-11 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-06-11 20:07 - 2014-06-11 20:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 _____ () C:\Users\Trevelyan\Desktop\6hrs - 48; 64; 135.txt
2014-06-07 14:06 - 2014-06-07 14:06 - 00002191 _____ () C:\Users\Trevelyan\Desktop\6_Hours_of_Dark_Electronic_Music.txt
2014-06-06 18:33 - 2014-06-08 15:04 - 00000000 ____D () C:\Users\Trevelyan\Desktop\vs
2014-06-02 20:07 - 2014-06-02 20:07 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-06-02 20:07 - 2014-06-02 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-31 19:43 - 2014-05-31 19:52 - 1342312394 _____ () C:\Users\Trevelyan\Desktop\Skyrim Video.wmv
2014-05-31 19:43 - 2014-05-31 19:43 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\{1B247CC5-CD18-4423-83C0-654E75D02758}

==================== One Month Modified Files and Folders =======

2014-06-28 18:28 - 2014-05-07 21:01 - 00000000 ____D () C:\Users\Trevelyan\Desktop\wtng
2014-06-28 18:28 - 2014-04-24 08:26 - 00000000 ____D () C:\FRST
2014-06-28 18:27 - 2014-06-28 18:26 - 00000876 _____ () C:\Users\Trevelyan\Desktop\checkup.txt
2014-06-28 18:14 - 2014-06-28 18:14 - 00854367 _____ () C:\Users\Trevelyan\Desktop\SecurityCheck.exe
2014-06-28 17:56 - 2012-04-04 06:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 12:22 - 2012-01-10 16:54 - 01299274 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 12:21 - 2014-06-28 12:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-28 12:20 - 2014-06-28 12:18 - 02347384 _____ (ESET) C:\Users\Trevelyan\Desktop\esetsmartinstaller_deu.exe
2014-06-28 12:20 - 2012-01-18 05:00 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Skype
2014-06-28 08:55 - 2014-04-11 19:38 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\DayZ
2014-06-28 08:25 - 2012-01-17 21:17 - 00001137 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-28 08:25 - 2012-01-17 21:17 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-28 08:23 - 2012-03-08 23:15 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Orbit
2014-06-28 06:22 - 2010-11-21 08:50 - 00710502 _____ () C:\Windows\system32\perfh007.dat
2014-06-28 06:22 - 2010-11-21 08:50 - 00154832 _____ () C:\Windows\system32\perfc007.dat
2014-06-28 06:22 - 2009-07-14 07:13 - 01651686 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 23:07 - 2014-06-27 23:07 - 00000000 ____D () C:\Users\Trevelyan\Documents\Paradox Interactive
2014-06-27 22:41 - 2012-03-10 18:04 - 00000000 ____D () C:\ProgramData\Origin
2014-06-27 22:33 - 2014-06-27 22:33 - 00000228 _____ () C:\Users\Trevelyan\Desktop\Crusader Kings II.url
2014-06-27 22:33 - 2012-01-28 07:43 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-27 22:13 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-27 22:13 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-27 22:01 - 2012-03-10 18:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-27 22:00 - 2012-01-19 01:14 - 00000000 ____D () C:\Users\Trevelyan\Documents\My Games
2014-06-27 20:59 - 2012-01-17 23:53 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\vlc
2014-06-27 20:40 - 2014-03-18 11:46 - 00000723 _____ () C:\Users\Trevelyan\Desktop\auf i-pod + 01Empf + CSS Auflösung.txt
2014-06-27 19:27 - 2012-01-18 01:02 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Audacity
2014-06-27 19:05 - 2012-01-21 18:42 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\uTorrent
2014-06-27 17:08 - 2012-01-17 22:47 - 00000000 ____D () C:\Users\Trevelyan\Desktop\O.P.U.D
2014-06-27 11:37 - 2014-04-27 20:27 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-26 18:39 - 2012-01-18 05:23 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-26 01:52 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 01:52 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 07:18 - 2014-06-25 07:18 - 79652569 _____ () C:\Users\Trevelyan\Desktop\Paint.mp4
2014-06-23 01:20 - 2014-06-23 01:20 - 97067029 _____ () C:\Users\Trevelyan\Desktop\Why Are Things Creepy.mp4
2014-06-22 00:39 - 2012-02-16 03:42 - 00007600 _____ () C:\Users\Trevelyan\AppData\Local\Resmon.ResmonCfg
2014-06-20 00:38 - 2014-05-10 03:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 00:38 - 2012-04-26 14:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 00:33 - 2012-04-09 04:24 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Zeug (i. vsk)
2014-06-18 19:03 - 2014-06-18 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2014-06-18 19:03 - 2012-03-10 18:04 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-16 22:10 - 2014-06-16 22:10 - 00000024 _____ () C:\Users\Trevelyan\Desktop\thalia.txt
2014-06-16 15:28 - 2014-06-13 15:40 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\Adobe
2014-06-16 03:40 - 2013-01-17 15:00 - 00006144 _____ () C:\Users\Trevelyan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-16 03:13 - 2014-06-16 03:13 - 00000284 _____ () C:\Users\Trevelyan\Desktop\111.txt
2014-06-16 01:24 - 2014-06-16 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-16 01:24 - 2014-06-16 01:24 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-16 01:24 - 2012-02-10 23:48 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-16 01:24 - 2012-02-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-16 01:24 - 2012-02-10 23:48 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-16 01:23 - 2014-06-16 01:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-16 01:23 - 2014-06-16 01:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-16 01:23 - 2014-06-16 01:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-16 01:23 - 2014-06-16 01:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-16 01:23 - 2014-06-16 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-15 17:34 - 2014-06-15 17:34 - 00000000 _____ () C:\Users\Trevelyan\Desktop\sprout tower kv.txt
2014-06-14 14:59 - 2014-06-14 14:59 - 00000000 ____D () C:\Users\Trevelyan\Desktop\nar int stf
2014-06-14 00:02 - 2012-01-18 04:09 - 00000000 ____D () C:\Program Files (x86)\No23 Recorder
2014-06-13 20:22 - 2012-01-17 22:44 - 00000000 ___RD () C:\Users\Trevelyan\Desktop\Dokumente
2014-06-13 15:14 - 2012-04-04 06:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-13 15:14 - 2012-04-04 06:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-13 15:14 - 2012-01-10 16:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-13 15:11 - 2012-01-10 17:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-13 15:11 - 2012-01-10 17:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-13 15:11 - 2012-01-10 17:11 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-13 15:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 15:05 - 2009-07-14 06:51 - 00086949 _____ () C:\Windows\setupact.log
2014-06-13 15:04 - 2012-01-10 15:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-13 03:04 - 2013-08-15 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 03:04 - 2012-03-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 03:04 - 2012-01-24 03:38 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 00:42 - 2012-01-17 23:43 - 00000000 ____D () C:\Users\Trevelyan\Desktop\Musik
2014-06-13 00:39 - 2012-05-14 23:48 - 00000818 _____ () C:\Users\Trevelyan\Desktop\spiele + ar2 handy + boxen umtauschen + gute pesters + animes.txt
2014-06-13 00:08 - 2014-06-13 00:07 - 00000000 ____D () C:\Users\Trevelyan\Desktop\dl
2014-06-11 20:21 - 2014-06-11 20:21 - 00000000 ____D () C:\Users\Trevelyan\Documents\Games for Windows - LIVE Demos
2014-06-11 20:07 - 2014-06-11 20:07 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-06-11 20:07 - 2014-06-11 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-06-11 20:07 - 2014-06-11 20:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-06-11 20:06 - 2012-01-10 17:18 - 00734984 _____ () C:\Windows\DirectX.log
2014-06-08 15:04 - 2014-06-06 18:33 - 00000000 ____D () C:\Users\Trevelyan\Desktop\vs
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 _____ () C:\Users\Trevelyan\Desktop\6hrs - 48; 64; 135.txt
2014-06-07 14:06 - 2014-06-07 14:06 - 00002191 _____ () C:\Users\Trevelyan\Desktop\6_Hours_of_Dark_Electronic_Music.txt
2014-06-04 16:44 - 2012-01-17 21:35 - 00000000 ____D () C:\Users\Trevelyan\AppData\Roaming\ICQ
2014-06-02 20:07 - 2014-06-02 20:07 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-06-02 20:07 - 2014-06-02 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-31 19:52 - 2014-05-31 19:43 - 1342312394 _____ () C:\Users\Trevelyan\Desktop\Skyrim Video.wmv
2014-05-31 19:43 - 2014-05-31 19:43 - 00000000 ____D () C:\Users\Trevelyan\AppData\Local\{1B247CC5-CD18-4423-83C0-654E75D02758}
2014-05-30 16:35 - 2012-01-10 17:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-30 16:35 - 2012-01-10 17:13 - 00000000 ____D () C:\ProgramData\Skype
2014-05-30 12:21 - 2014-06-12 13:44 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 13:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 13:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 13:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 13:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 13:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 13:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 13:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 13:44 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 13:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 13:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 13:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 13:44 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 13:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 13:44 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 13:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 13:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 13:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 13:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 13:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 13:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 13:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 13:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 13:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 13:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 13:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 13:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 13:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 13:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 13:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 13:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 13:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 13:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 13:44 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 13:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 13:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 13:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 13:44 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 13:44 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 13:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 13:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 13:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 13:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 13:44 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 13:44 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 13:44 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 13:44 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 13:44 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 13:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 13:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 22:18 - 2014-01-11 17:55 - 00000000 ____D () C:\Users\Trevelyan\Desktop\bw

Files to move or delete:
====================
C:\Users\Trevelyan\AppData\Roaming\CamLayout.ini
C:\Users\Trevelyan\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Trevelyan\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Trevelyan\AppData\Local\Temp\drm_dyndata_7380007.dll
C:\Users\Trevelyan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-16 03:53

==================== End Of Log ============================

--- --- ---

Zitat:

und ein frisches FRST log bitte. Noch Probleme?

Bis jetzt hat sich eigentlich nicht viel geändert, Punkt 1 & 5 kamen bisher seit dem Antivirus-wechsel nicht mehr vor, könnte also an McAfee gelegen haben (habe jetzt AVAST). Punkt 2, 3 und 4 kommen weiterhin vor, und zu Punkt 6 und dem letzten Punkt mit dem "Datei-empfangen"-Sound von Skype kann ich nichts sagen weil diese Dinge bisher nur sehr selten und an zufälligen Zeitpunkten vorkamen, sie lassen sich also nicht rekonstruieren, somit weiß ich auch nicht ob es behoben ist oder nicht.

schrauber · 30.06.2014, 11:42

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\.DEFAULT\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0407-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Rest sind keine Malware-Probleme.

http://www.trojaner-board.de/126216-...epair-aio.html

Das mal laufen lassen.

Serjo · 30.06.2014, 19:48

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by Trevelyan at 2014-06-30 20:47:02 Run:1
Running from C:\Users\Trevelyan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0407-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-0011-0000-0000-0000000FF1CE} => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90120000-0030-0000-0000-0000000FF1CE} => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-0018-0409-0000-0000000FF1CE} => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-0018-0407-0000-0000000FF1CE} => value deleted successfully.

==== End of Fixlog ====

Das mit Java begreif ich grad nicht, bei mir steht hier dass ich Java 7 Update 60 habe, was sowohl laut AVAST als auch laut der Java-Seite selbst die aktuellste Version ist, und die habe ich schon länger, verstehe also nicht wieso mir das als veraltet angezeigt wird oO Wird wohl nicht daran liegen dass ich es in Firefox deaktiviert hatte oder?

schrauber · 01.07.2014, 13:34

deinstalliere alle alte Java Versionen, dann Version 8 installieren.

25.04.2014, 09:11	#7
schrauber /// the machine /// TB-Ausbilder	Erhalte Skypes "Datei empfangen"-Sound einfach so Deinstalliere mal McAfee komplett. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

01.07.2014, 13:34	#15
schrauber /// the machine /// TB-Ausbilder	Erhalte Skypes "Datei empfangen"-Sound einfach so deinstalliere alle alte Java Versionen, dann Version 8 installieren. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Erhalte Skypes "Datei empfangen"-Sound einfach so

Plagegeister aller Art und deren Bekämpfung: Erhalte Skypes "Datei empfangen"-Sound einfach so